Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grype for openSUSE:Factory checked in at 2022-06-28 15:21:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grype (Old) and /work/SRC/openSUSE:Factory/.grype.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype" Tue Jun 28 15:21:49 2022 rev:3 rq:985333 version:0.40.1 Changes: -------- --- /work/SRC/openSUSE:Factory/grype/grype.changes 2022-06-23 10:25:30.631820842 +0200 +++ /work/SRC/openSUSE:Factory/.grype.new.1548/grype.changes 2022-06-28 15:22:02.421912658 +0200 @@ -1,0 +2,9 @@ +Mon Jun 27 13:20:36 UTC 2022 - [email protected] + +- Update to version 0.40.1: + * update syft => v0.49.0 (#804) + * remove oss meetup message (#799) + * fix: add fixed versions to cyclonedxjson output (#763) + * docs: update to include php (#793) + +------------------------------------------------------------------- Old: ---- grype-0.40.0.tar.gz New: ---- grype-0.40.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grype.spec ++++++ --- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.701917554 +0200 +++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.705917561 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: grype -Version: 0.40.0 +Version: 0.40.1 Release: 0 Summary: A vulnerability scanner for container images and filesystems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.745917620 +0200 +++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.749917626 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/anchore/grype</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.40.0</param> + <param name="revision">v0.40.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -17,7 +17,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="disabled"> - <param name="archive">grype-0.40.0.tar.gz</param> + <param name="archive">grype-0.40.1.tar.gz</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.773917662 +0200 +++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.777917668 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/grype</param> - <param name="changesrevision">0703bae9778e661e2cc21d5caa816cda30472b14</param></service></servicedata> + <param name="changesrevision">82c0146b0a60f7bb4309190ff898135af16a68ba</param></service></servicedata> (No newline at EOF) ++++++ grype-0.40.0.tar.gz -> grype-0.40.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/README.md new/grype-0.40.1/README.md --- old/grype-0.40.0/README.md 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/README.md 2022-06-24 20:30:36.000000000 +0200 @@ -12,14 +12,6 @@ A vulnerability scanner for container images and filesystems. Easily [install the binary](#installation) to try it out. Works with [Syft](https://github.com/anchore/syft), the powerful SBOM (software bill of materials) tool for container images and filesystems. -### Join our Virtual OSS Meetup! - -You are invited to join us on June 15th, 11AM-Noon PT for our virtual open source meetup. - -Hosts Amy Bass from Docker Desktop and Christopher Phillips from Anchore OSS will explore how Docker Extensions for Docker Desktop is supporting open source projects and we???ll have the latest update on Syft: in-toto attestations. - -[Register here ->](https://get.anchore.com/anchore-oss-meetup-jun-15-2022/) - ### Join our community meetings! - Calendar: https://calendar.google.com/calendar/u/0/r?cid=Y182OTM4dGt0MjRtajI0NnNzOThiaGtnM29qNEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t @@ -48,6 +40,7 @@ - Python (Egg, Wheel, Poetry, requirements.txt/setup.py files) - Dotnet (deps.json) - Golang (go.mod) + - PHP (composer.json) - Supports Docker and OCI image formats - Consume SBOM [attestations](https://github.com/anchore/syft#sbom-attestation). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/go.mod new/grype-0.40.1/go.mod --- old/grype-0.40.0/go.mod 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/go.mod 2022-06-24 20:30:36.000000000 +0200 @@ -3,7 +3,7 @@ go 1.18 require ( - github.com/CycloneDX/cyclonedx-go v0.5.2 + github.com/CycloneDX/cyclonedx-go v0.6.0 github.com/Masterminds/sprig/v3 v3.2.2 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d github.com/adrg/xdg v0.2.1 @@ -11,7 +11,7 @@ github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 - github.com/anchore/syft v0.48.1 + github.com/anchore/syft v0.49.0 github.com/bmatcuk/doublestar/v2 v2.0.4 github.com/docker/docker v20.10.12+incompatible github.com/dustin/go-humanize v1.0.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/go.sum new/grype-0.40.1/go.sum --- old/grype-0.40.0/go.sum 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/go.sum 2022-06-24 20:30:36.000000000 +0200 @@ -166,8 +166,8 @@ github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.5.2 h1:CkdGw2R/tZWmEbSypJVZG+3+2SAsDjJirfIrG/RbIVg= -github.com/CycloneDX/cyclonedx-go v0.5.2/go.mod h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg= +github.com/CycloneDX/cyclonedx-go v0.6.0 h1:SizWGbZzFTC/O/1yh072XQBMxfvsoWqd//oKCIyzFyE= +github.com/CycloneDX/cyclonedx-go v0.6.0/go.mod h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= @@ -255,8 +255,8 @@ github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963/go.mod h1:AVRyXOUP0hTz9Cb8OlD1XnwA8t4lBPfTuwPHmEUuiLc= github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 h1:TSRA7gtuia3eyleTO3t7iPU+9xHbdSaufoUFNQUwUXo= github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI= -github.com/anchore/syft v0.48.1 h1:tBJicJQVvaDTdgQB9hVgXLl+gb6C3RIQ8THp11C9Riw= -github.com/anchore/syft v0.48.1/go.mod h1:lQ90VDNtxYK09F+/6hs5b2FSpnT+1/eLy+Z8ap6jsSo= +github.com/anchore/syft v0.49.0 h1:C+ol3K5K1UDgzRAAdHt+dWglex9lAV+JQMotM10HR0s= +github.com/anchore/syft v0.49.0/go.mod h1:bo4IP6CDEnITW3WDy0Sefyg0GpvRPPcmkzB4cLGkcqs= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden --- old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<bom xmlns="http://cyclonedx.org/schema/bom/1.2"; xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1" serialNumber="urn:uuid:0138c6f2-5889-4133-ac0f-9fa5a32e809d"> +<bom xmlns="http://cyclonedx.org/schema/bom/1.2"; xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1" serialNumber="urn:uuid:5eadecca-0f28-4921-b71a-f0e62398f8ef"> <metadata> - <timestamp>2022-04-29T13:18:20-04:00</timestamp> + <timestamp>2022-06-09T23:40:38Z</timestamp> <tools> <tool> <vendor>anchore</vendor> @@ -19,7 +19,7 @@ <name>package-1</name> <version>1.0.1</version> <v:vulnerabilities> - <v:vulnerability ref="urn:uuid:085fac9a-3a94-4351-8bb8-1f8501bd97c3"> + <v:vulnerability ref="urn:uuid:60c1e44a-2318-45b0-a8d0-7d4d510c3c59"> <v:id>CVE-1999-0001</v:id> <v:source name="source-1"> <v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001</v:url> @@ -55,7 +55,7 @@ </license> </licenses> <v:vulnerabilities> - <v:vulnerability ref="urn:uuid:df1e7103-70b4-49ae-9b01-de42668796fa"> + <v:vulnerability ref="urn:uuid:c7b09c89-9962-4f1f-b607-9eff52105113"> <v:id>CVE-1999-0002</v:id> <v:source name="source-2"> <v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002</v:url> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden --- old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<bom xmlns="http://cyclonedx.org/schema/bom/1.2"; xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1" serialNumber="urn:uuid:34a6630d-fe2b-4b08-856a-4a6292be7538"> +<bom xmlns="http://cyclonedx.org/schema/bom/1.2"; xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1" serialNumber="urn:uuid:70c09618-13d4-4239-965f-4e6dea3755a8"> <metadata> - <timestamp>2022-04-29T13:18:20-04:00</timestamp> + <timestamp>2022-06-09T23:40:38Z</timestamp> <tools> <tool> <vendor>anchore</vendor> @@ -19,7 +19,7 @@ <name>package-1</name> <version>1.0.1</version> <v:vulnerabilities> - <v:vulnerability ref="urn:uuid:bc893913-42f8-4893-8c23-a6ffeef407f8"> + <v:vulnerability ref="urn:uuid:1097357f-f654-4e53-bc54-5f9f3dae8898"> <v:id>CVE-1999-0001</v:id> <v:source name="source-1"> <v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001</v:url> @@ -55,7 +55,7 @@ </license> </licenses> <v:vulnerabilities> - <v:vulnerability ref="urn:uuid:a9d707b3-a31e-44e2-9a53-77c1f572d053"> + <v:vulnerability ref="urn:uuid:8f844ffc-014c-4440-a5b2-649c2f1323aa"> <v:id>CVE-1999-0002</v:id> <v:source name="source-2"> <v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002</v:url> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden --- old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:2d84ad26-3a86-4e91-8cd6-36651c666b01", + "serialNumber": "urn:uuid:bab41c93-7506-4d43-a9e7-44a51a43be95", "version": 1, "metadata": { - "timestamp": "2022-04-29T13:18:21-04:00", + "timestamp": "2022-06-09T23:40:38Z", "tools": [ { "vendor": "anchore", @@ -69,7 +69,8 @@ { "ref": "package-1-id" } - ] + ], + "properties": [] }, { "id": "CVE-1999-0002", @@ -96,7 +97,8 @@ { "ref": "package-2-id" } - ] + ], + "properties": [] } ] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden --- old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<bom xmlns="http://cyclonedx.org/schema/bom/1.4"; serialNumber="urn:uuid:ae1948c7-fda4-4af7-945f-839b933e2e64" version="1"> +<bom xmlns="http://cyclonedx.org/schema/bom/1.4"; serialNumber="urn:uuid:e59512d8-825c-4792-851d-aed502e9b99b" version="1"> <metadata> - <timestamp>2022-04-29T13:18:21-04:00</timestamp> + <timestamp>2022-06-09T23:40:39Z</timestamp> <tools> <tool> <vendor>anchore</vendor> @@ -58,6 +58,7 @@ <ref>package-1-id</ref> </target> </affects> + <properties></properties> </vulnerability> <vulnerability> <id>CVE-1999-0002</id> @@ -85,6 +86,7 @@ <ref>package-2-id</ref> </target> </affects> + <properties></properties> </vulnerability> </vulnerabilities> </bom> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden --- old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid:307601b7-a1bb-4dcd-9a4a-c9ee41f556e8", + "serialNumber": "urn:uuid:70c98fca-03d9-43ed-96a1-5a915c50d88b", "version": 1, "metadata": { - "timestamp": "2022-04-29T13:18:21-04:00", + "timestamp": "2022-06-09T23:40:38Z", "tools": [ { "vendor": "anchore", @@ -70,7 +70,8 @@ { "ref": "package-1-id" } - ] + ], + "properties": [] }, { "id": "CVE-1999-0002", @@ -97,7 +98,8 @@ { "ref": "package-2-id" } - ] + ], + "properties": [] } ] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden --- old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden 2022-06-24 20:30:36.000000000 +0200 @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<bom xmlns="http://cyclonedx.org/schema/bom/1.4"; serialNumber="urn:uuid:079a3c2f-34ac-464b-a5c9-c3ddba189c52" version="1"> +<bom xmlns="http://cyclonedx.org/schema/bom/1.4"; serialNumber="urn:uuid:4ffe8b79-1a2d-4fb4-b47c-4be38a8a6f10" version="1"> <metadata> - <timestamp>2022-04-29T13:18:21-04:00</timestamp> + <timestamp>2022-06-09T23:40:38Z</timestamp> <tools> <tool> <vendor>anchore</vendor> @@ -59,6 +59,7 @@ <ref>package-1-id</ref> </target> </affects> + <properties></properties> </vulnerability> <vulnerability> <id>CVE-1999-0002</id> @@ -86,6 +87,7 @@ <ref>package-2-id</ref> </target> </affects> + <properties></properties> </vulnerability> </vulnerabilities> </bom> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability.go new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability.go --- old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability.go 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability.go 2022-06-24 20:30:36.000000000 +0200 @@ -7,6 +7,7 @@ "github.com/CycloneDX/cyclonedx-go" + v3 "github.com/anchore/grype/grype/db/v3" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/vulnerability" "github.com/anchore/grype/internal/log" @@ -92,11 +93,23 @@ Analysis: &cyclonedx.VulnerabilityAnalysis{ State: cyclonedx.IASInTriage, }, + Properties: makeProperties(m.Vulnerability.Fix), } return v, nil } +func makeProperties(fix vulnerability.Fix) *[]cyclonedx.Property { + properties := []cyclonedx.Property{} + if fix.State == v3.FixedState { + properties = append(properties, cyclonedx.Property{ + Name: "grype:fixed_versions", + Value: strings.Join(fix.Versions, ","), + }) + } + return &properties +} + func makeVulnerabilityURL(id string) string { if strings.HasPrefix(id, "CVE-") { return fmt.Sprintf("http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s";, id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability_test.go new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability_test.go --- old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability_test.go 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability_test.go 2022-06-24 20:30:36.000000000 +0200 @@ -7,6 +7,7 @@ "github.com/CycloneDX/cyclonedx-go" "github.com/stretchr/testify/assert" + v3 "github.com/anchore/grype/grype/db/v3" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/pkg" "github.com/anchore/grype/grype/vulnerability" @@ -144,3 +145,59 @@ }) } } + +func TestNewVulnerability_AddsFixedVersion(t *testing.T) { + tests := []struct { + name string + match match.Match + metadataProvider *metadataProvider + expected *[]cyclonedx.Property + }{ + { + name: "No known fixed version", + match: match.Match{ + Vulnerability: vulnerability.Vulnerability{ + Fix: vulnerability.Fix{ + State: v3.NotFixedState, + Versions: []string{}, + }, + }, + Package: pkg.Package{}, + Details: nil, + }, + metadataProvider: &metadataProvider{}, + expected: &[]cyclonedx.Property{}, + }, + { + name: "Multiple known fixed versions", + match: match.Match{ + Vulnerability: vulnerability.Vulnerability{ + Fix: vulnerability.Fix{ + State: v3.FixedState, + Versions: []string{ + "v0.1.2", + "v1.3.7", + }, + }, + }, + Package: pkg.Package{}, + Details: nil, + }, + metadataProvider: &metadataProvider{}, + expected: &[]cyclonedx.Property{ + { + Name: "grype:fixed_versions", + Value: "v0.1.2,v1.3.7", + }, + }, + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + actual, err := NewVulnerability(test.match, test.metadataProvider) + + assert.NoError(t, err) + assert.Equal(t, test.expected, actual.Properties) + }) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden --- old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden 2022-06-24 20:30:36.000000000 +0200 @@ -4,32 +4,32 @@ "type": "image", "target": { "userInput": "user-input", - "imageID": "sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4", - "manifestDigest": "sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7", + "imageID": "sha256:246ef3801c405d00860df5ca7f27c11341a12d28ab2086895d60219a72248c21", + "manifestDigest": "sha256:64305b9c7d8f3db2b7d3e6300e628b792d6cda3ee569b4abae14db94b35e3aca", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ - "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" + "stereoscope-fixture-image-simple:8bf57eca4a51a7828d9fb4a01690d5c4fbd299732dec4688e2c70f355a15ed47" ], - "imageSize": 65, + "imageSize": 66, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe", + "digest": "sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815", "size": 22 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa", + "digest": "sha256:b6d872cc96150a8b7b3b22d592ea9453ab2b9ed6f9a17cd2c01ae4e7a8a783d7", "size": 16 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac", - "size": 27 + "digest": "sha256:65c14ab5af02457f40ad40183874583a6c95be852974ccd3630ff72c3dd9e653", + "size": 28 } ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1M zA4NzNhYyJ9XX0=", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2F jZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=", + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxODA5LCJkaWdlc3QiOiJzaGEyNTY6MjQ2ZWYzODAxYzQwNWQwMDg2MGRmNWNhN2YyN2MxMTM0MWExMmQyOGFiMjA4Njg5NWQ2MDIxOWE3MjI0OGMyMSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM 2RkOWU2NTMifV19", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjoxZDU4ZWYxMjIzZDI0MmQ2MjU0NGVkMjkwNjJhNzA2ODQyNjdhYmExYzZmZTQzYzNhYWJhYjE0Mjc0NWU2OTk3IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA 4MTlmYWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjFkNThlZjEyMjNkMjQyZDYyNTQ0ZWQyOTA2MmE3MDY4NDI2N2FiYTFjNmZlNDNjM2FhYmFiMTQyNzQ1ZTY5OTciLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDIuMDM3MDI5NjAyWiIsImRvY2tlcl92ZXJzaW9uIjoiMjAuMTAuMTciLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMi0wNi0wOVQyMzozODo0MS44MDY0ODU5MDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOjNiYmYxZGFjYWNhODlkNDU4N2UyNGQzNTRhNTRjYzZkYzM3ODEzMDhiNjUyODYxNTZhODYxOWI5Yjc2YTg1MDcgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDEuOTE1NDc1MzEzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpjNmI5NTJjNTA0ODcyYTFiYmJlYjE0MjAwNDlhNWNhNGU1ZGNlOWFmNzA4NjYwN2ZmZGI5MDhiNDI2NjIwYWE3IGluIC9zb21lZmlsZS0yLnR4dCAifSx7ImNyZWF0ZWQiOiIyMDIyLTA2LTA5VDIzOjM4OjQyLjAzNzAyOTYwMloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA4MTlm YWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSIsInNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3Iiwic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM2RkOWU2NTMiXX19", "repoDigests": [], "architecture": "", "os": "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden --- old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden 2022-06-17 17:45:33.000000000 +0200 +++ new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden 2022-06-24 20:30:36.000000000 +0200 @@ -48,7 +48,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" + "layerID": "sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815" } ], "language": "", @@ -117,7 +117,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" + "layerID": "sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815" } ], "language": "", @@ -174,7 +174,7 @@ "locations": [ { "path": "/somefile-1.txt", - "layerID": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe" + "layerID": "sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815" } ], "language": "", @@ -200,32 +200,32 @@ "type": "image", "target": { "userInput": "user-input", - "imageID": "sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4", - "manifestDigest": "sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7", + "imageID": "sha256:246ef3801c405d00860df5ca7f27c11341a12d28ab2086895d60219a72248c21", + "manifestDigest": "sha256:64305b9c7d8f3db2b7d3e6300e628b792d6cda3ee569b4abae14db94b35e3aca", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ - "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" + "stereoscope-fixture-image-simple:8bf57eca4a51a7828d9fb4a01690d5c4fbd299732dec4688e2c70f355a15ed47" ], - "imageSize": 65, + "imageSize": 66, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe", + "digest": "sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815", "size": 22 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa", + "digest": "sha256:b6d872cc96150a8b7b3b22d592ea9453ab2b9ed6f9a17cd2c01ae4e7a8a783d7", "size": 16 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", - "digest": "sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac", - "size": 27 + "digest": "sha256:65c14ab5af02457f40ad40183874583a6c95be852974ccd3630ff72c3dd9e653", + "size": 28 } ], - "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1M zA4NzNhYyJ9XX0=", - "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2F jZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=", + "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxODA5LCJkaWdlc3QiOiJzaGEyNTY6MjQ2ZWYzODAxYzQwNWQwMDg2MGRmNWNhN2YyN2MxMTM0MWExMmQyOGFiMjA4Njg5NWQ2MDIxOWE3MjI0OGMyMSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM 2RkOWU2NTMifV19", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjoxZDU4ZWYxMjIzZDI0MmQ2MjU0NGVkMjkwNjJhNzA2ODQyNjdhYmExYzZmZTQzYzNhYWJhYjE0Mjc0NWU2OTk3IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA 4MTlmYWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjFkNThlZjEyMjNkMjQyZDYyNTQ0ZWQyOTA2MmE3MDY4NDI2N2FiYTFjNmZlNDNjM2FhYmFiMTQyNzQ1ZTY5OTciLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDIuMDM3MDI5NjAyWiIsImRvY2tlcl92ZXJzaW9uIjoiMjAuMTAuMTciLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMi0wNi0wOVQyMzozODo0MS44MDY0ODU5MDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOjNiYmYxZGFjYWNhODlkNDU4N2UyNGQzNTRhNTRjYzZkYzM3ODEzMDhiNjUyODYxNTZhODYxOWI5Yjc2YTg1MDcgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDEuOTE1NDc1MzEzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpjNmI5NTJjNTA0ODcyYTFiYmJlYjE0MjAwNDlhNWNhNGU1ZGNlOWFmNzA4NjYwN2ZmZGI5MDhiNDI2NjIwYWE3IGluIC9zb21lZmlsZS0yLnR4dCAifSx7ImNyZWF0ZWQiOiIyMDIyLTA2LTA5VDIzOjM4OjQyLjAzNzAyOTYwMloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA4MTlm YWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSIsInNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3Iiwic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM2RkOWU2NTMiXX19", "repoDigests": [], "architecture": "", "os": "" Binary files old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden and new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/grype/vendor.tar.gz /work/SRC/openSUSE:Factory/.grype.new.1548/vendor.tar.gz differ: char 5, line 1
