commit grype for openSUSE:Factory

Source-Sync Thu, 06 Mar 2025 05:53:46 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package grype for openSUSE:Factory checked 
in at 2025-03-06 14:49:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
 and      /work/SRC/openSUSE:Factory/.grype.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "grype"

Thu Mar  6 14:49:10 2025 rev:84 rq:1250553 version:0.88.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes      2025-01-23 
18:04:36.450139561 +0100
+++ /work/SRC/openSUSE:Factory/.grype.new.19136/grype.changes   2025-03-06 
14:50:01.436698625 +0100
@@ -1,0 +2,127 @@
+Thu Mar 06 06:18:47 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.88.0:
+  * Enumerate version ranges within a single match (don't
+    duplicate) (#2502)
+  * Fix CPE target software filtering + improve logging (#2494)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.7 to
+    7.0.8 (#2501)
+  * test: update quality gate db to latest version (#2495)
+  * chore(deps): update tools to latest versions (#2496)
+  * ensure azurelinux ids get same version processing as mariner
+    (#2499)
+  * ensure azure linux has 0 minor version (#2498)
+  * cover mariner and ubuntu namespace conversion (#2497)
+  * Add KEV & EPSS to db search schema (#2481)
+  * Refactor presenters to use static model over dynamic lookups
+    (#2492)
+  * feat: enable v6 database (#2439)
+  * fix(java): error out on maven search rate limiting (#2460)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.3
+    to 1.3.4 (#2484)
+  * chore(deps): bump github.com/docker/docker (#2485)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2490)
+  * chore(deps): bump actions/cache from 4.2.1 to 4.2.2 (#2491)
+  * chore(deps): update tools to latest versions (#2487)
+  * fix: golang 1.24 version handling (#2486)
+  * chore: update syft to 1.20 (#2473)
+  * chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
+    (#2477)
+  * chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
+    (#2475)
+  * chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
+    (#2478)
+  * chore(deps): bump peter-evans/create-pull-request from 7.0.6 to
+    7.0.7 (#2479)
+  * chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10
+    (#2480)
+  * Add EPSS models to the v6 DB (#2472)
+  * fix: add explicit igore for problematic CVE-2023-45853 (#2474)
+  * Add KEV information to v6 DB (#2464)
+  * Add CPE provider (#2463)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2467)
+  * chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (#2469)
+  * detect when DB rehydration is necessary (#2470)
+  * chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
+    (#2468)
+  * chore(deps): update tools to latest versions (#2465)
+  * chore(deps): bump github.com/docker/docker (#2466)
+  * chore(deps): update tools to latest versions (#2433)
+  * chore: update rpm modularity to string pointer (#2458)
+  * fix jenkins plugins (#2457)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.10
+    to 0.5.11 (#2453)
+  * chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
+    (#2454)
+  * Additional ecosystem related v6 fixes (#2450)
+  * chore(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
+    (#2437)
+  * add language mapping to konwn pkg spec override (#2448)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.2
+    to 1.3.3 (#2447)
+  * feat: update to go 1.24.x (#2441)
+  * Add more logging and fix search by CPE (#2444)
+  * fix: only log matcher errors (#2442)
+  * chore: update runners to ubuntu-24.04 (#2440)
+  * fix: exclude unknown packages from CPE target software
+    component filter logic (#2438)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.0
+    to 1.3.2 (#2436)
+  * More complete severity parsing for v6 DBs (#2431)
+  * remove DB v3 and v4 schema code (#2435)
+  * feat: v6 database support, updated matcher interfaces (#2311)
+  * add optional ID to reference + advisory tag const (#2432)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.9 to
+    0.5.10 (#2430)
+  * chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9
+    (#2429)
+  * chore(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
+    (#2424)
+  * chore(deps): update tools to latest versions (#2425)
+  * chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4
+    to 1.3.0 (#2426)
+  * chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
+    (#2427)
+  * test: update quality gate db to latest version (#2420)
+  * chore(deps): update tools to latest versions (#2419)
+  * docs(config): add GRYPE_CONFIG docs (#2380)
+  * feat: output compact JSON by default with option for pretty
+    format (#2406)
+  * chore(deps): update tools to latest versions (#2417)
+  * chore(deps): bump github/codeql-action from 3.28.7 to 3.28.8
+    (#2416)
+  * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.8 to
+    0.5.9 (#2413)
+  * docs: flip descriptions to correct documentation (#2414)
+  * chore(deps): bump github/codeql-action from 3.28.6 to 3.28.7
+    (#2415)
+  * chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6
+    (#2410)
+  * chore(deps): bump actions/setup-python in
+    /.github/actions/bootstrap (#2411)
+  * feat(external-sources): make maven rate limit configurable
+    (#2397)
+  * chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5
+    (#2407)
+  * chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4
+    (#2405)
+  * chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0
+    (#2404)
+  * Performance enhancements for DB v6 writes (#2394)
+  * chore(deps): update tools to latest versions (#2395)
+  * chore(deps): bump actions/setup-python in
+    /.github/actions/bootstrap (#2398)
+  * chore(deps): bump actions/cache in /.github/actions/bootstrap
+    (#2400)
+  * chore(deps): bump actions/setup-go in
+    /.github/actions/bootstrap (#2399)
+  * chore(deps): bump github/codeql-action from 3.28.2 to 3.28.3
+    (#2401)
+  * chore(deps): bump github.com/docker/docker (#2402)
+  * chore(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#2403)
+  * chore(ci): fix composite GitHub action path in dependabot
+    config (#2396)
+
+-------------------------------------------------------------------

Old:
----
  grype-0.87.0.obscpio

New:
----
  grype-0.88.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.Gstctm/_old  2025-03-06 14:50:04.360821251 +0100
+++ /var/tmp/diff_new_pack.Gstctm/_new  2025-03-06 14:50:04.372821754 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           grype
-Version:        0.87.0
+Version:        0.88.0
 Release:        0
 Summary:        A vulnerability scanner for container images and filesystems
 License:        Apache-2.0
@@ -26,7 +26,7 @@
 Source1:        vendor.tar.gz
 BuildRequires:  bash-completion
 BuildRequires:  fish
-BuildRequires:  go >= 1.23
+BuildRequires:  go >= 1.24
 BuildRequires:  zsh
 
 %description

++++++ _service ++++++
--- /var/tmp/diff_new_pack.Gstctm/_old  2025-03-06 14:50:04.664834000 +0100
+++ /var/tmp/diff_new_pack.Gstctm/_new  2025-03-06 14:50:04.700835510 +0100
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/anchore/grype</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.87.0</param>
+    <param name="revision">v0.88.0</param>
     <param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Gstctm/_old  2025-03-06 14:50:04.828840878 +0100
+++ /var/tmp/diff_new_pack.Gstctm/_new  2025-03-06 14:50:04.880843059 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/grype</param>
-              <param 
name="changesrevision">247f5d72abf2131aa37f3164a98495c121b29029</param></service></servicedata>
+              <param 
name="changesrevision">6ee276f0c8363518c08b8d48fae302ee6001c295</param></service></servicedata>
 (No newline at EOF)
 

++++++ grype-0.87.0.obscpio -> grype-0.88.0.obscpio ++++++
++++ 55729 lines of diff (skipped)

++++++ grype.obsinfo ++++++
--- /var/tmp/diff_new_pack.Gstctm/_old  2025-03-06 14:50:14.629251869 +0100
+++ /var/tmp/diff_new_pack.Gstctm/_new  2025-03-06 14:50:14.629251869 +0100
@@ -1,5 +1,5 @@
 name: grype
-version: 0.87.0
-mtime: 1737577868
-commit: 247f5d72abf2131aa37f3164a98495c121b29029
+version: 0.88.0
+mtime: 1741192003
+commit: 6ee276f0c8363518c08b8d48fae302ee6001c295
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.grype.new.19136/vendor.tar.gz differ: char 5, line 1

commit grype for openSUSE:Factory

Reply via email to