Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grype for openSUSE:Factory checked
in at 2025-06-13 18:45:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
and /work/SRC/openSUSE:Factory/.grype.new.19631 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype"
Fri Jun 13 18:45:17 2025 rev:93 rq:1285307 version:0.94.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes 2025-06-11
16:26:32.812525762 +0200
+++ /work/SRC/openSUSE:Factory/.grype.new.19631/grype.changes 2025-06-13
18:45:38.803309529 +0200
@@ -1,0 +2,15 @@
+Fri Jun 13 04:52:37 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.94.0:
+ * Added Features
+ - Add echo os to grype [#2647 @orizerah]
+ * Bug Fixes
+ - Nonroot can't load local docker image with docker socket bind
+ [#2721 #2723 @kzantow]
+ - "Harden Container Runtime with Non-Root User" breaks --output
+ usage [#2720 #2723 @kzantow]
+ * Dependencies
+ - chore(deps): update anchore dependencies (#2726)
+ - chore(deps): update tools to latest versions (#2722)
+
+-------------------------------------------------------------------
Old:
----
grype-0.93.0.obscpio
New:
----
grype-0.94.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.Hf6tEe/_old 2025-06-13 18:45:41.279410739 +0200
+++ /var/tmp/diff_new_pack.Hf6tEe/_new 2025-06-13 18:45:41.283410903 +0200
@@ -17,7 +17,7 @@
Name: grype
-Version: 0.93.0
+Version: 0.94.0
Release: 0
Summary: A vulnerability scanner for container images and filesystems
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Hf6tEe/_old 2025-06-13 18:45:41.319412374 +0200
+++ /var/tmp/diff_new_pack.Hf6tEe/_new 2025-06-13 18:45:41.323412538 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/anchore/grype</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.93.0</param>
+ <param name="revision">v0.94.0</param>
<param name="match-tag">v*</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Hf6tEe/_old 2025-06-13 18:45:41.347413519 +0200
+++ /var/tmp/diff_new_pack.Hf6tEe/_new 2025-06-13 18:45:41.351413682 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/grype</param>
- <param
name="changesrevision">c4acc50c1a739140d245cf39a298b1cac7920261</param></service></servicedata>
+ <param
name="changesrevision">7c5fa46cc184e383505ea889e9effab11023e5b0</param></service></servicedata>
(No newline at EOF)
++++++ grype-0.93.0.obscpio -> grype-0.94.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/.binny.yaml new/grype-0.94.0/.binny.yaml
--- old/grype-0.93.0/.binny.yaml 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/.binny.yaml 2025-06-12 16:19:54.000000000 +0200
@@ -90,7 +90,7 @@
# used for triggering a release
- name: gh
version:
- want: v2.74.0
+ want: v2.74.1
method: github-release
with:
repo: cli/cli
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/.goreleaser.yaml
new/grype-0.94.0/.goreleaser.yaml
--- old/grype-0.93.0/.goreleaser.yaml 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/.goreleaser.yaml 2025-06-12 16:19:54.000000000 +0200
@@ -93,13 +93,12 @@
license: "Apache License 2.0"
dockers:
+ # production images...
- image_templates:
- - anchore/grype:debug-amd64
- - anchore/grype:{{.Tag}}-debug-amd64
- - ghcr.io/anchore/grype:debug-amd64
- - ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
+ - anchore/grype:{{.Tag}}-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-amd64
goarch: amd64
- dockerfile: Dockerfile.debug
+ dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
@@ -109,12 +108,10 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:debug-arm64v8
- - anchore/grype:{{.Tag}}-debug-arm64v8
- - ghcr.io/anchore/grype:debug-arm64v8
- - ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
+ - anchore/grype:{{.Tag}}-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-arm64v8
goarch: arm64
- dockerfile: Dockerfile.debug
+ dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
@@ -124,12 +121,10 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:debug-ppc64le
- - anchore/grype:{{.Tag}}-debug-ppc64le
- - ghcr.io/anchore/grype:debug-ppc64le
- - ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
+ - anchore/grype:{{.Tag}}-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-ppc64le
goarch: ppc64le
- dockerfile: Dockerfile.debug
+ dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/ppc64le"
@@ -139,12 +134,10 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:debug-s390x
- - anchore/grype:{{.Tag}}-debug-s390x
- - ghcr.io/anchore/grype:debug-s390x
- - ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
+ - anchore/grype:{{.Tag}}-s390x
+ - ghcr.io/anchore/grype:{{.Tag}}-s390x
goarch: s390x
- dockerfile: Dockerfile.debug
+ dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/s390x"
@@ -153,13 +146,12 @@
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
+ # nonroot images...
- image_templates:
- - anchore/grype:latest-amd64
- - anchore/grype:{{.Tag}}-amd64
- - ghcr.io/anchore/grype:latest-amd64
- - ghcr.io/anchore/grype:{{.Tag}}-amd64
+ - anchore/grype:{{.Tag}}-nonroot-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-amd64
goarch: amd64
- dockerfile: Dockerfile
+ dockerfile: Dockerfile.nonroot
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
@@ -169,10 +161,10 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:{{.Tag}}-arm64v8
- - ghcr.io/anchore/grype:{{.Tag}}-arm64v8
+ - anchore/grype:{{.Tag}}-nonroot-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-arm64v8
goarch: arm64
- dockerfile: Dockerfile
+ dockerfile: Dockerfile.nonroot
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
@@ -182,10 +174,10 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:{{.Tag}}-ppc64le
- - ghcr.io/anchore/grype:{{.Tag}}-ppc64le
+ - anchore/grype:{{.Tag}}-nonroot-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-ppc64le
goarch: ppc64le
- dockerfile: Dockerfile
+ dockerfile: Dockerfile.nonroot
use: buildx
build_flag_templates:
- "--platform=linux/ppc64le"
@@ -195,10 +187,63 @@
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- - anchore/grype:{{.Tag}}-s390x
- - ghcr.io/anchore/grype:{{.Tag}}-s390x
+ - anchore/grype:{{.Tag}}-nonroot-s390x
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-s390x
goarch: s390x
- dockerfile: Dockerfile
+ dockerfile: Dockerfile.nonroot
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/s390x"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
+ # debug images...
+ - image_templates:
+ - anchore/grype:{{.Tag}}-debug-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
+ goarch: amd64
+ dockerfile: Dockerfile.debug
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/amd64"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
+ - image_templates:
+ - anchore/grype:{{.Tag}}-debug-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
+ goarch: arm64
+ dockerfile: Dockerfile.debug
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/arm64/v8"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
+ - image_templates:
+ - anchore/grype:{{.Tag}}-debug-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
+ goarch: ppc64le
+ dockerfile: Dockerfile.debug
+ use: buildx
+ build_flag_templates:
+ - "--platform=linux/ppc64le"
+ - "--build-arg=BUILD_DATE={{.Date}}"
+ - "--build-arg=BUILD_VERSION={{.Version}}"
+ - "--build-arg=VCS_REF={{.FullCommit}}"
+ - "--build-arg=VCS_URL={{.GitURL}}"
+
+ - image_templates:
+ - anchore/grype:{{.Tag}}-debug-s390x
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
+ goarch: s390x
+ dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/s390x"
@@ -215,12 +260,12 @@
- anchore/grype:{{.Tag}}-ppc64le
- anchore/grype:{{.Tag}}-s390x
- - name_template: anchore/grype:debug
+ - name_template: ghcr.io/anchore/grype:latest
image_templates:
- - anchore/grype:{{.Tag}}-debug-amd64
- - anchore/grype:{{.Tag}}-debug-arm64v8
- - anchore/grype:{{.Tag}}-debug-ppc64le
- - anchore/grype:{{.Tag}}-debug-s390x
+ - ghcr.io/anchore/grype:{{.Tag}}-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-s390x
- name_template: anchore/grype:{{.Tag}}
image_templates:
@@ -229,13 +274,50 @@
- anchore/grype:{{.Tag}}-ppc64le
- anchore/grype:{{.Tag}}-s390x
- - name_template: ghcr.io/anchore/grype:latest
+ - name_template: ghcr.io/anchore/grype:{{.Tag}}
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}-amd64
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
- ghcr.io/anchore/grype:{{.Tag}}-s390x
+ # nonroot images...
+ - name_template: anchore/grype:nonroot
+ image_templates:
+ - anchore/grype:{{.Tag}}-nonroot-amd64
+ - anchore/grype:{{.Tag}}-nonroot-arm64v8
+ - anchore/grype:{{.Tag}}-nonroot-ppc64le
+ - anchore/grype:{{.Tag}}-nonroot-s390x
+
+ - name_template: ghcr.io/anchore/grype:nonroot
+ image_templates:
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-s390x
+
+ - name_template: anchore/grype:{{.Tag}}-nonroot
+ image_templates:
+ - anchore/grype:{{.Tag}}-nonroot-amd64
+ - anchore/grype:{{.Tag}}-nonroot-arm64v8
+ - anchore/grype:{{.Tag}}-nonroot-ppc64le
+ - anchore/grype:{{.Tag}}-nonroot-s390x
+
+ - name_template: ghcr.io/anchore/grype:{{.Tag}}-nonroot
+ image_templates:
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-nonroot-s390x
+
+ # debug images...
+ - name_template: anchore/grype:debug
+ image_templates:
+ - anchore/grype:{{.Tag}}-debug-amd64
+ - anchore/grype:{{.Tag}}-debug-arm64v8
+ - anchore/grype:{{.Tag}}-debug-ppc64le
+ - anchore/grype:{{.Tag}}-debug-s390x
+
- name_template: ghcr.io/anchore/grype:debug
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
@@ -243,13 +325,19 @@
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
- - name_template: ghcr.io/anchore/grype:{{.Tag}}
+ - name_template: anchore/grype:{{.Tag}}-debug
image_templates:
- - ghcr.io/anchore/grype:{{.Tag}}-amd64
- - ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- - ghcr.io/anchore/grype:{{.Tag}}-ppc64le
- - ghcr.io/anchore/grype:{{.Tag}}-s390x
+ - anchore/grype:{{.Tag}}-debug-amd64
+ - anchore/grype:{{.Tag}}-debug-arm64v8
+ - anchore/grype:{{.Tag}}-debug-ppc64le
+ - anchore/grype:{{.Tag}}-debug-s390x
+ - name_template: ghcr.io/anchore/grype:{{.Tag}}-debug
+ image_templates:
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
+ - ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
signs:
- cmd: .tool/cosign
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/Dockerfile new/grype-0.94.0/Dockerfile
--- old/grype-0.93.0/Dockerfile 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/Dockerfile 2025-06-12 16:19:54.000000000 +0200
@@ -1,4 +1,8 @@
-FROM gcr.io/distroless/static-debian12:nonroot
+FROM gcr.io/distroless/static-debian12:latest AS build
+
+FROM scratch
+# needed for version check HTTPS request
+COPY --from=build /etc/ssl/certs/ca-certificates.crt
/etc/ssl/certs/ca-certificates.crt
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/Dockerfile.nonroot
new/grype-0.94.0/Dockerfile.nonroot
--- old/grype-0.93.0/Dockerfile.nonroot 1970-01-01 01:00:00.000000000 +0100
+++ new/grype-0.94.0/Dockerfile.nonroot 2025-06-12 16:19:54.000000000 +0200
@@ -0,0 +1,25 @@
+FROM gcr.io/distroless/static-debian12:nonroot
+
+# create the /tmp dir, which is needed for image content cache
+WORKDIR /tmp
+
+COPY grype /
+
+ARG BUILD_DATE
+ARG BUILD_VERSION
+ARG VCS_REF
+ARG VCS_URL
+
+LABEL org.opencontainers.image.created=$BUILD_DATE
+LABEL org.opencontainers.image.title="grype"
+LABEL org.opencontainers.image.description="A vulnerability scanner for
container images and filesystems"
+LABEL org.opencontainers.image.source=$VCS_URL
+LABEL org.opencontainers.image.revision=$VCS_REF
+LABEL org.opencontainers.image.vendor="Anchore, Inc."
+LABEL org.opencontainers.image.version=$BUILD_VERSION
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL
io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/grype/main/README.md";
+LABEL
io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png";
+LABEL io.artifacthub.package.license="Apache-2.0"
+
+ENTRYPOINT ["/grype"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/README.md new/grype-0.94.0/README.md
--- old/grype-0.93.0/README.md 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/README.md 2025-06-12 16:19:54.000000000 +0200
@@ -38,6 +38,7 @@
- BusyBox
- CentOS
- Debian
+ - Echo
- Distroless
- MinimOS
- Oracle Linux
@@ -552,6 +553,7 @@
- Amazon Linux ALAS: https://alas.aws.amazon.com/AL2/alas.rss
- Chainguard SecDB: https://packages.cgr.dev/chainguard/security.json
- Debian Linux CVE Tracker:
https://security-tracker.debian.org/tracker/data/json
+- Echo Security Advisories: https://advisory.echohq.com/data.json
- GitHub Security Advisories (GHSAs): https://github.com/advisories
- MinimOS SecDB: https://packages.mini.dev/advisories/secdb/security.json
- National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/data-feeds
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/go.mod new/grype-0.94.0/go.mod
--- old/grype-0.93.0/go.mod 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/go.mod 2025-06-12 16:19:54.000000000 +0200
@@ -19,7 +19,7 @@
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115
github.com/anchore/stereoscope v0.1.5
- github.com/anchore/syft v1.27.0
+ github.com/anchore/syft v1.27.1
github.com/aquasecurity/go-pep440-version v0.0.1
github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/go.sum new/grype-0.94.0/go.sum
--- old/grype-0.93.0/go.sum 2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/go.sum 2025-06-12 16:19:54.000000000 +0200
@@ -710,8 +710,8 @@
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115/go.mod
h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI=
github.com/anchore/stereoscope v0.1.5
h1:/wdjSoerdbYtXNvezReNrmzWeBOFJeHt7hLXz6Xg/WE=
github.com/anchore/stereoscope v0.1.5/go.mod
h1:S5xxMIo1BK+V+p+6SF/wzS4pZ2cTnpk6L+UJbf5IjsQ=
-github.com/anchore/syft v1.27.0 h1:6Giw9smnF3vI+Ij97Yr56geu9cqiIsddOyRQbfTk4U0=
-github.com/anchore/syft v1.27.0/go.mod
h1:nnDP2Xcyi38K1sO/MfyTJ8NR8EMTKUGrvR+VWgK5x6E=
+github.com/anchore/syft v1.27.1 h1:0tfdi2ttzJuyKuwRHbdux8xlhoZGfIzk+ddgBW5aR+I=
+github.com/anchore/syft v1.27.1/go.mod
h1:DErVdxebqcdyyENt6Ju/uFmvi7dOaw0Xp1HiGK8ayr8=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod
h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.4/go.mod
h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3
h1:8PmGpDEZl9yDpcdEr6Odf23feCxK3LNUNMxjXg41pZQ=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.93.0/grype/db/v5/namespace/distro/namespace_test.go
new/grype-0.94.0/grype/db/v5/namespace/distro/namespace_test.go
--- old/grype-0.93.0/grype/db/v5/namespace/distro/namespace_test.go
2025-06-09 21:43:03.000000000 +0200
+++ new/grype-0.94.0/grype/db/v5/namespace/distro/namespace_test.go
2025-06-12 16:19:54.000000000 +0200
@@ -42,6 +42,10 @@
result: NewNamespace("wolfi",
grypeDistro.Wolfi, "rolling"),
},
{
+ namespaceString: "echo:distro:echo:rolling",
+ result: NewNamespace("echo", grypeDistro.Echo,
"rolling"),
+ },
+ {
namespaceString: "minimos:distro:minimos:rolling",
result: NewNamespace("minimos",
grypeDistro.MinimOS, "rolling"),
},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.93.0/grype/db/v6/affected_package_store_test.go
new/grype-0.94.0/grype/db/v6/affected_package_store_test.go
--- old/grype-0.93.0/grype/db/v6/affected_package_store_test.go 2025-06-09
21:43:03.000000000 +0200
+++ new/grype-0.94.0/grype/db/v6/affected_package_store_test.go 2025-06-12
16:19:54.000000000 +0200
@@ -990,6 +990,7 @@
rhel8 := &OperatingSystem{Name: "rhel", ReleaseID: "rhel",
MajorVersion: "8"}
rhel81 := &OperatingSystem{Name: "rhel", ReleaseID: "rhel",
MajorVersion: "8", MinorVersion: "1"}
debian10 := &OperatingSystem{Name: "debian", ReleaseID: "debian",
MajorVersion: "10"}
+ echo := &OperatingSystem{Name: "echo", ReleaseID: "echo", MajorVersion:
"1"}
alpine318 := &OperatingSystem{Name: "alpine", ReleaseID: "alpine",
MajorVersion: "3", MinorVersion: "18"}
alpineEdge := &OperatingSystem{Name: "alpine", ReleaseID: "alpine",
LabelVersion: "edge"}
debianUnstable := &OperatingSystem{Name: "debian", ReleaseID: "debian",
LabelVersion: "unstable"}
@@ -1021,6 +1022,7 @@
minimos,
rocky8,
alma8,
+ echo,
}
require.NoError(t, db.Create(&operatingSystems).Error)
@@ -1241,6 +1243,14 @@
expected: []OperatingSystem{*rhel8},
},
{
+ name: "echo rolling variant",
+ distro: OSSpecifier{
+ Name: "echo",
+ MajorVersion: "1",
+ },
+ expected: []OperatingSystem{*echo},
+ },
+ {
name: "missing distro name",
distro: OSSpecifier{
MajorVersion: "8",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/grype/db/v6/data.go
new/grype-0.94.0/grype/db/v6/data.go
--- old/grype-0.93.0/grype/db/v6/data.go 2025-06-09 21:43:03.000000000
+0200
+++ new/grype-0.94.0/grype/db/v6/data.go 2025-06-12 16:19:54.000000000
+0200
@@ -28,6 +28,7 @@
{Alias: "oraclelinux", ReplacementName: strRef("ol")},
// non-standard, but common (dockerhub uses "oraclelinux")
{Alias: "amazon", ReplacementName: strRef("amzn")},
// non-standard, but common
{Alias: "amazonlinux", ReplacementName: strRef("amzn")},
// non-standard, but common (dockerhub uses "amazonlinux")
+ {Alias: "echo", Rolling: true},
// TODO: trixie is a placeholder for now, but should be updated
to sid when the time comes
// this needs to be automated, but isn't clear how to do so
since you'll see things like this:
//
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/grype/db/v6/vulnerability_test.go
new/grype-0.94.0/grype/db/v6/vulnerability_test.go
--- old/grype-0.93.0/grype/db/v6/vulnerability_test.go 2025-06-09
21:43:03.000000000 +0200
+++ new/grype-0.94.0/grype/db/v6/vulnerability_test.go 2025-06-12
16:19:54.000000000 +0200
@@ -414,6 +414,13 @@
expected: "oracle:distro:oraclelinux:8",
},
{
+ name: "echo distribution",
+ provider: "echo",
+ osName: "echo",
+ osVersion: "rolling",
+ expected: "echo:distro:echo:rolling",
+ },
+ {
name: "minimos distribution",
provider: "minimos",
osName: "minimos",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/grype/distro/distro_test.go
new/grype-0.94.0/grype/distro/distro_test.go
--- old/grype-0.93.0/grype/distro/distro_test.go 2025-06-09
21:43:03.000000000 +0200
+++ new/grype-0.94.0/grype/distro/distro_test.go 2025-06-12
16:19:54.000000000 +0200
@@ -278,6 +278,11 @@
Version: "8.4",
},
{
+ Name: "test-fixtures/os/echo",
+ Type: Echo,
+ Version: "1",
+ },
+ {
Name: "test-fixtures/os/gentoo",
Type: Gentoo,
},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.93.0/grype/distro/test-fixtures/os/echo/etc/os-release
new/grype-0.94.0/grype/distro/test-fixtures/os/echo/etc/os-release
--- old/grype-0.93.0/grype/distro/test-fixtures/os/echo/etc/os-release
1970-01-01 01:00:00.000000000 +0100
+++ new/grype-0.94.0/grype/distro/test-fixtures/os/echo/etc/os-release
2025-06-12 16:19:54.000000000 +0200
@@ -0,0 +1,6 @@
+NAME="Echo Linux"
+PRETTY_NAME="Echo Linux"
+ID="echo"
+ID_LIKE="debian"
+VERSION_ID="1"
+HOME_URL="https://echohq.com/";
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.93.0/grype/distro/type.go
new/grype-0.94.0/grype/distro/type.go
--- old/grype-0.93.0/grype/distro/type.go 2025-06-09 21:43:03.000000000
+0200
+++ new/grype-0.94.0/grype/distro/type.go 2025-06-12 16:19:54.000000000
+0200
@@ -23,6 +23,7 @@
OpenSuseLeap Type = "opensuseleap"
SLES Type = "sles"
Photon Type = "photon"
+ Echo Type = "echo"
Windows Type = "windows"
Mariner Type = "mariner"
Azure Type = "azurelinux"
@@ -49,6 +50,7 @@
OpenSuseLeap,
SLES,
Photon,
+ Echo,
Windows,
Mariner,
Azure,
@@ -76,6 +78,7 @@
"opensuse-leap": OpenSuseLeap,
"sles": SLES,
"photon": Photon,
+ "echo": Echo,
"windows": Windows,
"mariner": Mariner,
"azurelinux": Azure,
++++++ grype.obsinfo ++++++
--- /var/tmp/diff_new_pack.Hf6tEe/_old 2025-06-13 18:45:45.031564108 +0200
+++ /var/tmp/diff_new_pack.Hf6tEe/_new 2025-06-13 18:45:45.035564271 +0200
@@ -1,5 +1,5 @@
name: grype
-version: 0.93.0
-mtime: 1749498183
-commit: c4acc50c1a739140d245cf39a298b1cac7920261
+version: 0.94.0
+mtime: 1749737994
+commit: 7c5fa46cc184e383505ea889e9effab11023e5b0
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz
/work/SRC/openSUSE:Factory/.grype.new.19631/vendor.tar.gz differ: char 132,
line 1
![https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png"](https://user-images.githubusercontent.com/5199289/136855393-d0a9eef9-ccf1-4e2b-9d7c-7aad16a567e5.png"){kind=link}