Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package grype for openSUSE:Factory checked 
in at 2026-06-28 21:08:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
 and      /work/SRC/openSUSE:Factory/.grype.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "grype"

Sun Jun 28 21:08:02 2026 rev:124 rq:1362085 version:0.115.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes      2026-06-08 
14:26:45.496635869 +0200
+++ /work/SRC/openSUSE:Factory/.grype.new.11887/grype.changes   2026-06-28 
21:09:20.363749810 +0200
@@ -1,0 +2,87 @@
+Sun Jun 28 06:15:52 UTC 2026 - Johannes Kastl 
<[email protected]>
+
+- Update to version 0.115.0:
+  * Added Features
+    - emit golang.org/x/net vulns from govlundb [PR #3534
+      @willmurphyscode]
+    - Merge Go vuln matches with GHSA matches [Issue #3515]
+  * Bug Fixes
+    - only emit records for stdlib [PR #3527 @willmurphyscode]
+    - mark hummingbird distro as rolling [PR #3521
+      @willmurphyscode]
+    - disable go stdlib CPE matching by default [PR #3517
+      @willmurphyscode]
+    - merge in custom ranges when applicable [PR #3514
+      @willmurphyscode]
+    - exclude linux-kbuild deb indirect matches by default [PR
+      #3506 @westonsteimel]
+    - avoid panic on invalid RHEL version IDs [PR #3490 @jspilman]
+    - Support reading CycloneDX 1.7 SBOMs [Issue #3373]
+    - Grype cannot read mariadb version correctly [Issue #3452]
+    - grype hangs when downloading certain images using registry
+      client [Issue #3492]
+    - Can we get a fix for these Critical findings reported for
+      grype [Issue #3484]
+  * Additional Changes
+    - Security: bump golang.org/x/crypto to v0.52.0 to resolve
+      multiple CVEs [Issue #3493]
+    - Security: bump golang.org/x/net to v0.55.0 to resolve CVEs
+      [Issue #3494]
+  * Dependencies
+    - 35 dependency changes (31 updated, 3 added, 1 removed). 5
+      vulnerabilities remediated.
+  * Remediated (5)
+    - GHSA-33vj-92qq-66hc (High) —
+      github.com/containerd/containerd/v2
+    - GHSA-cvxm-645q-p574 (Medium) —
+      github.com/containerd/containerd/v2
+    - GHSA-jpcc-p29g-p8mq (Medium) —
+      github.com/containerd/containerd/v2
+    - GHSA-rgh6-rfwx-v388 (High) —
+      github.com/containerd/containerd/v2
+    - GHSA-xhf5-7wjv-pqxp (High) —
+      github.com/containerd/containerd/v2
+  * Updated (31 packages)
+    - github.com/ProtonMail/go-crypto v1.4.0 → v1.4.1
+    - github.com/anchore/bubbly v0.2.0 → v0.2.1
+    - github.com/anchore/clio v0.1.0 → v0.1.1
+    - github.com/anchore/fangs v0.1.0 → v0.1.1
+    - github.com/anchore/go-collections v0.1.0 → v0.1.1
+    - github.com/anchore/go-homedir v0.1.0 → v0.1.1
+    - github.com/anchore/go-logger v0.1.0 → v0.1.1
+    - github.com/anchore/go-lzo v0.1.0 → v0.1.1
+    - github.com/anchore/go-macholibre v0.1.0 → v0.1.1
+    - github.com/anchore/go-make v0.5.0 → v0.8.0
+    - github.com/anchore/go-struct-converter v0.1.0 → v0.2.0-rc2
+    - github.com/anchore/go-sync v0.1.0 → v0.1.1
+    - github.com/anchore/stereoscope v0.2.1 → v0.2.2
+    - github.com/anchore/syft v1.45.1 → v1.46.0
+    - github.com/charmbracelet/colorprofile v0.4.1 → v0.4.3
+    - github.com/clipperhouse/displaywidth v0.10.0 → v0.11.0
+    - github.com/clipperhouse/uax29/v2 v2.6.0 → v2.7.0
+    - github.com/containerd/containerd/v2 v2.3.1 → v2.3.2
+      (remediated GHSA-33vj-92qq-66hc, GHSA-cvxm-645q-p574,
+      GHSA-jpcc-p29g-p8mq, GHSA-rgh6-rfwx-v388,
+      GHSA-xhf5-7wjv-pqxp)
+    - github.com/docker/cli v29.4.3+incompatible →
+      v29.5.3+incompatible
+    - github.com/google/go-containerregistry v0.21.6 → v0.21.7
+    - github.com/mattn/go-runewidth v0.0.19 → v0.0.21
+    - github.com/spdx/tools-golang v0.5.7 → v0.6.0-rc4
+    - github.com/sylabs/sif/v2 v2.24.0 → v2.24.1
+    - golang.org/x/crypto v0.52.0 → v0.53.0
+    - golang.org/x/mod v0.36.0 → v0.37.0
+    - golang.org/x/net v0.55.0 → v0.56.0
+    - golang.org/x/sync v0.20.0 → v0.21.0
+    - golang.org/x/sys v0.45.0 → v0.46.0
+    - golang.org/x/term v0.43.0 → v0.44.0
+    - golang.org/x/text v0.37.0 → v0.38.0
+    - golang.org/x/tools v0.45.0 → v0.46.0
+  * Added (3 packages)
+    - github.com/piprate/json-gold v0.7.0
+    - github.com/pquerna/cachecontrol v0.0.0-1555304
+    - github.com/tailscale/hujson v0.0.0-ecc657c
+  * Removed (1 package)
+    - github.com/google/osv-scanner v1.9.2
+
+-------------------------------------------------------------------

Old:
----
  grype-0.114.0.obscpio

New:
----
  grype-0.115.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.79xla0/_old  2026-06-28 21:09:26.783966906 +0200
+++ /var/tmp/diff_new_pack.79xla0/_new  2026-06-28 21:09:26.787967040 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           grype
-Version:        0.114.0
+Version:        0.115.0
 Release:        0
 Summary:        A vulnerability scanner for container images and filesystems
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.79xla0/_old  2026-06-28 21:09:27.035975427 +0200
+++ /var/tmp/diff_new_pack.79xla0/_new  2026-06-28 21:09:27.067976509 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/anchore/grype</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.114.0</param>
+    <param name="revision">v0.115.0</param>
     <param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.79xla0/_old  2026-06-28 21:09:27.263983136 +0200
+++ /var/tmp/diff_new_pack.79xla0/_new  2026-06-28 21:09:27.315984895 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/grype</param>
-              <param 
name="changesrevision">ef8e65adb2dec760f1f923e635da4c7696d3c295</param></service></servicedata>
+              <param 
name="changesrevision">fa8b7e2a528cf1f8b098123f256c61db9e5df69c</param></service></servicedata>
 (No newline at EOF)
 

++++++ grype-0.114.0.obscpio -> grype-0.115.0.obscpio ++++++
++++ 4440 lines of diff (skipped)

++++++ grype.obsinfo ++++++
--- /var/tmp/diff_new_pack.79xla0/_old  2026-06-28 21:09:41.448462774 +0200
+++ /var/tmp/diff_new_pack.79xla0/_new  2026-06-28 21:09:41.448462774 +0200
@@ -1,5 +1,5 @@
 name: grype
-version: 0.114.0
-mtime: 1780671733
-commit: ef8e65adb2dec760f1f923e635da4c7696d3c295
+version: 0.115.0
+mtime: 1782468987
+commit: fa8b7e2a528cf1f8b098123f256c61db9e5df69c
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.grype.new.11887/vendor.tar.gz differ: char 13, line 
1

Reply via email to