Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package grype for openSUSE:Factory checked in at 2026-06-28 21:08:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/grype (Old) and /work/SRC/openSUSE:Factory/.grype.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype" Sun Jun 28 21:08:02 2026 rev:124 rq:1362085 version:0.115.0 Changes: -------- --- /work/SRC/openSUSE:Factory/grype/grype.changes 2026-06-08 14:26:45.496635869 +0200 +++ /work/SRC/openSUSE:Factory/.grype.new.11887/grype.changes 2026-06-28 21:09:20.363749810 +0200 @@ -1,0 +2,87 @@ +Sun Jun 28 06:15:52 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.115.0: + * Added Features + - emit golang.org/x/net vulns from govlundb [PR #3534 + @willmurphyscode] + - Merge Go vuln matches with GHSA matches [Issue #3515] + * Bug Fixes + - only emit records for stdlib [PR #3527 @willmurphyscode] + - mark hummingbird distro as rolling [PR #3521 + @willmurphyscode] + - disable go stdlib CPE matching by default [PR #3517 + @willmurphyscode] + - merge in custom ranges when applicable [PR #3514 + @willmurphyscode] + - exclude linux-kbuild deb indirect matches by default [PR + #3506 @westonsteimel] + - avoid panic on invalid RHEL version IDs [PR #3490 @jspilman] + - Support reading CycloneDX 1.7 SBOMs [Issue #3373] + - Grype cannot read mariadb version correctly [Issue #3452] + - grype hangs when downloading certain images using registry + client [Issue #3492] + - Can we get a fix for these Critical findings reported for + grype [Issue #3484] + * Additional Changes + - Security: bump golang.org/x/crypto to v0.52.0 to resolve + multiple CVEs [Issue #3493] + - Security: bump golang.org/x/net to v0.55.0 to resolve CVEs + [Issue #3494] + * Dependencies + - 35 dependency changes (31 updated, 3 added, 1 removed). 5 + vulnerabilities remediated. + * Remediated (5) + - GHSA-33vj-92qq-66hc (High) — + github.com/containerd/containerd/v2 + - GHSA-cvxm-645q-p574 (Medium) — + github.com/containerd/containerd/v2 + - GHSA-jpcc-p29g-p8mq (Medium) — + github.com/containerd/containerd/v2 + - GHSA-rgh6-rfwx-v388 (High) — + github.com/containerd/containerd/v2 + - GHSA-xhf5-7wjv-pqxp (High) — + github.com/containerd/containerd/v2 + * Updated (31 packages) + - github.com/ProtonMail/go-crypto v1.4.0 → v1.4.1 + - github.com/anchore/bubbly v0.2.0 → v0.2.1 + - github.com/anchore/clio v0.1.0 → v0.1.1 + - github.com/anchore/fangs v0.1.0 → v0.1.1 + - github.com/anchore/go-collections v0.1.0 → v0.1.1 + - github.com/anchore/go-homedir v0.1.0 → v0.1.1 + - github.com/anchore/go-logger v0.1.0 → v0.1.1 + - github.com/anchore/go-lzo v0.1.0 → v0.1.1 + - github.com/anchore/go-macholibre v0.1.0 → v0.1.1 + - github.com/anchore/go-make v0.5.0 → v0.8.0 + - github.com/anchore/go-struct-converter v0.1.0 → v0.2.0-rc2 + - github.com/anchore/go-sync v0.1.0 → v0.1.1 + - github.com/anchore/stereoscope v0.2.1 → v0.2.2 + - github.com/anchore/syft v1.45.1 → v1.46.0 + - github.com/charmbracelet/colorprofile v0.4.1 → v0.4.3 + - github.com/clipperhouse/displaywidth v0.10.0 → v0.11.0 + - github.com/clipperhouse/uax29/v2 v2.6.0 → v2.7.0 + - github.com/containerd/containerd/v2 v2.3.1 → v2.3.2 + (remediated GHSA-33vj-92qq-66hc, GHSA-cvxm-645q-p574, + GHSA-jpcc-p29g-p8mq, GHSA-rgh6-rfwx-v388, + GHSA-xhf5-7wjv-pqxp) + - github.com/docker/cli v29.4.3+incompatible → + v29.5.3+incompatible + - github.com/google/go-containerregistry v0.21.6 → v0.21.7 + - github.com/mattn/go-runewidth v0.0.19 → v0.0.21 + - github.com/spdx/tools-golang v0.5.7 → v0.6.0-rc4 + - github.com/sylabs/sif/v2 v2.24.0 → v2.24.1 + - golang.org/x/crypto v0.52.0 → v0.53.0 + - golang.org/x/mod v0.36.0 → v0.37.0 + - golang.org/x/net v0.55.0 → v0.56.0 + - golang.org/x/sync v0.20.0 → v0.21.0 + - golang.org/x/sys v0.45.0 → v0.46.0 + - golang.org/x/term v0.43.0 → v0.44.0 + - golang.org/x/text v0.37.0 → v0.38.0 + - golang.org/x/tools v0.45.0 → v0.46.0 + * Added (3 packages) + - github.com/piprate/json-gold v0.7.0 + - github.com/pquerna/cachecontrol v0.0.0-1555304 + - github.com/tailscale/hujson v0.0.0-ecc657c + * Removed (1 package) + - github.com/google/osv-scanner v1.9.2 + +------------------------------------------------------------------- Old: ---- grype-0.114.0.obscpio New: ---- grype-0.115.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ grype.spec ++++++ --- /var/tmp/diff_new_pack.79xla0/_old 2026-06-28 21:09:26.783966906 +0200 +++ /var/tmp/diff_new_pack.79xla0/_new 2026-06-28 21:09:26.787967040 +0200 @@ -17,7 +17,7 @@ Name: grype -Version: 0.114.0 +Version: 0.115.0 Release: 0 Summary: A vulnerability scanner for container images and filesystems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.79xla0/_old 2026-06-28 21:09:27.035975427 +0200 +++ /var/tmp/diff_new_pack.79xla0/_new 2026-06-28 21:09:27.067976509 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/anchore/grype</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.114.0</param> + <param name="revision">v0.115.0</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.79xla0/_old 2026-06-28 21:09:27.263983136 +0200 +++ /var/tmp/diff_new_pack.79xla0/_new 2026-06-28 21:09:27.315984895 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/grype</param> - <param name="changesrevision">ef8e65adb2dec760f1f923e635da4c7696d3c295</param></service></servicedata> + <param name="changesrevision">fa8b7e2a528cf1f8b098123f256c61db9e5df69c</param></service></servicedata> (No newline at EOF) ++++++ grype-0.114.0.obscpio -> grype-0.115.0.obscpio ++++++ ++++ 4440 lines of diff (skipped) ++++++ grype.obsinfo ++++++ --- /var/tmp/diff_new_pack.79xla0/_old 2026-06-28 21:09:41.448462774 +0200 +++ /var/tmp/diff_new_pack.79xla0/_new 2026-06-28 21:09:41.448462774 +0200 @@ -1,5 +1,5 @@ name: grype -version: 0.114.0 -mtime: 1780671733 -commit: ef8e65adb2dec760f1f923e635da4c7696d3c295 +version: 0.115.0 +mtime: 1782468987 +commit: fa8b7e2a528cf1f8b098123f256c61db9e5df69c ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/grype/vendor.tar.gz /work/SRC/openSUSE:Factory/.grype.new.11887/vendor.tar.gz differ: char 13, line 1
