commit grype for openSUSE:Factory

Sun, 06 Jul 2025 08:08:00 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package grype for openSUSE:Factory checked 
in at 2025-07-06 17:04:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
 and      /work/SRC/openSUSE:Factory/.grype.new.1903 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "grype"

Sun Jul  6 17:04:59 2025 rev:94 rq:1290067 version:0.95.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes      2025-06-13 
18:45:38.803309529 +0200
+++ /work/SRC/openSUSE:Factory/.grype.new.1903/grype.changes    2025-07-06 
17:06:58.876649541 +0200
@@ -1,0 +2,52 @@
+Thu Jul 03 04:49:43 UTC 2025 - Johannes Kastl 
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.95.0:
+  * Added Features
+    - Add string severity to db search json results [#2730
+      @wagoodman]
+    - Add package specifier overrides for kb, dpkg, and apkg [#2742
+      @westonsteimel]
+  * Bug Fixes
+    - show related NVD records for non-NVD matches [#2755 @kzantow]
+    - assume that a vulnerability with no ranges is always
+      vulnerable [#2759 @wagoodman]
+    - DB should hydrate for when the client has new features [#2758
+      @wagoodman]
+    - show relationship back to NVD for all CVE ids [#2756
+      @westonsteimel]
+    - properly escape CPE segments [#2731 @kzantow]
+    - msrc matcher should search by package ecosystem, not by
+      distro [#2748 @westonsteimel]
+    - Grype does not report any vulnerabilities for CPEs with
+      target_sw field set to value that does not correspond to
+      known package type [#2768 #2772 @willmurphyscode]
+    - malformed CPE in grype db search output [#2767 #2769
+      @westonsteimel]
+    - vex documents from the --vex flag do get processed or applied
+      to the output correctly [#1836 #2741 @willmurphyscode]
+  * Additional Changes
+    - replace deprecated GoReleaser configurations [#2729
+      @emmanuel-ferdman]
+    - specify types for all match details [#2762 @wagoodman]
+    - Refactor the version package [#2735 @wagoodman]
+  * Dependencies
+    - chore(deps): update anchore dependencies (#2773)
+    - chore(deps): update anchore dependencies (#2771)
+    - chore(deps): update tools to latest versions (#2751)
+    - chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2
+      (#2760)
+    - chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1
+      (#2757)
+    - chore(deps): bump github.com/docker/docker (#2753)
+    - chore(deps): bump sigstore/cosign-installer from 3.8.2 to
+      3.9.1 (#2749)
+    - chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1
+      (#2732)
+    - chore(deps): bump github.com/google/go-containerregistry
+      (#2733)
+    - chore(deps): bump github.com/go-viper/mapstructure/v2 (#2734)
+    - chore(deps): update tools to latest versions (#2736)
+    - chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0
+      (#2727)
+
+-------------------------------------------------------------------

Old:
----
  grype-0.94.0.obscpio

New:
----
  grype-0.95.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.kN2xf6/_old  2025-07-06 17:07:01.468756921 +0200
+++ /var/tmp/diff_new_pack.kN2xf6/_new  2025-07-06 17:07:01.472757086 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           grype
-Version:        0.94.0
+Version:        0.95.0
 Release:        0
 Summary:        A vulnerability scanner for container images and filesystems
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.kN2xf6/_old  2025-07-06 17:07:01.508758578 +0200
+++ /var/tmp/diff_new_pack.kN2xf6/_new  2025-07-06 17:07:01.512758744 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/anchore/grype</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.94.0</param>
+    <param name="revision">v0.95.0</param>
     <param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.kN2xf6/_old  2025-07-06 17:07:01.532759572 +0200
+++ /var/tmp/diff_new_pack.kN2xf6/_new  2025-07-06 17:07:01.536759738 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/grype</param>
-              <param 
name="changesrevision">7c5fa46cc184e383505ea889e9effab11023e5b0</param></service></servicedata>
+              <param 
name="changesrevision">9fb2497e9b48718ab5b3061c67865b7da7e4b03f</param></service></servicedata>
 (No newline at EOF)
 

++++++ grype-0.94.0.obscpio -> grype-0.95.0.obscpio ++++++
++++ 18027 lines of diff (skipped)

++++++ grype.obsinfo ++++++
--- /var/tmp/diff_new_pack.kN2xf6/_old  2025-07-06 17:07:04.988902744 +0200
+++ /var/tmp/diff_new_pack.kN2xf6/_new  2025-07-06 17:07:04.992902910 +0200
@@ -1,5 +1,5 @@
 name: grype
-version: 0.94.0
-mtime: 1749737994
-commit: 7c5fa46cc184e383505ea889e9effab11023e5b0
+version: 0.95.0
+mtime: 1751476075
+commit: 9fb2497e9b48718ab5b3061c67865b7da7e4b03f
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.grype.new.1903/vendor.tar.gz differ: char 14, line 1

Reply via email to