Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grype for openSUSE:Factory checked
in at 2025-07-24 18:47:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
and /work/SRC/openSUSE:Factory/.grype.new.13279 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype"
Thu Jul 24 18:47:48 2025 rev:96 rq:1295484 version:0.96.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes 2025-07-16
17:35:48.649600435 +0200
+++ /work/SRC/openSUSE:Factory/.grype.new.13279/grype.changes 2025-07-24
18:50:12.601382803 +0200
@@ -1,0 +2,15 @@
+Thu Jul 24 07:29:31 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.96.1:
+ * chore(deps): update anchore dependencies (#2815)
+ * chore: revert credentials persistence for release (#2816)
+ * chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3
+ (#2814)
+ * chore(deps): update tools to latest versions (#2806)
+ * chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2
+ (#2808)
+ * create ignore regexs conditionally (#2805)
+ * chore: lint gh actions (#2804)
+ * chore(deps): update tools to latest versions (#2801)
+
+-------------------------------------------------------------------
Old:
----
grype-0.96.0.obscpio
New:
----
grype-0.96.1.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.Asy5Bh/_old 2025-07-24 18:50:18.973646714 +0200
+++ /var/tmp/diff_new_pack.Asy5Bh/_new 2025-07-24 18:50:18.977646879 +0200
@@ -17,7 +17,7 @@
Name: grype
-Version: 0.96.0
+Version: 0.96.1
Release: 0
Summary: A vulnerability scanner for container images and filesystems
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Asy5Bh/_old 2025-07-24 18:50:19.013648371 +0200
+++ /var/tmp/diff_new_pack.Asy5Bh/_new 2025-07-24 18:50:19.013648371 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/anchore/grype</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.96.0</param>
+ <param name="revision">v0.96.1</param>
<param name="match-tag">v*</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Asy5Bh/_old 2025-07-24 18:50:19.053650028 +0200
+++ /var/tmp/diff_new_pack.Asy5Bh/_new 2025-07-24 18:50:19.057650193 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/grype</param>
- <param
name="changesrevision">421c93bce31e344b90a9d379c7364bb74c306b7b</param></service></servicedata>
+ <param
name="changesrevision">3e57a29af7e5ef93e26ff0844e36ec41341020dc</param></service></servicedata>
(No newline at EOF)
++++++ grype-0.96.0.obscpio -> grype-0.96.1.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/.binny.yaml new/grype-0.96.1/.binny.yaml
--- old/grype-0.96.0/.binny.yaml 2025-07-14 21:48:30.000000000 +0200
+++ new/grype-0.96.1/.binny.yaml 2025-07-21 22:32:45.000000000 +0200
@@ -42,7 +42,7 @@
# used for signing the checksums file at release
- name: cosign
version:
- want: v2.5.2
+ want: v2.5.3
method: github-release
with:
repo: sigstore/cosign
@@ -90,7 +90,7 @@
# used for triggering a release
- name: gh
version:
- want: v2.75.0
+ want: v2.76.0
method: github-release
with:
repo: cli/cli
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/go.mod new/grype-0.96.1/go.mod
--- old/grype-0.96.0/go.mod 2025-07-14 21:48:30.000000000 +0200
+++ new/grype-0.96.1/go.mod 2025-07-21 22:32:45.000000000 +0200
@@ -18,8 +18,8 @@
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115
- github.com/anchore/stereoscope v0.1.6
- github.com/anchore/syft v1.28.0
+ github.com/anchore/stereoscope v0.1.7-0.20250716200927-94c6f92877d4
+ github.com/anchore/syft v1.29.0
github.com/aquasecurity/go-pep440-version v0.0.1
github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef
@@ -34,7 +34,7 @@
github.com/gkampitakis/go-snaps v0.5.13
github.com/glebarez/sqlite v1.11.0
github.com/go-test/deep v1.1.1
- github.com/go-viper/mapstructure/v2 v2.3.0
+ github.com/go-viper/mapstructure/v2 v2.4.0
github.com/gohugoio/hashstructure v0.5.0
github.com/google/go-cmp v0.7.0
github.com/google/go-containerregistry v0.20.6
@@ -112,7 +112,7 @@
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d //
indirect
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
- github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
+ github.com/bmatcuk/doublestar/v4 v4.9.0 // indirect
github.com/bodgit/plumbing v1.3.0 // indirect
github.com/bodgit/sevenzip v1.6.0 // indirect
github.com/bodgit/windows v1.0.1 // indirect
@@ -182,7 +182,7 @@
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
- github.com/hashicorp/hcl/v2 v2.23.0 // indirect
+ github.com/hashicorp/hcl/v2 v2.24.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 //
indirect
@@ -276,7 +276,7 @@
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
- github.com/zclconf/go-cty v1.14.0 // indirect
+ github.com/zclconf/go-cty v1.16.3 // indirect
github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1 //
indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/go.sum new/grype-0.96.1/go.sum
--- old/grype-0.96.0/go.sum 2025-07-14 21:48:30.000000000 +0200
+++ new/grype-0.96.1/go.sum 2025-07-21 22:32:45.000000000 +0200
@@ -710,10 +710,10 @@
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod
h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115
h1:ZyRCmiEjnoGJZ1+Ah0ZZ/mKKqNhGcUZBl0s7PTTDzvY=
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115/go.mod
h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI=
-github.com/anchore/stereoscope v0.1.6
h1:DxaPHugD9EndPxOaIMaEYjHJJURjKNaHzD1NyQUUmdU=
-github.com/anchore/stereoscope v0.1.6/go.mod
h1:ejAlYkAb/cRvSMlxQlrG2dMruqQpcJAh4w2Fu02FEYQ=
-github.com/anchore/syft v1.28.0 h1:uLdCvWNb2btvCyfIawWOsXD238v6eDTaz5RTfS2lMqA=
-github.com/anchore/syft v1.28.0/go.mod
h1:jGpfAy5lRvOUrOxWAfbbu9t3TK8VwJpAAJHz6HFQofw=
+github.com/anchore/stereoscope v0.1.7-0.20250716200927-94c6f92877d4
h1:5UGwBBUAK8i06gDA5JD74vT3qcz4lR7BfLXudpD5y8w=
+github.com/anchore/stereoscope v0.1.7-0.20250716200927-94c6f92877d4/go.mod
h1:ejAlYkAb/cRvSMlxQlrG2dMruqQpcJAh4w2Fu02FEYQ=
+github.com/anchore/syft v1.29.0 h1:zQqajGHCX4vO2uaybjdSXL8q3uxXepo1s7ySIK+i5v4=
+github.com/anchore/syft v1.29.0/go.mod
h1:nXCGVo6kikMi74cXrvYlSSbv/zP8mR4PuMwpUn0vSZ4=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod
h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.4/go.mod
h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3
h1:8PmGpDEZl9yDpcdEr6Odf23feCxK3LNUNMxjXg41pZQ=
@@ -762,8 +762,8 @@
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod
h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
github.com/bmatcuk/doublestar/v2 v2.0.4
h1:6I6oUiT/sU27eE2OFcWqBhL1SwjyvQuOssxT4a1yidI=
github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod
h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw=
-github.com/bmatcuk/doublestar/v4 v4.8.1
h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38=
-github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod
h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.9.0
h1:DBvuZxjdKkRP/dr4GVV4w2fnmrk5Hxc90T51LZjv0JA=
+github.com/bmatcuk/doublestar/v4 v4.9.0/go.mod
h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
github.com/bodgit/plumbing v1.3.0
h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
github.com/bodgit/plumbing v1.3.0/go.mod
h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs=
github.com/bodgit/sevenzip v1.6.0
h1:a4R0Wu6/P1o1pP/3VV++aEOcyeBxeO/xE2Y9NSTrr6A=
@@ -1007,8 +1007,8 @@
github.com/go-stack/stack v1.8.0/go.mod
h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
github.com/go-test/deep v1.1.1/go.mod
h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.3.0
h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
-github.com/go-viper/mapstructure/v2 v2.3.0/go.mod
h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.4.0
h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod
h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/gobwas/httphead v0.1.0/go.mod
h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
github.com/gobwas/pool v0.2.1/go.mod
h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
github.com/gobwas/ws v1.2.1/go.mod
h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
@@ -1191,8 +1191,8 @@
github.com/hashicorp/golang-lru/v2 v2.0.7
h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod
h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hashicorp/hcl v1.0.0/go.mod
h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.23.0
h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos=
-github.com/hashicorp/hcl/v2 v2.23.0/go.mod
h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
+github.com/hashicorp/hcl/v2 v2.24.0
h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE=
+github.com/hashicorp/hcl/v2 v2.24.0/go.mod
h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM=
github.com/hashicorp/logutils v1.0.0/go.mod
h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.1/go.mod
h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
github.com/hashicorp/mdns v1.0.4/go.mod
h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
@@ -1618,8 +1618,9 @@
github.com/yuin/goldmark v1.3.5/go.mod
h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.1/go.mod
h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod
h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.14.0
h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc=
github.com/zclconf/go-cty v1.14.0/go.mod
h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.16.3
h1:osr++gw2T61A8KVYHoQiFbFd1Lh3JOCXc/jFLJXKTxk=
+github.com/zclconf/go-cty v1.16.3/go.mod
h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940
h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod
h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
github.com/zeebo/assert v1.3.0/go.mod
h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/grype/db/v6/models_test.go
new/grype-0.96.1/grype/db/v6/models_test.go
--- old/grype-0.96.0/grype/db/v6/models_test.go 2025-07-14 21:48:30.000000000
+0200
+++ new/grype-0.96.1/grype/db/v6/models_test.go 2025-07-21 22:32:45.000000000
+0200
@@ -1,9 +1,9 @@
package v6
import (
- "github.com/google/go-cmp/cmp"
"testing"
+ "github.com/google/go-cmp/cmp"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/grype/match/ignore.go
new/grype-0.96.1/grype/match/ignore.go
--- old/grype-0.96.0/grype/match/ignore.go 2025-07-14 21:48:30.000000000
+0200
+++ new/grype-0.96.1/grype/match/ignore.go 2025-07-21 22:32:45.000000000
+0200
@@ -222,13 +222,21 @@
}
func ifPackageNameApplies(name string) ignoreCondition {
- pattern, err := packageNameRegex(name)
- if err != nil {
- return func(Match) bool { return false }
- }
+ // with enough ignore rules, we could end up needlessly creating a lot
of regexes, which is not ideal.
+ // instead lets detect if the input string is a regex or not, and if it
is, then compile it...
+ // otherwise, we can just do a simple string comparison
+ if isLikelyARegex(name) {
+ pattern, err := packageNameRegex(name)
+ if err != nil || pattern == nil {
+ return func(Match) bool { return false }
+ }
+ return func(match Match) bool {
+ return pattern.MatchString(match.Package.Name)
+ }
+ }
return func(match Match) bool {
- return pattern.MatchString(match.Package.Name)
+ return name == match.Package.Name
}
}
@@ -257,14 +265,27 @@
}
func ifUpstreamPackageNameApplies(name string) ignoreCondition {
- pattern, err := packageNameRegex(name)
- if err != nil {
- log.WithFields("name", name, "error", err).Debug("unable to
parse name expression")
- return func(Match) bool { return false }
+ // with enough ignore rules, we could end up needlessly creating a lot
of regexes, which is not ideal.
+ // instead lets detect if the input string is a regex or not, and if it
is, then compile it...
+ // otherwise, we can just do a simple string comparison
+ if isLikelyARegex(name) {
+ pattern, err := packageNameRegex(name)
+ if err != nil {
+ log.WithFields("name", name, "error",
err).Debug("unable to parse name expression")
+ return func(Match) bool { return false }
+ }
+ return func(match Match) bool {
+ for _, upstream := range match.Package.Upstreams {
+ if pattern.MatchString(upstream.Name) {
+ return true
+ }
+ }
+ return false
+ }
}
return func(match Match) bool {
for _, upstream := range match.Package.Upstreams {
- if pattern.MatchString(upstream.Name) {
+ if name == upstream.Name {
return true
}
}
@@ -272,6 +293,15 @@
}
}
+// isRegexPattern is a compiled regex that matches common regex characters. We
intentionally leave out
+// the '.' character, as it is a common character in package names and
versions, and we do not want to
+// treat it as a regex unless there is other evidence that it is a regex.
+var isRegexPattern =
regexp.MustCompile(`[\^\$\*\+\?\[\]\(\)\{\}\|\\]|\\[dDwWsSnrtfv]`)
+
+func isLikelyARegex(s string) bool {
+ return isRegexPattern.MatchString(s)
+}
+
func ifMatchTypeApplies(matchType Type) ignoreCondition {
return func(match Match) bool {
for _, mType := range match.Details.Types() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/grype/match/ignore_test.go
new/grype-0.96.1/grype/match/ignore_test.go
--- old/grype-0.96.0/grype/match/ignore_test.go 2025-07-14 21:48:30.000000000
+0200
+++ new/grype-0.96.1/grype/match/ignore_test.go 2025-07-21 22:32:45.000000000
+0200
@@ -833,6 +833,274 @@
}
)
+func TestIsRegex(t *testing.T) {
+ tests := []struct {
+ name string
+ input string
+ expected bool
+ }{
+ // simple strings that should NOT be detected as regex
+ {
+ name: "simple string",
+ input: "hello",
+ expected: false,
+ },
+ {
+ name: "alphanumeric with dashes",
+ input: "kernel-headers",
+ expected: false,
+ },
+ {
+ name: "alphanumeric with underscores",
+ input: "my_package_name",
+ expected: false,
+ },
+ {
+ name: "version numbers",
+ input: "1.2.3",
+ expected: false, // dots are no longer considered regex
metacharacters
+ },
+ {
+ name: "empty string",
+ input: "",
+ expected: false,
+ },
+ {
+ name: "spaces only",
+ input: " ",
+ expected: false,
+ },
+ {
+ name: "numbers only",
+ input: "12345",
+ expected: false,
+ },
+ {
+ name: "letters and numbers",
+ input: "abc123",
+ expected: false,
+ },
+ {
+ name: "with slashes",
+ input: "path/to/file",
+ expected: false,
+ },
+ {
+ name: "with colons",
+ input: "namespace:package",
+ expected: false,
+ },
+ {
+ name: "with at symbol",
+ input: "u...@domain.com",
+ expected: false, // dots are no longer considered regex
metacharacters
+ },
+
+ // strings with regex metacharacters that SHOULD be detected as
regex
+ {
+ name: "caret at start",
+ input: "^start",
+ expected: true,
+ },
+ {
+ name: "dollar at end",
+ input: "end$",
+ expected: true,
+ },
+ {
+ name: "asterisk wildcard",
+ input: "test*",
+ expected: true,
+ },
+ {
+ name: "plus quantifier",
+ input: "test+",
+ expected: true,
+ },
+ {
+ name: "question mark",
+ input: "test?",
+ expected: true,
+ },
+ {
+ name: "dot wildcard",
+ input: "test.",
+ expected: false, // dots are no longer considered regex
metacharacters
+ },
+ {
+ name: "square brackets",
+ input: "test[abc]",
+ expected: true,
+ },
+ {
+ name: "parentheses grouping",
+ input: "(test)",
+ expected: true,
+ },
+ {
+ name: "curly braces quantifier",
+ input: "test{1,3}",
+ expected: true,
+ },
+ {
+ name: "pipe alternation",
+ input: "test|other",
+ expected: true,
+ },
+ {
+ name: "backslash escape",
+ input: "test\\",
+ expected: true,
+ },
+ {
+ name: "multiple metacharacters",
+ input: "^test.*$",
+ expected: true,
+ },
+ {
+ name: "complex regex pattern",
+ input: "kernel-headers.*",
+ expected: true,
+ },
+ {
+ name: "anchored regex",
+ input: "^kernel-headers$",
+ expected: true,
+ },
+ {
+ name: "character class",
+ input: "test[0-9]",
+ expected: true,
+ },
+
+ // escaped character classes
+ {
+ name: "escaped digit",
+ input: "\\d",
+ expected: true,
+ },
+ {
+ name: "escaped non-digit",
+ input: "\\D",
+ expected: true,
+ },
+ {
+ name: "escaped word character",
+ input: "\\w",
+ expected: true,
+ },
+ {
+ name: "escaped non-word character",
+ input: "\\W",
+ expected: true,
+ },
+ {
+ name: "escaped whitespace",
+ input: "\\s",
+ expected: true,
+ },
+ {
+ name: "escaped non-whitespace",
+ input: "\\S",
+ expected: true,
+ },
+ {
+ name: "escaped newline",
+ input: "\\n",
+ expected: true,
+ },
+ {
+ name: "escaped carriage return",
+ input: "\\r",
+ expected: true,
+ },
+ {
+ name: "escaped tab",
+ input: "\\t",
+ expected: true,
+ },
+ {
+ name: "escaped form feed",
+ input: "\\f",
+ expected: true,
+ },
+ {
+ name: "escaped vertical tab",
+ input: "\\v",
+ expected: true,
+ },
+ {
+ name: "escaped character classes in longer string",
+ input: "prefix\\dpostfix",
+ expected: true,
+ },
+ {
+ name: "multiple escaped classes",
+ input: "\\w+\\s*\\d+",
+ expected: true,
+ },
+
+ // edge cases
+ {
+ name: "single backslash",
+ input: "\\",
+ expected: true,
+ },
+ {
+ name: "single caret",
+ input: "^",
+ expected: true,
+ },
+ {
+ name: "single dollar",
+ input: "$",
+ expected: true,
+ },
+ {
+ name: "single dot",
+ input: ".",
+ expected: false, // dots are no longer considered regex
metacharacters
+ },
+ {
+ name: "backslash followed by regular character",
+ input: "\\a",
+ expected: true, // backslash is still a metacharacter
+ },
+ {
+ name: "backslash at end",
+ input: "test\\",
+ expected: true,
+ },
+ {
+ name: "mixed metacharacters and escaped classes",
+ input: "^\\w+\\.\\d{2,}$",
+ expected: true,
+ },
+ {
+ name: "real world package patterns",
+ input: "linux-.*",
+ expected: true,
+ },
+ {
+ name: "real world upstream patterns",
+ input: "linux.*",
+ expected: true,
+ },
+ {
+ name: "real world header patterns",
+ input: "linux-.*-headers-.*",
+ expected: true,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := isLikelyARegex(tt.input)
+ assert.Equal(t, tt.expected, got)
+ })
+ }
+}
+
func TestShouldIgnore(t *testing.T) {
cases := []struct {
name string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.96.0/grype/pkg/package_test.go
new/grype-0.96.1/grype/pkg/package_test.go
--- old/grype-0.96.0/grype/pkg/package_test.go 2025-07-14 21:48:30.000000000
+0200
+++ new/grype-0.96.1/grype/pkg/package_test.go 2025-07-21 22:32:45.000000000
+0200
@@ -855,6 +855,20 @@
},
},
},
+ {
+ name: "uv lock metadata",
+ syftPkg: syftPkg.Package{
+ Metadata: syftPkg.PythonUvLockEntry{
+ Index: "https://pypi.org/simple";,
+ Dependencies:
[]syftPkg.PythonUvLockDependencyEntry{
+ {Name: "certifi"},
+ {Name: "charset-normalizer"},
+ {Name: "idna"},
+ {Name: "urllib3"},
+ },
+ },
+ },
+ },
}
// capture each observed metadata type, we should see all of them
relate to what syft provides by the end of testing
++++++ grype.obsinfo ++++++
--- /var/tmp/diff_new_pack.Asy5Bh/_old 2025-07-24 18:50:23.513834749 +0200
+++ /var/tmp/diff_new_pack.Asy5Bh/_new 2025-07-24 18:50:23.541835908 +0200
@@ -1,5 +1,5 @@
name: grype
-version: 0.96.0
-mtime: 1752522510
-commit: 421c93bce31e344b90a9d379c7364bb74c306b7b
+version: 0.96.1
+mtime: 1753129965
+commit: 3e57a29af7e5ef93e26ff0844e36ec41341020dc
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz
/work/SRC/openSUSE:Factory/.grype.new.13279/vendor.tar.gz differ: char 131,
line 2
