Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grype for openSUSE:Factory checked
in at 2022-06-28 15:21:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grype (Old)
and /work/SRC/openSUSE:Factory/.grype.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grype"
Tue Jun 28 15:21:49 2022 rev:3 rq:985333 version:0.40.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/grype/grype.changes 2022-06-23
10:25:30.631820842 +0200
+++ /work/SRC/openSUSE:Factory/.grype.new.1548/grype.changes 2022-06-28
15:22:02.421912658 +0200
@@ -1,0 +2,9 @@
+Mon Jun 27 13:20:36 UTC 2022 - ka...@b1-systems.de
+
+- Update to version 0.40.1:
+ * update syft => v0.49.0 (#804)
+ * remove oss meetup message (#799)
+ * fix: add fixed versions to cyclonedxjson output (#763)
+ * docs: update to include php (#793)
+
+-------------------------------------------------------------------
Old:
----
grype-0.40.0.tar.gz
New:
----
grype-0.40.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ grype.spec ++++++
--- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.701917554 +0200
+++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.705917561 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: grype
-Version: 0.40.0
+Version: 0.40.1
Release: 0
Summary: A vulnerability scanner for container images and filesystems
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.745917620 +0200
+++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.749917626 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/anchore/grype</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.40.0</param>
+ <param name="revision">v0.40.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -17,7 +17,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">grype-0.40.0.tar.gz</param>
+ <param name="archive">grype-0.40.1.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.zG8uOw/_old 2022-06-28 15:22:05.773917662 +0200
+++ /var/tmp/diff_new_pack.zG8uOw/_new 2022-06-28 15:22:05.777917668 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/grype</param>
- <param
name="changesrevision">0703bae9778e661e2cc21d5caa816cda30472b14</param></service></servicedata>
+ <param
name="changesrevision">82c0146b0a60f7bb4309190ff898135af16a68ba</param></service></servicedata>
(No newline at EOF)
++++++ grype-0.40.0.tar.gz -> grype-0.40.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.40.0/README.md new/grype-0.40.1/README.md
--- old/grype-0.40.0/README.md 2022-06-17 17:45:33.000000000 +0200
+++ new/grype-0.40.1/README.md 2022-06-24 20:30:36.000000000 +0200
@@ -12,14 +12,6 @@
A vulnerability scanner for container images and filesystems. Easily [install
the binary](#installation) to try it out. Works with
[Syft](https://github.com/anchore/syft), the powerful SBOM (software bill of
materials) tool for container images and filesystems.
-### Join our Virtual OSS Meetup!
-
-You are invited to join us on June 15th, 11AM-Noon PT for our virtual open
source meetup.
-
-Hosts Amy Bass from Docker Desktop and Christopher Phillips from Anchore OSS
will explore how Docker Extensions for Docker Desktop is supporting open source
projects and we???ll have the latest update on Syft: in-toto attestations.
-
-[Register here ->](https://get.anchore.com/anchore-oss-meetup-jun-15-2022/)
-
### Join our community meetings!
- Calendar:
https://calendar.google.com/calendar/u/0/r?cid=Y182OTM4dGt0MjRtajI0NnNzOThiaGtnM29qNEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t
@@ -48,6 +40,7 @@
- Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
- Dotnet (deps.json)
- Golang (go.mod)
+ - PHP (composer.json)
- Supports Docker and OCI image formats
- Consume SBOM
[attestations](https://github.com/anchore/syft#sbom-attestation).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.40.0/go.mod new/grype-0.40.1/go.mod
--- old/grype-0.40.0/go.mod 2022-06-17 17:45:33.000000000 +0200
+++ new/grype-0.40.1/go.mod 2022-06-24 20:30:36.000000000 +0200
@@ -3,7 +3,7 @@
go 1.18
require (
- github.com/CycloneDX/cyclonedx-go v0.5.2
+ github.com/CycloneDX/cyclonedx-go v0.6.0
github.com/Masterminds/sprig/v3 v3.2.2
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
github.com/adrg/xdg v0.2.1
@@ -11,7 +11,7 @@
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7
github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06
- github.com/anchore/syft v0.48.1
+ github.com/anchore/syft v0.49.0
github.com/bmatcuk/doublestar/v2 v2.0.4
github.com/docker/docker v20.10.12+incompatible
github.com/dustin/go-humanize v1.0.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/grype-0.40.0/go.sum new/grype-0.40.1/go.sum
--- old/grype-0.40.0/go.sum 2022-06-17 17:45:33.000000000 +0200
+++ new/grype-0.40.1/go.sum 2022-06-24 20:30:36.000000000 +0200
@@ -166,8 +166,8 @@
github.com/BurntSushi/toml v0.4.1
h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
github.com/BurntSushi/toml v0.4.1/go.mod
h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod
h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CycloneDX/cyclonedx-go v0.5.2
h1:CkdGw2R/tZWmEbSypJVZG+3+2SAsDjJirfIrG/RbIVg=
-github.com/CycloneDX/cyclonedx-go v0.5.2/go.mod
h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg=
+github.com/CycloneDX/cyclonedx-go v0.6.0
h1:SizWGbZzFTC/O/1yh072XQBMxfvsoWqd//oKCIyzFyE=
+github.com/CycloneDX/cyclonedx-go v0.6.0/go.mod
h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod
h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod
h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
github.com/GoogleCloudPlatform/cloudsql-proxy
v0.0.0-20191009163259-e802c2cb94ae/go.mod
h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo=
@@ -255,8 +255,8 @@
github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963/go.mod
h1:AVRyXOUP0hTz9Cb8OlD1XnwA8t4lBPfTuwPHmEUuiLc=
github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06
h1:TSRA7gtuia3eyleTO3t7iPU+9xHbdSaufoUFNQUwUXo=
github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06/go.mod
h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
-github.com/anchore/syft v0.48.1 h1:tBJicJQVvaDTdgQB9hVgXLl+gb6C3RIQ8THp11C9Riw=
-github.com/anchore/syft v0.48.1/go.mod
h1:lQ90VDNtxYK09F+/6hs5b2FSpnT+1/eLy+Z8ap6jsSo=
+github.com/anchore/syft v0.49.0 h1:C+ol3K5K1UDgzRAAdHt+dWglex9lAV+JQMotM10HR0s=
+github.com/anchore/syft v0.49.0/go.mod
h1:bo4IP6CDEnITW3WDy0Sefyg0GpvRPPcmkzB4cLGkcqs=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod
h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.1/go.mod
h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/andybalholm/brotli v1.0.2/go.mod
h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
---
old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.2";
xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1"
serialNumber="urn:uuid:0138c6f2-5889-4133-ac0f-9fa5a32e809d">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.2";
xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1"
serialNumber="urn:uuid:5eadecca-0f28-4921-b71a-f0e62398f8ef">
<metadata>
- <timestamp>2022-04-29T13:18:20-04:00</timestamp>
+ <timestamp>2022-06-09T23:40:38Z</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
@@ -19,7 +19,7 @@
<name>package-1</name>
<version>1.0.1</version>
<v:vulnerabilities>
- <v:vulnerability ref="urn:uuid:085fac9a-3a94-4351-8bb8-1f8501bd97c3">
+ <v:vulnerability ref="urn:uuid:60c1e44a-2318-45b0-a8d0-7d4d510c3c59">
<v:id>CVE-1999-0001</v:id>
<v:source name="source-1">
<v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001</v:url>
@@ -55,7 +55,7 @@
</license>
</licenses>
<v:vulnerabilities>
- <v:vulnerability ref="urn:uuid:df1e7103-70b4-49ae-9b01-de42668796fa">
+ <v:vulnerability ref="urn:uuid:c7b09c89-9962-4f1f-b607-9eff52105113">
<v:id>CVE-1999-0002</v:id>
<v:source name="source-2">
<v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002</v:url>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
---
old/grype-0.40.0/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.2";
xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1"
serialNumber="urn:uuid:34a6630d-fe2b-4b08-856a-4a6292be7538">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.2";
xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"; version="1"
serialNumber="urn:uuid:70c09618-13d4-4239-965f-4e6dea3755a8">
<metadata>
- <timestamp>2022-04-29T13:18:20-04:00</timestamp>
+ <timestamp>2022-06-09T23:40:38Z</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
@@ -19,7 +19,7 @@
<name>package-1</name>
<version>1.0.1</version>
<v:vulnerabilities>
- <v:vulnerability ref="urn:uuid:bc893913-42f8-4893-8c23-a6ffeef407f8">
+ <v:vulnerability ref="urn:uuid:1097357f-f654-4e53-bc54-5f9f3dae8898">
<v:id>CVE-1999-0001</v:id>
<v:source name="source-1">
<v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001</v:url>
@@ -55,7 +55,7 @@
</license>
</licenses>
<v:vulnerabilities>
- <v:vulnerability ref="urn:uuid:a9d707b3-a31e-44e2-9a53-77c1f572d053">
+ <v:vulnerability ref="urn:uuid:8f844ffc-014c-4440-a5b2-649c2f1323aa">
<v:id>CVE-1999-0002</v:id>
<v:source name="source-2">
<v:url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002</v:url>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden
---
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_json.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuid:2d84ad26-3a86-4e91-8cd6-36651c666b01",
+ "serialNumber": "urn:uuid:bab41c93-7506-4d43-a9e7-44a51a43be95",
"version": 1,
"metadata": {
- "timestamp": "2022-04-29T13:18:21-04:00",
+ "timestamp": "2022-06-09T23:40:38Z",
"tools": [
{
"vendor": "anchore",
@@ -69,7 +69,8 @@
{
"ref": "package-1-id"
}
- ]
+ ],
+ "properties": []
},
{
"id": "CVE-1999-0002",
@@ -96,7 +97,8 @@
{
"ref": "package-2-id"
}
- ]
+ ],
+ "properties": []
}
]
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden
---
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterDir_xml.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4";
serialNumber="urn:uuid:ae1948c7-fda4-4af7-945f-839b933e2e64" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4";
serialNumber="urn:uuid:e59512d8-825c-4792-851d-aed502e9b99b" version="1">
<metadata>
- <timestamp>2022-04-29T13:18:21-04:00</timestamp>
+ <timestamp>2022-06-09T23:40:39Z</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
@@ -58,6 +58,7 @@
<ref>package-1-id</ref>
</target>
</affects>
+ <properties></properties>
</vulnerability>
<vulnerability>
<id>CVE-1999-0002</id>
@@ -85,6 +86,7 @@
<ref>package-2-id</ref>
</target>
</affects>
+ <properties></properties>
</vulnerability>
</vulnerabilities>
</bom>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden
---
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_json.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,10 +1,10 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
- "serialNumber": "urn:uuid:307601b7-a1bb-4dcd-9a4a-c9ee41f556e8",
+ "serialNumber": "urn:uuid:70c98fca-03d9-43ed-96a1-5a915c50d88b",
"version": 1,
"metadata": {
- "timestamp": "2022-04-29T13:18:21-04:00",
+ "timestamp": "2022-06-09T23:40:38Z",
"tools": [
{
"vendor": "anchore",
@@ -70,7 +70,8 @@
{
"ref": "package-1-id"
}
- ]
+ ],
+ "properties": []
},
{
"id": "CVE-1999-0002",
@@ -97,7 +98,8 @@
{
"ref": "package-2-id"
}
- ]
+ ],
+ "properties": []
}
]
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden
---
old/grype-0.40.0/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/cyclonedxvex/test-fixtures/snapshot/TestCycloneDxPresenterImage_xml.golden
2022-06-24 20:30:36.000000000 +0200
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4";
serialNumber="urn:uuid:079a3c2f-34ac-464b-a5c9-c3ddba189c52" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4";
serialNumber="urn:uuid:4ffe8b79-1a2d-4fb4-b47c-4be38a8a6f10" version="1">
<metadata>
- <timestamp>2022-04-29T13:18:21-04:00</timestamp>
+ <timestamp>2022-06-09T23:40:38Z</timestamp>
<tools>
<tool>
<vendor>anchore</vendor>
@@ -59,6 +59,7 @@
<ref>package-1-id</ref>
</target>
</affects>
+ <properties></properties>
</vulnerability>
<vulnerability>
<id>CVE-1999-0002</id>
@@ -86,6 +87,7 @@
<ref>package-2-id</ref>
</target>
</affects>
+ <properties></properties>
</vulnerability>
</vulnerabilities>
</bom>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability.go
new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability.go
--- old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability.go
2022-06-17 17:45:33.000000000 +0200
+++ new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability.go
2022-06-24 20:30:36.000000000 +0200
@@ -7,6 +7,7 @@
"github.com/CycloneDX/cyclonedx-go"
+ v3 "github.com/anchore/grype/grype/db/v3"
"github.com/anchore/grype/grype/match"
"github.com/anchore/grype/grype/vulnerability"
"github.com/anchore/grype/internal/log"
@@ -92,11 +93,23 @@
Analysis: &cyclonedx.VulnerabilityAnalysis{
State: cyclonedx.IASInTriage,
},
+ Properties: makeProperties(m.Vulnerability.Fix),
}
return v, nil
}
+func makeProperties(fix vulnerability.Fix) *[]cyclonedx.Property {
+ properties := []cyclonedx.Property{}
+ if fix.State == v3.FixedState {
+ properties = append(properties, cyclonedx.Property{
+ Name: "grype:fixed_versions",
+ Value: strings.Join(fix.Versions, ","),
+ })
+ }
+ return &properties
+}
+
func makeVulnerabilityURL(id string) string {
if strings.HasPrefix(id, "CVE-") {
return
fmt.Sprintf("http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s";, id)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability_test.go
new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability_test.go
--- old/grype-0.40.0/grype/presenter/cyclonedxvex/vulnerability_test.go
2022-06-17 17:45:33.000000000 +0200
+++ new/grype-0.40.1/grype/presenter/cyclonedxvex/vulnerability_test.go
2022-06-24 20:30:36.000000000 +0200
@@ -7,6 +7,7 @@
"github.com/CycloneDX/cyclonedx-go"
"github.com/stretchr/testify/assert"
+ v3 "github.com/anchore/grype/grype/db/v3"
"github.com/anchore/grype/grype/match"
"github.com/anchore/grype/grype/pkg"
"github.com/anchore/grype/grype/vulnerability"
@@ -144,3 +145,59 @@
})
}
}
+
+func TestNewVulnerability_AddsFixedVersion(t *testing.T) {
+ tests := []struct {
+ name string
+ match match.Match
+ metadataProvider *metadataProvider
+ expected *[]cyclonedx.Property
+ }{
+ {
+ name: "No known fixed version",
+ match: match.Match{
+ Vulnerability: vulnerability.Vulnerability{
+ Fix: vulnerability.Fix{
+ State: v3.NotFixedState,
+ Versions: []string{},
+ },
+ },
+ Package: pkg.Package{},
+ Details: nil,
+ },
+ metadataProvider: &metadataProvider{},
+ expected: &[]cyclonedx.Property{},
+ },
+ {
+ name: "Multiple known fixed versions",
+ match: match.Match{
+ Vulnerability: vulnerability.Vulnerability{
+ Fix: vulnerability.Fix{
+ State: v3.FixedState,
+ Versions: []string{
+ "v0.1.2",
+ "v1.3.7",
+ },
+ },
+ },
+ Package: pkg.Package{},
+ Details: nil,
+ },
+ metadataProvider: &metadataProvider{},
+ expected: &[]cyclonedx.Property{
+ {
+ Name: "grype:fixed_versions",
+ Value: "v0.1.2,v1.3.7",
+ },
+ },
+ },
+ }
+ for _, test := range tests {
+ t.Run(test.name, func(t *testing.T) {
+ actual, err := NewVulnerability(test.match,
test.metadataProvider)
+
+ assert.NoError(t, err)
+ assert.Equal(t, test.expected, actual.Properties)
+ })
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden
new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden
---
old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden
2022-06-24 20:30:36.000000000 +0200
@@ -4,32 +4,32 @@
"type": "image",
"target": {
"userInput": "user-input",
- "imageID":
"sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4",
- "manifestDigest":
"sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7",
+ "imageID":
"sha256:246ef3801c405d00860df5ca7f27c11341a12d28ab2086895d60219a72248c21",
+ "manifestDigest":
"sha256:64305b9c7d8f3db2b7d3e6300e628b792d6cda3ee569b4abae14db94b35e3aca",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"tags": [
-
"stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7"
+
"stereoscope-fixture-image-simple:8bf57eca4a51a7828d9fb4a01690d5c4fbd299732dec4688e2c70f355a15ed47"
],
- "imageSize": 65,
+ "imageSize": 66,
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe",
+ "digest":
"sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815",
"size": 22
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa",
+ "digest":
"sha256:b6d872cc96150a8b7b3b22d592ea9453ab2b9ed6f9a17cd2c01ae4e7a8a783d7",
"size": 16
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac",
- "size": 27
+ "digest":
"sha256:65c14ab5af02457f40ad40183874583a6c95be852974ccd3630ff72c3dd9e653",
+ "size": 28
}
],
- "manifest":
"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1M
zA4NzNhYyJ9XX0=",
- "config":
"eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2F
jZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=",
+ "manifest":
"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxODA5LCJkaWdlc3QiOiJzaGEyNTY6MjQ2ZWYzODAxYzQwNWQwMDg2MGRmNWNhN2YyN2MxMTM0MWExMmQyOGFiMjA4Njg5NWQ2MDIxOWE3MjI0OGMyMSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM
2RkOWU2NTMifV19",
+ "config":
"eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjoxZDU4ZWYxMjIzZDI0MmQ2MjU0NGVkMjkwNjJhNzA2ODQyNjdhYmExYzZmZTQzYzNhYWJhYjE0Mjc0NWU2OTk3IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA
4MTlmYWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjFkNThlZjEyMjNkMjQyZDYyNTQ0ZWQyOTA2MmE3MDY4NDI2N2FiYTFjNmZlNDNjM2FhYmFiMTQyNzQ1ZTY5OTciLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDIuMDM3MDI5NjAyWiIsImRvY2tlcl92ZXJzaW9uIjoiMjAuMTAuMTciLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMi0wNi0wOVQyMzozODo0MS44MDY0ODU5MDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOjNiYmYxZGFjYWNhODlkNDU4N2UyNGQzNTRhNTRjYzZkYzM3ODEzMDhiNjUyODYxNTZhODYxOWI5Yjc2YTg1MDcgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDEuOTE1NDc1MzEzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpjNmI5NTJjNTA0ODcyYTFiYmJlYjE0MjAwNDlhNWNhNGU1ZGNlOWFmNzA4NjYwN2ZmZGI5MDhiNDI2NjIwYWE3IGluIC9zb21lZmlsZS0yLnR4dCAifSx7ImNyZWF0ZWQiOiIyMDIyLTA2LTA5VDIzOjM4OjQyLjAzNzAyOTYwMloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA4MTlm
YWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSIsInNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3Iiwic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM2RkOWU2NTMiXX19",
"repoDigests": [],
"architecture": "",
"os": ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden
new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden
---
old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden
2022-06-17 17:45:33.000000000 +0200
+++
new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden
2022-06-24 20:30:36.000000000 +0200
@@ -48,7 +48,7 @@
"locations": [
{
"path": "/somefile-1.txt",
- "layerID":
"sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe"
+ "layerID":
"sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815"
}
],
"language": "",
@@ -117,7 +117,7 @@
"locations": [
{
"path": "/somefile-1.txt",
- "layerID":
"sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe"
+ "layerID":
"sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815"
}
],
"language": "",
@@ -174,7 +174,7 @@
"locations": [
{
"path": "/somefile-1.txt",
- "layerID":
"sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe"
+ "layerID":
"sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815"
}
],
"language": "",
@@ -200,32 +200,32 @@
"type": "image",
"target": {
"userInput": "user-input",
- "imageID":
"sha256:d3e1fb516ff9cfe9407646ddd377ebdabc27c989a5228d870b8bebd8e105f3b4",
- "manifestDigest":
"sha256:46f5dd5aad14479e97bb6157a7261233bfffdb61e3c1067afb6f1b2a709f3fc7",
+ "imageID":
"sha256:246ef3801c405d00860df5ca7f27c11341a12d28ab2086895d60219a72248c21",
+ "manifestDigest":
"sha256:64305b9c7d8f3db2b7d3e6300e628b792d6cda3ee569b4abae14db94b35e3aca",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"tags": [
-
"stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7"
+
"stereoscope-fixture-image-simple:8bf57eca4a51a7828d9fb4a01690d5c4fbd299732dec4688e2c70f355a15ed47"
],
- "imageSize": 65,
+ "imageSize": 66,
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:41e7295da66c405eb3a4df29188dcf80f622f9304d487033a86d4a22e3f01abe",
+ "digest":
"sha256:1c3491f985eb7dc0cc66583cc3a1c207f72a1a75f44992a5add2f2d7f424a815",
"size": 22
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:68a2c166dcb3acf6b7303e995ca1fe7d794bd3b5852a0b4048f9c96b796086aa",
+ "digest":
"sha256:b6d872cc96150a8b7b3b22d592ea9453ab2b9ed6f9a17cd2c01ae4e7a8a783d7",
"size": 16
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
- "digest":
"sha256:36ad949c168c4fd54aab3183f2d84d54c263347dd789bf33fbac6953530873ac",
- "size": 27
+ "digest":
"sha256:65c14ab5af02457f40ad40183874583a6c95be852974ccd3630ff72c3dd9e653",
+ "size": 28
}
],
- "manifest":
"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo4NjYsImRpZ2VzdCI6InNoYTI1NjpkM2UxZmI1MTZmZjljZmU5NDA3NjQ2ZGRkMzc3ZWJkYWJjMjdjOTg5YTUyMjhkODcwYjhiZWJkOGUxMDVmM2I0In0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjY4YTJjMTY2ZGNiM2FjZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1M
zA4NzNhYyJ9XX0=",
- "config":
"eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDc1ODQ1MjE3WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDIxLTEyLTA5VDE3OjA5OjUwLjQyMzQ2MTI1OVoiLCJjcmVhdGVkX2J5IjoiQUREIGZpbGUtMS50eHQgL3NvbWVmaWxlLTEudHh0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjEtMTItMDlUMTc6MDk6NTAuNDQ4MzcyMTIxWiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMi0wOVQxNzowOTo1MC40NzU4NDUyMTdaIiwiY3JlYXRlZF9ieSI6IkFERCB0YXJnZXQgLyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifV0sIm9zIjoibGludXgiLCJyb290ZnMiOnsidHlwZSI6ImxheWVycyIsImRpZmZfaWRzIjpbInNoYTI1Njo0MWU3Mjk1ZGE2NmM0MDVlYjNhNGRmMjkxODhkY2Y4MGY2MjJmOTMwNGQ0ODcwMzNhODZkNGEyMmUzZjAxYWJlIiwic2hhMjU2OjY4YTJjMTY2ZGNiM2F
jZjZiNzMwM2U5OTVjYTFmZTdkNzk0YmQzYjU4NTJhMGI0MDQ4ZjljOTZiNzk2MDg2YWEiLCJzaGEyNTY6MzZhZDk0OWMxNjhjNGZkNTRhYWIzMTgzZjJkODRkNTRjMjYzMzQ3ZGQ3ODliZjMzZmJhYzY5NTM1MzA4NzNhYyJdfX0=",
+ "manifest":
"eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxODA5LCJkaWdlc3QiOiJzaGEyNTY6MjQ2ZWYzODAxYzQwNWQwMDg2MGRmNWNhN2YyN2MxMTM0MWExMmQyOGFiMjA4Njg5NWQ2MDIxOWE3MjI0OGMyMSJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4LCJkaWdlc3QiOiJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NCwiZGlnZXN0Ijoic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM
2RkOWU2NTMifV19",
+ "config":
"eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJIb3N0bmFtZSI6IiIsIkRvbWFpbm5hbWUiOiIiLCJVc2VyIjoiIiwiQXR0YWNoU3RkaW4iOmZhbHNlLCJBdHRhY2hTdGRvdXQiOmZhbHNlLCJBdHRhY2hTdGRlcnIiOmZhbHNlLCJUdHkiOmZhbHNlLCJPcGVuU3RkaW4iOmZhbHNlLCJTdGRpbk9uY2UiOmZhbHNlLCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiQ21kIjpudWxsLCJJbWFnZSI6InNoYTI1NjoxZDU4ZWYxMjIzZDI0MmQ2MjU0NGVkMjkwNjJhNzA2ODQyNjdhYmExYzZmZTQzYzNhYWJhYjE0Mjc0NWU2OTk3IiwiVm9sdW1lcyI6bnVsbCwiV29ya2luZ0RpciI6IiIsIkVudHJ5cG9pbnQiOm51bGwsIk9uQnVpbGQiOm51bGwsIkxhYmVscyI6bnVsbH0sImNvbnRhaW5lcl9jb25maWciOnsiSG9zdG5hbWUiOiIiLCJEb21haW5uYW1lIjoiIiwiVXNlciI6IiIsIkF0dGFjaFN0ZGluIjpmYWxzZSwiQXR0YWNoU3Rkb3V0IjpmYWxzZSwiQXR0YWNoU3RkZXJyIjpmYWxzZSwiVHR5IjpmYWxzZSwiT3BlblN0ZGluIjpmYWxzZSwiU3RkaW5PbmNlIjpmYWxzZSwiRW52IjpbIlBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIl0sIkNtZCI6WyIvYmluL3NoIiwiLWMiLCIjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA
4MTlmYWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIl0sIkltYWdlIjoic2hhMjU2OjFkNThlZjEyMjNkMjQyZDYyNTQ0ZWQyOTA2MmE3MDY4NDI2N2FiYTFjNmZlNDNjM2FhYmFiMTQyNzQ1ZTY5OTciLCJWb2x1bWVzIjpudWxsLCJXb3JraW5nRGlyIjoiIiwiRW50cnlwb2ludCI6bnVsbCwiT25CdWlsZCI6bnVsbCwiTGFiZWxzIjpudWxsfSwiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDIuMDM3MDI5NjAyWiIsImRvY2tlcl92ZXJzaW9uIjoiMjAuMTAuMTciLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMi0wNi0wOVQyMzozODo0MS44MDY0ODU5MDNaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOjNiYmYxZGFjYWNhODlkNDU4N2UyNGQzNTRhNTRjYzZkYzM3ODEzMDhiNjUyODYxNTZhODYxOWI5Yjc2YTg1MDcgaW4gL3NvbWVmaWxlLTEudHh0ICJ9LHsiY3JlYXRlZCI6IjIwMjItMDYtMDlUMjM6Mzg6NDEuOTE1NDc1MzEzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBBREQgZmlsZTpjNmI5NTJjNTA0ODcyYTFiYmJlYjE0MjAwNDlhNWNhNGU1ZGNlOWFmNzA4NjYwN2ZmZGI5MDhiNDI2NjIwYWE3IGluIC9zb21lZmlsZS0yLnR4dCAifSx7ImNyZWF0ZWQiOiIyMDIyLTA2LTA5VDIzOjM4OjQyLjAzNzAyOTYwMloiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgQUREIGRpcjo2NDFiNDA1MGVkOGFlYjAyNGMxNDA4MTlm
YWI5ODU3NjU2MTk4YWQ3YmNmZjMyZjUwNjczZmYxNDgxYTg4NTU4IGluIC8gIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6MWMzNDkxZjk4NWViN2RjMGNjNjY1ODNjYzNhMWMyMDdmNzJhMWE3NWY0NDk5MmE1YWRkMmYyZDdmNDI0YTgxNSIsInNoYTI1NjpiNmQ4NzJjYzk2MTUwYThiN2IzYjIyZDU5MmVhOTQ1M2FiMmI5ZWQ2ZjlhMTdjZDJjMDFhZTRlN2E4YTc4M2Q3Iiwic2hhMjU2OjY1YzE0YWI1YWYwMjQ1N2Y0MGFkNDAxODM4NzQ1ODNhNmM5NWJlODUyOTc0Y2NkMzYzMGZmNzJjM2RkOWU2NTMiXX19",
"repoDigests": [],
"architecture": "",
"os": ""
Binary files
old/grype-0.40.0/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
and
new/grype-0.40.1/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden
differ
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/grype/vendor.tar.gz
/work/SRC/openSUSE:Factory/.grype.new.1548/vendor.tar.gz differ: char 5, line 1
