File grype-db.changes of Package grype-db
-------------------------------------------------------------------
Wed Jun 11 04:33:44 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.34.0:
* Added Features
- Add support for MinimOS [#566 @Daniel-Wachter]
- enable bitnami and minimOS providers by default [#587
@willmurphyscode]
* Bug Fixes
- Version 5 vulnerability database no longer getting updates
[#578]
* Additional Changes
- enable bitnami vuln data [#581 @willmurphyscode]
* Dependencies
- chore(deps): update anchore dependencies (#588)
- chore(deps): Bump golang.org/x/text from 0.25.0 to 0.26.0
(#584)
- chore(deps): Bump github.com/sergi/go-diff (#585)
- chore(deps): Bump golang.org/x/sync from 0.14.0 to 0.15.0
(#586)
- chore(deps): Bump gorm.io/gorm from 1.26.1 to 1.30.0 (#580)
- chore(deps): Bump github.com/anchore/grype from 0.92.0 to
0.92.1 (#576)
-------------------------------------------------------------------
Thu May 15 04:51:18 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.33.1:
* Bug Fixes
- emit fuzzy ranges rather than invalid ranges [#574
@willmurphyscode]
* Dependencies
- chore(deps): update anchore dependencies (#575)
- chore(deps): update generated code (#563)
- chore(deps): Bump mxschmitt/action-tmate from 3.21 to 3.22
(#567)
- chore(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#573)
- chore(deps): Bump astral-sh/setup-uv in
/.github/actions/bootstrap (#562)
- chore(deps): update anchore dependencies (#561)
- chore(deps): Bump mxschmitt/action-tmate from 3.19 to 3.21
(#560)
-------------------------------------------------------------------
Wed Apr 16 15:49:44 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.33.0:
* Added Features
- allow db hydration during build [#558 @westonsteimel]
* Additional Changes
- Fix processing of github-action entries [#556 @wagoodman]
-------------------------------------------------------------------
Thu Apr 10 13:38:55 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.32.0:
* Added Features
- Support CVSS v4 vectors [#553 @wagoodman]
* Additional Changes
- add option to always publish databases under their schema
direc… [#552 @asomya]
* Dependencies
- chore(deps): Bump github.com/spf13/viper from 1.19.0 to
1.20.1 (#548)
- chore(deps): Bump golang.org/x/text from 0.23.0 to 0.24.0
(#554)
- chore(deps): Bump github.com/anchore/grype from 0.90.0 to
0.91.0 (#551)
- chore(deps): Bump 8398a7/action-slack from 3.16.2 to 3.18.0
(#549)
-------------------------------------------------------------------
Thu Mar 27 15:09:34 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.31.0:
* Added Features
- Add hardware and operating system CPE parts [#544 @wagoodman]
* Bug Fixes
- Use all CPE parts when considering duplicates [#547
@wagoodman]
- Refactor NVD node configuration parsing [#546 @wagoodman]
-------------------------------------------------------------------
Sat Mar 22 07:51:26 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.30.1 (there is no 0.30.0):
* retract v0.30.0 release
* bump minimum required go version
* chore(deps): Bump actions/cache from 4.2.2 to 4.2.3 (#542)
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
(#543)
* chore(deps): Bump actions/setup-go from 5.3.0 to 5.4.0 (#541)
* chore(deps): Bump github.com/containerd/containerd from 1.7.24
to 1.7.27 (#537)
* Update grype-db bootstrap tools to latest versions. (#539)
* chore(deps): Bump github.com/anchore/grype from 0.89.1 to
0.90.0 (#538)
* chore(deps): Bump github.com/spf13/afero from 1.12.0 to 1.14.0
(#534)
* Update grype-db bootstrap tools to latest versions. (#529)
* chore(deps): Bump github.com/anchore/grype (#532)
* feat: add support for OSV schema (#217)
* chore: update grype schema version reference (#533)
* chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 (#530)
* port msrc transformer to v6 (#531)
-------------------------------------------------------------------
Fri Mar 07 06:41:59 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.29.0:
* Fix internal link in usage (#483)
* chore(deps): Bump golang.org/x/text from 0.22.0 to 0.23.0
(#523)
* Update grype-db bootstrap tools to latest versions. (#520)
* chore(deps): Bump actions/cache from 4.2.1 to 4.2.2 (#517)
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
(#518)
* chore(deps): Bump peter-evans/create-pull-request from 7.0.7 to
7.0.8 (#522)
* chore(deps): Bump golang.org/x/sync from 0.11.0 to 0.12.0
(#524)
* Enable v6 CI validations (#521)
* fix: pin grype to v0.87.0 for v5 (#519)
* explicitly translate nvd cvss type when sorting (#516)
* enable EPSS and KEV (#515)
* Update grype-db bootstrap tools to latest versions. (#494)
* chore(deps): Bump peter-evans/create-pull-request from 7.0.6 to
7.0.7 (#514)
* Add EPSS v6 transforms (#511)
* chore(deps): Bump github.com/google/go-cmp from 0.6.0 to 0.7.0
(#513)
* fix v prefix (#512)
* Add KEV transformer + processor (#507)
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
(#510)
* chore(deps): Bump github.com/klauspost/compress from 1.17.11 to
1.18.0 (#508)
* chore(deps): Bump actions/cache from 4.2.0 to 4.2.1 (#509)
* fix RPM modularity (#506)
* fix jenkins plugins (#505)
* Missing constraint in v6 DB should match everything (#503)
* explicitly use syft pkg types (#499)
* stop publishing to s3 (#498)
* Switch from poetry to UV (#497)
* Normalize v6 record severities (#496)
* feat: update to go 1.24.x (#495)
* chore(deps-dev): Bump cryptography from 44.0.0 to 44.0.1 (#492)
* chore: update runners to ubuntu-24.04 (#493)
* pull in v6 severity updates (#490)
* Tag advisory URLs for v6 references (#491)
* point v6 tip to main
* chore(deps): Bump github.com/spf13/pflag from 1.0.5 to 1.0.6
(#484)
* chore(deps): Bump abatilo/actions-poetry in
/.github/actions/bootstrap (#487)
* chore(deps): Bump golang.org/x/text from 0.21.0 to 0.22.0
(#488)
* chore(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0
(#489)
* chore: fix python workflow failures (#485)
* remove v3 and v4 schema usage (#482)
-------------------------------------------------------------------
Sat Jan 25 08:05:52 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.28.0:
* skip release gate for unexpected acceptance tests (#481)
* fix gate threshold (#480)
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
(#479)
* fix gate threshold (#478)
* Add DB v6 support to grype-db-manager (#446)
* Rework usage instructions with working code, step-by-step
(#468)
* chore(deps): Bump actions/setup-go in
/.github/actions/bootstrap (#477)
* chore(deps): Bump actions/setup-python in
/.github/actions/bootstrap (#476)
* chore(deps): Bump actions/cache in /.github/actions/bootstrap
(#475)
* chore(deps): Bump abatilo/actions-poetry in
/.github/actions/bootstrap (#474)
* chore(ci): fix composite GitHub action path in dependabot
config (#473)
* chore(deps): Bump github.com/spf13/afero from 1.11.0 to 1.12.0
(#461)
* chore(deps): Bump github.com/hashicorp/go-getter from 1.7.6 to
1.7.8 (#464)
* chore(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 (#471)
* chore(ci): add crane to binny (#470)
* chore(ci): bootstrap oras for use in ci (#469)
* chore(deps-dev): Bump jinja2 from 3.1.4 to 3.1.5 (#467)
* chore(deps): Bump github.com/go-git/go-git/v5 from 5.12.0 to
5.13.0 (#465)
* Loosen vunnel schema version check (#463)
* pin vunnel providers (#458)
* chore(deps): Bump peter-evans/create-pull-request from 7.0.5 to
7.0.6 (#459)
* Update grype-db bootstrap tools to latest versions. (#460)
* Add release ID to OS models (#457)
* Pull in more v6 schema changes (#456)
-------------------------------------------------------------------
Sat Dec 14 21:22:51 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.27.4:
* chore(deps): update anchore dependencies (#455)
* chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#453)
* chore(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 (#454)
* add update anchore dependencies workflow (#452)
-------------------------------------------------------------------
Wed Dec 11 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.27.3:
* chore(deps): update anchore dependencies (#451)
* chore(deps): Bump golang.org/x/sync from 0.9.0 to 0.10.0 (#448)
* chore(deps): Bump actions/cache from 4.1.2 to 4.2.0 (#450)
* Enable packaging v6 DBs (#437)
* Add transformers for v6 DB schema (#436)
* fix: use timestamp from only provider if only one provider
(#445)
* add request retry count for nvd (#444)
* chore(deps): Bump github.com/Masterminds/semver/v3 from 3.3.0
to 3.3.1 (#430)
* chore(deps): Bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#439)
* Update grype-db bootstrap tools to latest versions. (#442)
* add more retrys for NVD provider (#443)
-------------------------------------------------------------------
Tue Nov 26 14:04:51 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.27.2:
* ignore NVD data age + tests (#441)
* ignore NVD data age (#440)
* remove v1 & v2 processors (#438)
-------------------------------------------------------------------
Fri Nov 22 09:35:20 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.27.1:
* Update Grype to v0.85.0 (#435)
* remove push event for code gen
* Remove support for v1 & v2 schemas (#434)
* add os codename fetcher/helper method (#433)
* Migrate common processor code to internal (#432)
* chore(deps): Bump golang.org/x/text from 0.19.0 to 0.20.0
(#426)
* chore(deps-dev): Bump werkzeug from 3.0.3 to 3.0.6 (#427)
* Update grype-db bootstrap tools to latest versions. (#428)
* chore(deps): Bump github.com/anchore/grype from 0.83.0 to
0.84.0 (#424)
-------------------------------------------------------------------
Tue Oct 29 14:06:02 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.27.0:
* chore(deps): Bump github.com/anchore/grype from 0.82.2 to
0.83.0 (#420)
* chore(deps): Bump actions/checkout from 4.2.1 to 4.2.2 (#416)
* chore(deps): Bump actions/setup-go from 5.0.2 to 5.1.0 (#417)
-------------------------------------------------------------------
Thu Oct 24 13:31:04 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package grype-db: create a Grype vulnerability database from
upstream vulnerability data sources
