vulnerability-operator
vulnerability-operator copied to clipboard
Published
20 hours ago •
ckotzbauer
ckotzbauer
deps: update module github.com/anchore/grype to v0.82.0
trafficstars
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| github.com/anchore/grype | v0.80.0 -> v0.82.0 |
Release Notes
anchore/grype (github.com/anchore/grype)
v0.82.0
Added Features
- performance: only check for a new DB once every 2 hours (configurable) [#2148 @wagoodman]
- wordpress-plugin support [#1553 @disc]
Bug Fixes
- use fix info from secDB in APK matcher even if NVD fix info present [#2162 @willmurphyscode]
Breaking Changes
- Split v1-5 DB distribution concerns to a new
legacypackage [#2124 #2144 @wagoodman]
Additional Changes
- Add a space following the "Name:" label in html.tmpl [#2155 @deftdawg]
v0.81.0
Added Features
- add distro mapping for azure linux 3 [#1848 @willmurphyscode]
- Support for Azure Linux 3.0 [#1829]
v0.80.2
Bug Fixes
- find secdb entries for origin packages [#1602 @luhring]
- Matching java binary packages with NVD records is problematic [#1718 #2114 @wagoodman]
- LoadVulnerabilityDB could be faster with ValidateByHashOnGet [#1502 #2054 @lucasrod16]
Additional Changes
- update Syft to v1.13.0 [#2140 @anchore-actions-token-generator]
- include file specifier in help [#2121 @willmurphyscode]
v0.80.1
Bug Fixes
Additional Changes
- Update Syft to 1.12.2 [#2108]
Configuration
📅 Schedule: Branch creation - "every weekend" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
ℹ Artifact update notice
File name: go.mod
In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):
- 40 additional dependencies were updated
- The
godirective was updated for compatibility reasons
Details:
| Package | Change |
|---|---|
go |
1.22.5 -> 1.23.3 |
github.com/anchore/stereoscope |
v0.0.3 -> v0.0.9 |
github.com/anchore/syft |
v1.11.1 -> v1.17.0 |
dario.cat/mergo |
v1.0.0 -> v1.0.1 |
github.com/Masterminds/semver/v3 |
v3.2.1 -> v3.3.0 |
github.com/Masterminds/sprig/v3 |
v3.2.3 -> v3.3.0 |
github.com/adrg/xdg |
v0.5.0 -> v0.5.3 |
github.com/anchore/clio |
v0.0.0-20240522144804-d81e109008aa -> v0.0.0-20241115144204-29e89f9fa837 |
github.com/anchore/fangs |
v0.0.0-20240508143433-f016b099950f -> v0.0.0-20241014225144-4e1713cafd77 |
github.com/charmbracelet/lipgloss |
v0.12.1 -> v1.0.0 |
github.com/charmbracelet/x/ansi |
v0.1.4 -> v0.4.5 |
github.com/containerd/errdefs |
v0.1.0 -> v0.3.0 |
github.com/cyphar/filepath-securejoin |
v0.2.4 -> v0.2.5 |
github.com/github/go-spdx/v2 |
v2.3.1 -> v2.3.2 |
github.com/huandu/xstrings |
v1.4.0 -> v1.5.0 |
github.com/mattn/go-runewidth |
v0.0.15 -> v0.0.16 |
github.com/pelletier/go-toml/v2 |
v2.2.0 -> v2.2.2 |
github.com/saferwall/pe |
v1.5.4 -> v1.5.5 |
github.com/shopspring/decimal |
v1.3.1 -> v1.4.0 |
github.com/spf13/viper |
v1.18.2 -> v1.19.0 |
golang.org/x/exp |
v0.0.0-20240325151524-a685a6edb6d8 -> v0.0.0-20240719175910-8a7402abbf56 |
github.com/CycloneDX/cyclonedx-go |
v0.9.0 -> v0.9.1 |
github.com/ProtonMail/go-crypto |
v1.0.0 -> v1.1.2 |
github.com/anchore/packageurl-go |
v0.1.1-0.20240507183024-848e011fc24f -> v0.1.1-0.20241018175412-5c22e6360c4f |
github.com/bmatcuk/doublestar/v4 |
v4.6.1 -> v4.7.1 |
github.com/containerd/containerd |
v1.7.14 -> v1.7.23 |
github.com/docker/cli |
v27.1.1+incompatible -> v27.3.1+incompatible |
github.com/docker/docker |
v27.1.2+incompatible -> v27.3.1+incompatible |
github.com/gabriel-vasile/mimetype |
v1.4.5 -> v1.4.7 |
github.com/go-git/go-billy/v5 |
v5.5.0 -> v5.6.0 |
github.com/sylabs/sif/v2 |
v2.17.1 -> v2.20.0 |
golang.org/x/crypto |
v0.27.0 -> v0.29.0 |
golang.org/x/mod |
v0.21.0 -> v0.22.0 |
golang.org/x/net |
v0.28.0 -> v0.31.0 |
golang.org/x/sync |
v0.8.0 -> v0.9.0 |
golang.org/x/term |
v0.24.0 -> v0.26.0 |
gorm.io/gorm |
v1.25.11 -> v1.25.12 |
modernc.org/sqlite |
v1.32.0 -> v1.34.1 |
github.com/spf13/cast |
v1.6.0 -> v1.7.0 |
golang.org/x/sys |
v0.25.0 -> v0.27.0 |
golang.org/x/text |
v0.18.0 -> v0.20.0 |
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: go.sum
Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: module github.com/anchore/[email protected] requires go >= 1.24.1; switching to go1.24.2
go: downloading go1.24.2 (linux/amd64)
go: download go1.24.2: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off