wolfictl icon indicating copy to clipboard operation
wolfictl copied to clipboard

Published 20 hours ago verified publisher icon wolfi-dev

build(deps): bump github.com/anchore/grype from 0.79.6 to 0.80.0

Open dependabot[bot] opened this issue 1 year ago • 1 comments
trafficstars

Bumps github.com/anchore/grype from 0.79.6 to 0.80.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.80.0

Added Features

Bug Fixes

  • correctly close the db file in v4/v5 stores [#2066 @​AndreiStefanie]
  • Grype panics with a nil pointer dereference error when given an empty string argument [#2063 #2064 @​lucasrod16]
  • Ignoring search results when CPE is not set in the SBOM [#2039 #2040 @​aeg]
  • "No vulnerability database update available" when actually the check for an update was unsuccessful [#310 #1247 @​shanedell]
  • CycloneDX output metadata.properties set to null instead of empty array or omitted [#1759]

Additional Changes

(Full Changelog)

Commits
  • 205ccfb chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#2070)
  • 8dee469 chore(deps): update Syft to v1.11.1 (#2071)
  • 41cfd42 chore: add grype version to db network operations (#2062)
  • e7a3c01 fix: do not panic when given empty string arg (#2064)
  • c1b9498 chore(deps): bump github.com/charmbracelet/bubbletea (#2067)
  • 589d86c fix: correctly close the db file in v4/v5 stores (#2066)
  • 7dfa436 Add "Alpine Linux" to IDMapping; handle no CPEs error in findApkPackage. (#2040)
  • a758b01 chore(deps): update tools to latest versions (#2055)
  • c5fb1a3 chore(deps): bump github.com/docker/docker (#2052)
  • d21c549 fix: fail when grype cant check for db update (#1247)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Aug 21 '24 16:08 dependabot[bot]

We're expecting a forthcoming Grype release to resolve the test failure 🤞

luhring avatar Aug 22 '24 14:08 luhring

Going to take a closer look at this now since we still haven't seen a Grype release

luhring avatar Sep 03 '24 14:09 luhring

@dependabot rebase

luhring avatar Sep 04 '24 18:09 luhring