Bump github.com/anchore/grype from 0.32.0 to 0.60.0 #59

dependabot · 2023-03-29T06:04:20Z

Bumps github.com/anchore/grype from 0.32.0 to 0.60.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.60.0

Changelog

v0.60.0 (2023-03-28)

Full Changelog

Added Features

feat: disable CPE-based matching by default for javascript [[PR #1180](https://redirect.github.com/feat: disable CPE-based matching by default for javascript anchore/grype#1180)] [westonsteimel]

Bug Fixes

Grype failed to find vulnerabilities on a vulnerable image [[Issue #1176](https://redirect.github.com/Grype failed to find vulnerabilities on a vulnerable image anchore/grype#1176)]

Additional Changes

--by-cve takes a noticeable amount more time to complete [[Issue #1185](https://redirect.github.com/--by-cve takes a noticeable amount more time to complete anchore/grype#1185)] [[PR #1188](https://redirect.github.com/fix: by-cpe pivot by vuln metadata rather than vulnerability record anchore/grype#1188)] [westonsteimel]

chore: bump vuln match quality dataset [[PR #1174](https://redirect.github.com/chore: bump vuln match quality dataset anchore/grype#1174)] [westonsteimel]

chore: tweak some workflow text [[PR #1190](https://redirect.github.com/chore: tweak some workflow text anchore/grype#1190)] [kzantow]

v0.59.1

Changelog

v0.59.1 (2023-03-09)

Full Changelog

Bug Fixes

fix: correct APK CPE version comparison logic [[PR #1165](https://redirect.github.com/fix: correct APK CPE version comparison logic anchore/grype#1165)] [westonsteimel]

v0.59.0

Changelog

v0.59.0 (2023-03-03)

Full Changelog

Added Features

Add the total types of vulnerabilities in Grype output [[Issue #877](https://redirect.github.com/Add the total types of vulnerabilities in Grype output anchore/grype#877)] [[PR #946](https://redirect.github.com/Add the total types of vulnerabilities in Grype output anchore/grype#946)] [zhiburt]

Additional Changes

chore: bump quality gate labels and syft version [[PR #1156](https://redirect.github.com/chore: bump quality gate labels and syft version anchore/grype#1156)] [westonsteimel]

v0.58.0

Changelog

... (truncated)

Commits

45c5f8c Implement support for Chainguard Linux (#1198)
dfcce84 chore(deps): update bootstrap tools to latest versions (#1194)
fe76eb9 chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1197)
b3eff0c chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 (#1192)
4ac9414 chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 (#1193)
c1990da chore(deps): update bootstrap tools to latest versions (#1191)
c1bc54f chore: tweak some workflow text (#1190)
6716ca5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#1181)
568b504 chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1184)
e8fa509 chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 (#1189)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/anchore/grype](https://github.com/anchore/grype) from 0.32.0 to 0.60.0. - [Release notes](https://github.com/anchore/grype/releases) - [Changelog](https://github.com/anchore/grype/blob/main/.goreleaser.yaml) - [Commits](anchore/grype@v0.32.0...v0.60.0) --- updated-dependencies: - dependency-name: github.com/anchore/grype dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-04-05T06:00:49Z

Superseded by #61.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 29, 2023

dependabot bot mentioned this pull request Mar 29, 2023

Bump github.com/anchore/grype from 0.32.0 to 0.59.1 #58

Closed

dependabot bot closed this Apr 5, 2023

dependabot bot deleted the dependabot/go_modules/github.com/anchore/grype-0.60.0 branch April 5, 2023 06:00

This pull request was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/anchore/grype from 0.32.0 to 0.60.0 #59

Bump github.com/anchore/grype from 0.32.0 to 0.60.0 #59

dependabot bot commented on behalf of github Mar 29, 2023

dependabot bot commented on behalf of github Apr 5, 2023

Bump github.com/anchore/grype from 0.32.0 to 0.60.0 #59

Bump github.com/anchore/grype from 0.32.0 to 0.60.0 #59

Conversation

dependabot bot commented on behalf of github Mar 29, 2023

v0.60.0

Changelog

v0.60.0 (2023-03-28)

Added Features

Bug Fixes

Additional Changes

v0.59.1

Changelog

v0.59.1 (2023-03-09)

Bug Fixes

v0.59.0

Changelog

v0.59.0 (2023-03-03)

Added Features

Additional Changes

v0.58.0

Changelog

dependabot bot commented on behalf of github Apr 5, 2023