Open brennoo opened 1 year ago
What this PR does / why we need it: Bump Syft, Grype dependencies. I understand that there is no active development on anchore-engine but these dependencies need to get updated to address issues that are affecting anchore-engine.
Which issue this PR fixes : some false positives/negatives, examples: https://github.com/anchore/grype/issues/504 https://github.com/anchore/grype/pull/917 as well other recent improvements they received.
Special notes:
What this PR does / why we need it: Bump Syft, Grype dependencies. I understand that there is no active development on anchore-engine but these dependencies need to get updated to address issues that are affecting anchore-engine.
Which issue this PR fixes : some false positives/negatives, examples: https://github.com/anchore/grype/issues/504 https://github.com/anchore/grype/pull/917 as well other recent improvements they received.
Special notes: