search

anchore / grype-db

Apache License 2.0
31 stars 13 forks source link

chore(deps): Bump github.com/anchore/grype from 0.77.4 to 0.78.0 #318

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps github.com/anchore/grype from 0.77.4 to 0.78.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.78.0

Added Features

Bug Fixes

  • ask catalog for package, rather than type asserting [#1857 @​willmurphyscode]
  • Disable TUI for simple commands [#1872 @​wagoodman]
  • False Positive: CVE-2023-42282 not affected in SUSE ecosystem [#1813]
  • False positive GHSA-jr9c-h74f-2v28/CVE-2022-0905 reported for Non-vulnerable Gitea version [#1416]

Additional Changes

(Full Changelog)

Commits
  • b13315f update syft to v1.5.0 (#1897)
  • 238caa4 chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#1896)
  • 621eedd Update syft to 1.4.2-0.20240528141306-ac34808b9c55 (#1895)
  • 8b7cf8f chore(deps): bump github.com/charmbracelet/lipgloss (#1888)
  • 51bd0be chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#1887)
  • 336952b chore(deps): update tools to latest versions (#1891)
  • ecd9afa chore(deps): bump github.com/charmbracelet/bubbletea (#1890)
  • cea7a40 chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#1889)
  • e097691 chore(deps): update tools to latest versions (#1883)
  • d4b6cd6 feat: add config command (#1876)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 month ago

Looks like github.com/anchore/grype is up-to-date now, so this is no longer needed.