Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/grype-db
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.38.0
Choose a base ref
...
head repository: anchore/grype-db
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.39.0
Choose a head ref
  • 7 commits
  • 25 files changed
  • 6 contributors

Commits on Aug 18, 2025

  1. chore(deps): Bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 (#… 

    …641)

* chore(deps): Bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.8 to 1.7.9.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](hashicorp/go-getter@v1.7.8...v1.7.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.7.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: remove unused field

The field was unused and unexported, causing static analysis failures.

Signed-off-by: Will Murphy <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Will Murphy <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <[email protected]>
    @dependabot @willmurphyscode
    dependabot[bot] and willmurphyscode authored Aug 18, 2025
    Configuration menu
    Copy the full SHA
    1928e89 View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2025

  1. chore(deps): update tools to latest versions (#639) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <[email protected]>
    @anchore-actions-token-generator @wagoodman
    anchore-actions-token-generator[bot] and wagoodman authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    81d6016 View commit details
    Browse the repository at this point in the history

  2. chore(deps): Bump astral-sh/setup-uv in /.github/actions/bootstrap (#631 

    )

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6.4.1 to 6.5.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@7edac99...d9e0f98)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    40742dc View commit details
    Browse the repository at this point in the history

  3. chore(deps): Bump actions/checkout from 4.2.2 to 5.0.0 (#630) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...08c6903)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    50f132c View commit details
    Browse the repository at this point in the history

Commits on Aug 20, 2025

  1. fix(config): move to pyyaml-include 2.x, keep legacy CWD-relative !in… 

    …clude (#642)

* BREAKING: fix(config): move to pyyaml-include 2.x, keep legacy CWD-relative !includ

- Replace YamlIncludeConstructor.add_to_loader_class with yaml.add_constructor
- Set base_dir=os.getcwd to preserve prior relative-include semantics
- Pin PyYAML>=6, pyyaml-include>=2,<3, add fsspec floor

Signed-off-by: James Gardner <[email protected]>

* fix(deps): adjust PyYAML version constraint and remove fsspec

Signed-off-by: James Gardner <[email protected]>

* fix(uv.lock): regen deps

Signed-off-by: James Gardner <[email protected]>

* fix(src/grype_db_manager/cli/config.py): run ruff against changed file

Signed-off-by: James Gardner <[email protected]>

---------

Signed-off-by: James Gardner <[email protected]>
    @jamestexas
    jamestexas authored Aug 20, 2025
    Configuration menu
    Copy the full SHA
    ca14089 View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2025

  1. with fix version data being populated (#629) 

    Signed-off-by: Alex Goodman <[email protected]>
    @wagoodman
    wagoodman authored Aug 21, 2025
    Configuration menu
    Copy the full SHA
    5807f96 View commit details
    Browse the repository at this point in the history

Commits on Aug 22, 2025

  1. fix: recognize jvm versions at DB build time (#647) 

    When processing CPEs in the NVD provider, if a CPE seems to be for a
JVM based on its package namme, set its version type to be "jvm" so that
grype knows at match time to use special comparison logic for JVM
versions.

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Aug 22, 2025
    Configuration menu
    Copy the full SHA
    60e433c View commit details
    Browse the repository at this point in the history
Loading