Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/grype
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.102.0
Choose a base ref
...
head repository: anchore/grype
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.103.0
Choose a head ref
  • 11 commits
  • 14 files changed
  • 6 contributors

Commits on Oct 23, 2025

  1. chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 (#3012) 

    Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.8 to 0.20.9.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@aa0e114...8e94d75)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 23, 2025
    Configuration menu
    Copy the full SHA
    ab01450 View commit details
    Browse the repository at this point in the history

Commits on Oct 27, 2025

  1. chore(deps): update tools to latest versions (#3014) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: westonsteimel <[email protected]>
    @anchore-actions-token-generator @westonsteimel
    anchore-actions-token-generator[bot] and westonsteimel authored Oct 27, 2025
    Configuration menu
    Copy the full SHA
    f7a1e1c View commit details
    Browse the repository at this point in the history

Commits on Oct 28, 2025

  1. Respect rpmmod PURL qualifier (#3020) 

    Pull in a Syft change and add unit test so that passing PURLs to grype
with the "rpmmod" qualifier filters to RPMs with that modularity for
matching.

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Oct 28, 2025
    Configuration menu
    Copy the full SHA
    017da07 View commit details
    Browse the repository at this point in the history

  2. Allow hyphen in version string (#3021) 

    Previously, @ and : were allowed between the id and the version on
--distro, but not '-'. However, - is in the PURLs in the distro
parameter, and it surprises people when they cannot pass it to --distro.
Also, consolidate and unit test the function that parses distro hint
strings.

Signed-off-by: Will Murphy <[email protected]>
    @willmurphyscode
    willmurphyscode authored Oct 28, 2025
    Configuration menu
    Copy the full SHA
    f4e97aa View commit details
    Browse the repository at this point in the history

Commits on Oct 31, 2025

  1. chore: add FP issue template (#2843) 

    Signed-off-by: Keith Zantow <[email protected]>
    @kzantow
    kzantow authored Oct 31, 2025
    Configuration menu
    Copy the full SHA
    6e746a5 View commit details
    Browse the repository at this point in the history

Commits on Nov 3, 2025

  1. chore(deps): bump github.com/hashicorp/go-getter from 1.8.2 to 1.8.3 (#… 

    …3026)

Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](hashicorp/go-getter@v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.8.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    9f606a7 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump github.com/gabriel-vasile/mimetype (#3022) 

    Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.10 to 1.4.11.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases)
- [Commits](gabriel-vasile/mimetype@v1.4.10...v1.4.11)

---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
  dependency-version: 1.4.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    0e70bd3 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#3016) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...330a01c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    26e7f25 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump github/codeql-action from 4.30.9 to 4.31.2 (#3025) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.9 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@16140ae...0499de3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    eca601f View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump gorm.io/gorm from 1.31.0 to 1.31.1 (#3028) 

    Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.31.0 to 1.31.1.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.31.0...v1.31.1)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    4e5cc1a View commit details
    Browse the repository at this point in the history

  6. chore(deps): update anchore dependencies (#3029) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <[email protected]>
    @anchore-actions-token-generator @spiffcs
    anchore-actions-token-generator[bot] and spiffcs authored Nov 3, 2025
    Configuration menu
    Copy the full SHA
    e96dcd5 View commit details
    Browse the repository at this point in the history
Loading