Skip to content

Commit 4bf29ac

Browse files
powersjpowersj
authored
Merge pull request #1809 from kbsteere/upgrade-grype-104-fix-java-jre-suffix-bug
bug: update grype to fix java jar suffix issue
2 parents 4b007b9 + b2d1090 commit 4bf29ac

File tree

9 files changed

+6680
-2546
lines changed

9 files changed

+6680
-2546
lines changed

go.mod

Lines changed: 47 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,13 @@ require (
1515
chainguard.dev/melange v0.34.0
1616
cloud.google.com/go/storage v1.56.1
1717
github.com/adrg/xdg v0.5.3
18-
github.com/anchore/grype v0.99.1
18+
github.com/anchore/grype v0.104.1
1919
github.com/anchore/stereoscope v0.1.13
20-
github.com/anchore/syft v1.32.0
20+
github.com/anchore/syft v1.38.0
2121
github.com/chainguard-dev/clog v1.7.0
2222
github.com/chainguard-dev/yam v0.2.40
2323
github.com/charmbracelet/bubbles v0.21.0
24-
github.com/charmbracelet/bubbletea v1.3.7
24+
github.com/charmbracelet/bubbletea v1.3.10
2525
github.com/charmbracelet/lipgloss v1.1.1-0.20250319133953-166f707985bc
2626
github.com/charmbracelet/log v0.4.2
2727
github.com/cli/browser v1.3.0
@@ -89,7 +89,7 @@ require (
8989
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa // indirect
9090
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
9191
github.com/BurntSushi/toml v1.5.0 // indirect
92-
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
92+
github.com/CycloneDX/cyclonedx-go v0.9.3 // indirect
9393
github.com/DataDog/zstd v1.5.7 // indirect
9494
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect
9595
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
@@ -106,10 +106,9 @@ require (
106106
github.com/STARRY-S/zip v0.2.3 // indirect
107107
github.com/acobaugh/osrelease v0.1.0 // indirect
108108
github.com/agext/levenshtein v1.2.3 // indirect
109-
github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 // indirect
110109
github.com/anchore/clio v0.0.0-20250715152405-a0fa658e5084 // indirect
111110
github.com/anchore/fangs v0.0.0-20250716230140-94c22408c232 // indirect
112-
github.com/anchore/go-collections v0.0.0-20241211140901-567f400e9a46 // indirect
111+
github.com/anchore/go-collections v0.0.0-20251016125210-a3c352120e8c // indirect
113112
github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d // indirect
114113
github.com/anchore/go-lzo v0.1.0 // indirect
115114
github.com/anchore/go-macholibre v0.0.0-20250320151634-807da7ad2331 // indirect
@@ -123,7 +122,24 @@ require (
123122
github.com/aquasecurity/go-pep440-version v0.0.1 // indirect
124123
github.com/aquasecurity/go-version v0.0.1 // indirect
125124
github.com/atotto/clipboard v0.1.4 // indirect
126-
github.com/aws/aws-sdk-go v1.55.7 // indirect
125+
github.com/aws/aws-sdk-go-v2 v1.39.6 // indirect
126+
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
127+
github.com/aws/aws-sdk-go-v2/config v1.31.17 // indirect
128+
github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // indirect
129+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
130+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
131+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
132+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
133+
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
134+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
135+
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.2 // indirect
136+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
137+
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
138+
github.com/aws/aws-sdk-go-v2/service/s3 v1.80.1 // indirect
139+
github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
140+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
141+
github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
142+
github.com/aws/smithy-go v1.23.2 // indirect
127143
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
128144
github.com/becheran/wildmatch-go v1.0.0 // indirect
129145
github.com/beorn7/perks v1.0.1 // indirect
@@ -142,6 +158,9 @@ require (
142158
github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
143159
github.com/charmbracelet/x/term v0.2.1 // indirect
144160
github.com/cli/safeexec v1.0.1 // indirect
161+
github.com/clipperhouse/displaywidth v0.3.1 // indirect
162+
github.com/clipperhouse/stringish v0.1.1 // indirect
163+
github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
145164
github.com/cloudflare/circl v1.6.1 // indirect
146165
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
147166
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
@@ -194,9 +213,8 @@ require (
194213
github.com/goccy/go-yaml v1.18.0 // indirect
195214
github.com/gocsaf/csaf/v3 v3.3.0 // indirect
196215
github.com/gogo/protobuf v1.3.2 // indirect
197-
github.com/gohugoio/hashstructure v0.5.0 // indirect
216+
github.com/gohugoio/hashstructure v0.6.0 // indirect
198217
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
199-
github.com/golang/snappy v1.0.0 // indirect
200218
github.com/google/go-containerregistry v0.20.6 // indirect
201219
github.com/google/go-licenses/v2 v2.0.1 // indirect
202220
github.com/google/go-querystring v1.1.0 // indirect
@@ -208,16 +226,18 @@ require (
208226
github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
209227
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
210228
github.com/gookit/color v1.6.0 // indirect
229+
github.com/gpustack/gguf-parser-go v0.22.1 // indirect
211230
github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 // indirect
212231
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2 // indirect
213232
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
233+
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.65 // indirect
214234
github.com/hashicorp/errwrap v1.1.0 // indirect
215235
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
216-
github.com/hashicorp/go-getter v1.7.9 // indirect
236+
github.com/hashicorp/go-getter v1.8.3 // indirect
217237
github.com/hashicorp/go-multierror v1.1.1 // indirect
218-
github.com/hashicorp/go-safetemp v1.0.0 // indirect
219238
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
220239
github.com/hashicorp/hcl/v2 v2.24.0 // indirect
240+
github.com/henvic/httpretty v0.1.4 // indirect
221241
github.com/huandu/xstrings v1.5.0 // indirect
222242
github.com/iancoleman/strcase v0.3.0 // indirect
223243
github.com/ijt/goparsify v0.0.0-20221203142333-3a5276334b8d // indirect
@@ -227,8 +247,8 @@ require (
227247
github.com/jinzhu/copier v0.4.0 // indirect
228248
github.com/jinzhu/inflection v1.0.0 // indirect
229249
github.com/jinzhu/now v1.1.5 // indirect
230-
github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect
231250
github.com/joho/godotenv v1.5.1 // indirect
251+
github.com/json-iterator/go v1.1.12 // indirect
232252
github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
233253
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
234254
github.com/kelseyhightower/envconfig v1.4.0 // indirect
@@ -240,9 +260,9 @@ require (
240260
github.com/mattn/go-colorable v0.1.14 // indirect
241261
github.com/mattn/go-isatty v0.0.20 // indirect
242262
github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75 // indirect
243-
github.com/mattn/go-runewidth v0.0.16 // indirect
263+
github.com/mattn/go-runewidth v0.0.19 // indirect
244264
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
245-
github.com/mholt/archives v0.1.3 // indirect
265+
github.com/mholt/archives v0.1.5 // indirect
246266
github.com/mikelolasagasti/xz v1.0.1 // indirect
247267
github.com/minio/minlz v1.0.1 // indirect
248268
github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -258,17 +278,19 @@ require (
258278
github.com/moby/sys/user v0.4.0 // indirect
259279
github.com/moby/sys/userns v0.1.0 // indirect
260280
github.com/moby/term v0.5.2 // indirect
281+
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
282+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
261283
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
262284
github.com/muesli/cancelreader v0.2.2 // indirect
263285
github.com/muesli/termenv v0.16.0 // indirect
264286
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
265287
github.com/ncruces/go-strftime v0.1.9 // indirect
266288
github.com/nix-community/go-nix v0.0.0-20250101154619-4bdde671e0a1 // indirect
267-
github.com/nwaples/rardecode v1.1.3 // indirect
268-
github.com/nwaples/rardecode/v2 v2.1.1 // indirect
289+
github.com/nwaples/rardecode/v2 v2.2.0 // indirect
290+
github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
269291
github.com/olekukonko/errors v1.1.0 // indirect
270-
github.com/olekukonko/ll v0.0.9 // indirect
271-
github.com/olekukonko/tablewriter v1.1.0 // indirect
292+
github.com/olekukonko/ll v0.1.2 // indirect
293+
github.com/olekukonko/tablewriter v1.1.1 // indirect
272294
github.com/opencontainers/go-digest v1.0.0 // indirect
273295
github.com/opencontainers/image-spec v1.1.1 // indirect
274296
github.com/opencontainers/runtime-spec v1.2.1 // indirect
@@ -302,7 +324,8 @@ require (
302324
github.com/shopspring/decimal v1.4.0 // indirect
303325
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
304326
github.com/skeema/knownhosts v1.3.1 // indirect
305-
github.com/sorairolake/lzip-go v0.3.7 // indirect
327+
github.com/smallnest/ringbuffer v0.0.0-20241116012123-461381446e3d // indirect
328+
github.com/sorairolake/lzip-go v0.3.8 // indirect
306329
github.com/sourcegraph/conc v0.3.0 // indirect
307330
github.com/spdx/gordf v0.0.0-20250128162952-000978ccd6fb // indirect
308331
github.com/spdx/tools-golang v0.5.5 // indirect
@@ -316,7 +339,7 @@ require (
316339
github.com/u-root/u-root v0.15.0 // indirect
317340
github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
318341
github.com/ulikunitz/xz v0.5.15 // indirect
319-
github.com/vbatts/go-mtree v0.5.4 // indirect
342+
github.com/vbatts/go-mtree v0.6.0 // indirect
320343
github.com/vbatts/tar-split v0.12.1 // indirect
321344
github.com/vifraa/gopom v1.0.0 // indirect
322345
github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
@@ -346,11 +369,12 @@ require (
346369
go.yaml.in/yaml/v3 v3.0.4 // indirect
347370
go4.org v0.0.0-20230225012048-214862532bf5 // indirect
348371
golang.org/x/crypto v0.45.0 // indirect
349-
golang.org/x/mod v0.29.0 // indirect
372+
golang.org/x/mod v0.30.0 // indirect
350373
golang.org/x/net v0.47.0 // indirect
351374
golang.org/x/sys v0.38.0 // indirect
352-
golang.org/x/tools v0.38.0 // indirect
375+
golang.org/x/tools v0.39.0 // indirect
353376
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
377+
gonum.org/v1/gonum v0.16.0 // indirect
354378
google.golang.org/api v0.256.0 // indirect
355379
google.golang.org/genproto v0.0.0-20250715232539-7130f93afb79 // indirect
356380
google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 // indirect
@@ -359,7 +383,7 @@ require (
359383
google.golang.org/protobuf v1.36.10 // indirect
360384
gopkg.in/ini.v1 v1.67.0 // indirect
361385
gopkg.in/warnings.v0 v0.1.2 // indirect
362-
gorm.io/gorm v1.30.2 // indirect
386+
gorm.io/gorm v1.31.1 // indirect
363387
k8s.io/apimachinery v0.34.2 // indirect
364388
k8s.io/klog/v2 v2.130.1 // indirect
365389
modernc.org/libc v1.66.10 // indirect

0 commit comments

Comments
 (0)