bump grype dev branch

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · Nov 26, 2024 · 623b0e1 · 623b0e1
1 parent 0b07ef5
commit 623b0e1
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 87 deletions.
diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/adrg/xdg v0.5.3
 	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a
-	github.com/anchore/grype v0.85.1-0.20241121181803-ba4a2b41b64f
+	github.com/anchore/grype v0.85.1-0.20241126174746-de1008de96fd
 	github.com/anchore/syft v1.17.0
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
 	github.com/dave/jennifer v1.7.1

diff --git a/go.sum b/go.sum
@@ -252,8 +252,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype v0.85.1-0.20241121181803-ba4a2b41b64f h1:U6dG0KfDU4SECpo4ix74Ci5XugRXbkU7ntp5K07+OQQ=
-github.com/anchore/grype v0.85.1-0.20241121181803-ba4a2b41b64f/go.mod h1:8+byyl7POwrm6D/rya93DIZ70+vnWLVe+nSBmQ/wnoc=
+github.com/anchore/grype v0.85.1-0.20241126174746-de1008de96fd h1:sPMrJVdj23eBLk3LNYMfE9oUUo+OCwIknXOVGSRxuXU=
+github.com/anchore/grype v0.85.1-0.20241126174746-de1008de96fd/go.mod h1:8+byyl7POwrm6D/rya93DIZ70+vnWLVe+nSBmQ/wnoc=
 github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f h1:dAQPIrQ3a5PBqZeZ+B9NGZsGmodk4NO9OjDIsQmQyQM=
 github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f/go.mod h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI=
 github.com/anchore/stereoscope v0.0.9 h1:rLhYWe/CXhDq/UCUWQ3U5xtpGk4RFnssKaM0bHhs5us=

diff --git a/pkg/process/v6/transformers/github/transform.go b/pkg/process/v6/transformers/github/transform.go
@@ -205,8 +205,7 @@ func getReferences(vulnerability unmarshal.GitHubAdvisory) []grypeDB.Reference {
 	// https://github.com/anchore/vunnel/issues/646 to capture this
 	refs := []grypeDB.Reference{
 		{
-			Tags: []string{grypeDB.AdvisoryReferenceTag},
-			URL:  vulnerability.Advisory.URL,
+			URL: vulnerability.Advisory.URL,
 		},
 	}
 

diff --git a/pkg/process/v6/transformers/github/transform_test.go b/pkg/process/v6/transformers/github/transform_test.go
@@ -91,8 +91,7 @@ func TestGetVulnerability(t *testing.T) {
 						Status:        grypeDB.VulnerabilityActive,
 						References: []grypeDB.Reference{
 							{
-								Tags: []string{grypeDB.AdvisoryReferenceTag},
-								URL:  "https://github.com/advisories/GHSA-2wgc-48g2-cj5w",
+								URL: "https://github.com/advisories/GHSA-2wgc-48g2-cj5w",
 							},
 						},
 						Aliases: []string{"CVE-2024-21653"},
@@ -129,8 +128,7 @@ func TestGetVulnerability(t *testing.T) {
 						Status:        grypeDB.VulnerabilityRejected,
 						References: []grypeDB.Reference{
 							{
-								Tags: []string{grypeDB.AdvisoryReferenceTag},
-								URL:  "https://github.com/advisories/GHSA-3x74-v64j-qc3f",
+								URL: "https://github.com/advisories/GHSA-3x74-v64j-qc3f",
 							},
 						},
 						Aliases: []string{"CVE-2023-30179"},
@@ -167,8 +165,7 @@ func TestGetVulnerability(t *testing.T) {
 						Status:        grypeDB.VulnerabilityActive,
 						References: []grypeDB.Reference{
 							{
-								Tags: []string{grypeDB.AdvisoryReferenceTag},
-								URL:  "https://github.com/advisories/GHSA-vc9j-fhvv-8vrf",
+								URL: "https://github.com/advisories/GHSA-vc9j-fhvv-8vrf",
 							},
 						},
 						Aliases: []string{"CVE-2020-14000"},
@@ -202,8 +199,7 @@ func TestGetVulnerability(t *testing.T) {
 						Description:  "Low severity vulnerability that affects notebook",
 						References: []grypeDB.Reference{
 							{
-								URL:  "https://github.com/advisories/GHSA-6cwv-x26c-w2q4",
-								Tags: []string{"advisory"},
+								URL: "https://github.com/advisories/GHSA-6cwv-x26c-w2q4",
 							},
 						},
 
@@ -226,8 +222,7 @@ func TestGetVulnerability(t *testing.T) {
 						Description:  "Moderate severity vulnerability that affects Plone",
 						References: []grypeDB.Reference{
 							{
-								URL:  "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4",
-								Tags: []string{"advisory"},
+								URL: "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4",
 							},
 						},
 						Aliases: []string{"CVE-2017-5524"},
@@ -256,8 +251,7 @@ func TestGetVulnerability(t *testing.T) {
 						Status:        grypeDB.VulnerabilityRejected,
 						References: []grypeDB.Reference{
 							{
-								Tags: []string{grypeDB.AdvisoryReferenceTag},
-								URL:  "https://github.com/advisories/GHSA-6cwv-x26c-w2q4",
+								URL: "https://github.com/advisories/GHSA-6cwv-x26c-w2q4",
 							},
 						},
 						Aliases: []string{"CVE-2018-8768"},
@@ -283,8 +277,7 @@ func TestGetVulnerability(t *testing.T) {
 						Status:       grypeDB.VulnerabilityActive,
 						References: []grypeDB.Reference{
 							{
-								Tags: []string{grypeDB.AdvisoryReferenceTag},
-								URL:  "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4",
+								URL: "https://github.com/advisories/GHSA-p5wr-vp8g-q5p4",
 							},
 						},
 						Aliases: []string{"CVE-2017-5524"},

diff --git a/pkg/process/v6/transformers/nvd/transform.go b/pkg/process/v6/transformers/nvd/transform.go
@@ -284,8 +284,7 @@ func getSeverities(vuln unmarshal.NVDVulnerability) []grypeDB.Severity {
 func getReferences(vuln unmarshal.NVDVulnerability) []grypeDB.Reference {
 	references := []grypeDB.Reference{
 		{
-			Tags: []string{grypeDB.AdvisoryReferenceTag},
-			URL:  "https://nvd.nist.gov/vuln/detail/" + vuln.ID,
+			URL: "https://nvd.nist.gov/vuln/detail/" + vuln.ID,
 		},
 	}
 	for _, reference := range vuln.References {

diff --git a/pkg/process/v6/transformers/nvd/transform_test.go b/pkg/process/v6/transformers/nvd/transform_test.go
@@ -68,8 +68,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2018-5487",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2018-5487",
 								},
 								{
 									URL:  "https://security.netapp.com/advisory/ntap-20180523-0001/",
@@ -144,8 +144,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2018-1000222",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2018-1000222",
 								},
 								{
 									URL:  "https://github.com/libgd/libgd/issues/447",
@@ -232,8 +232,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2018-10189",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2018-10189",
 								},
 								{
 									URL:  "https://github.com/mautic/mautic/releases/tag/2.13.0",
@@ -315,8 +315,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2015-8978",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2015-8978",
 								},
 								{
 									URL:  "http://cpansearch.perl.org/src/PHRED/SOAP-Lite-1.20/Changes",
@@ -374,8 +374,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2022-26488",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2022-26488",
 								},
 								{
 									URL:  "https://mail.python.org/archives/list/security-announce@python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN/",
@@ -481,8 +481,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2022-0543",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2022-0543",
 								},
 								{
 									URL:  "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html",
@@ -576,8 +576,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2020-10729",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2020-10729",
 								},
 								{
 									URL:  "https://bugzilla.redhat.com/show_bug.cgi?id=1831089",
@@ -667,8 +667,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2023-38733",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2023-38733",
 								},
 								{
 									URL:  "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293",
@@ -755,8 +755,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
 								},
 								{
 									URL:  "http://www.openwall.com/lists/oss-security/2023/12/05/2",
@@ -866,8 +866,8 @@ func TestTransform(t *testing.T) {
 							Status:        grypeDB.VulnerabilityActive,
 							References: []grypeDB.Reference{
 								{
-									Tags: []string{grypeDB.AdvisoryReferenceTag},
-									URL:  "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
+
+									URL: "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
 								},
 								{
 									URL:  "http://www.openwall.com/lists/oss-security/2023/12/05/2",

diff --git a/pkg/process/v6/transformers/os/transform.go b/pkg/process/v6/transformers/os/transform.go
@@ -112,8 +112,7 @@ func getFix(fixedInEntry unmarshal.OSFixedIn) *grypeDB.Fix {
 	var refs []grypeDB.Reference
 	for _, l := range linkOrder {
 		refs = append(refs, grypeDB.Reference{
-			Tags: []string{grypeDB.AdvisoryReferenceTag},
-			URL:  l,
+			URL: l,
 		})
 	}
 
@@ -306,8 +305,7 @@ func getReferences(vuln unmarshal.OSVulnerability) []grypeDB.Reference {
 	for _, l := range linkOrder {
 		refs = append(refs,
 			grypeDB.Reference{
-				Tags: []string{grypeDB.AdvisoryReferenceTag},
-				URL:  l,
+				URL: l,
 			},
 		)
 	}