Skip to content

chore(deps): bump github.com/anchore/grype from 0.114.0 to 0.115.0#529

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/grype-0.115.0
Open

chore(deps): bump github.com/anchore/grype from 0.114.0 to 0.115.0#529
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/anchore/grype-0.115.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/anchore/grype from 0.114.0 to 0.115.0.

Release notes

Sourced from github.com/anchore/grype's releases.

v0.115.0

Added Features

Bug Fixes

Additional Changes

  • Security: bump golang.org/x/crypto to v0.52.0 to resolve multiple CVEs [Issue #3493]
  • Security: bump golang.org/x/net to v0.55.0 to resolve CVEs [Issue #3494]

Dependencies

35 dependency changes (31 updated, 3 added, 1 removed). 5 vulnerabilities remediated.

🟢 Remediated (5)

  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2

... (truncated)

Commits
  • fa8b7e2 chore(deps): update anchore dependencies (#3498)
  • f759905 feat(govulndb): emit golang.org/x/net vulns from govlundb (#3534)
  • 095cea9 chore(units): account for changes in Syft and fix stale listing file (#3532)
  • 219a3b8 Update go-make to v0.8.0 (#3528)
  • fa5977b fix(govulndb): only emit records for stdlib (#3527)
  • 80c4dcb fix(govulndb): mix floors from custom ranges as appropriate (#3522)
  • 7bf3e63 chore(deps): bump github.com/containerd/containerd/v2 (#3525)
  • ef6e791 refactor release pipeline: TAG_TOKEN, skip-checks gate, go-make bump, dependa...
  • 931e487 fix(hummingbird): mark hummingbird distro as rolling (#3521)
  • 7e7b75f chore(deps): bump the go-minor-patch group across 1 directory with 2 updates ...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies dealing with project dependencies label Jul 3, 2026
@oss-auto-merger oss-auto-merger Bot enabled auto-merge (squash) July 3, 2026 23:23
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/grype-0.115.0 branch from 06032d5 to 90f32a7 Compare July 3, 2026 23:33
Bumps [github.com/anchore/grype](https://github.com/anchore/grype) from 0.114.0 to 0.115.0.
- [Release notes](https://github.com/anchore/grype/releases)
- [Changelog](https://github.com/anchore/grype/blob/main/RELEASE.md)
- [Commits](anchore/grype@v0.114.0...v0.115.0)

---
updated-dependencies:
- dependency-name: github.com/anchore/grype
  dependency-version: 0.115.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/anchore/grype-0.115.0 branch from 90f32a7 to 78e9ffb Compare July 3, 2026 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies dealing with project dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants