Skip to content

chore(deps): update tools to latest versions #3045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
willmurphyscode merged 3 commits into from
Nov 14, 2025
Merged

chore(deps): update tools to latest versions #3045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
58fe137
chore(deps): update tools to latest versions
westonsteimel Nov 14, 2025
ef23b8c
chore: appease new linter
willmurphyscode Nov 13, 2025
d4f0dfa
let same schema version acquire newline in description field
willmurphyscode Nov 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .binny.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ tools:
# used for linting
- name: golangci-lint
version:
want: v2.5.0
want: v2.6.1
method: github-release
with:
repo: golangci/golangci-lint
Expand Down Expand Up @@ -82,15 +82,15 @@ tools:
# used for running all local and CI tasks
- name: task
version:
want: v3.45.4
want: v3.45.5
method: github-release
with:
repo: go-task/task

# used for triggering a release
- name: gh
version:
want: v2.82.1
want: v2.83.1
method: github-release
with:
repo: cli/cli
Expand Down
1 change: 1 addition & 0 deletions cmd/grype/cli/commands/internal/dbsearch/affected_packages.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ type AffectedPackageInfo struct {
CPE *CPE `json:"cpe,omitempty"`

// Namespace is a holdover value from the v5 DB schema that combines provider and search methods into a single value
//
// Deprecated: this field will be removed in a later version of the search schema
Namespace string `json:"namespace"`

Expand Down
1 change: 0 additions & 1 deletion grype/matcher/java/matcher_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
//go:build api_limits
// +build api_limits

package java

Expand Down
2 changes: 2 additions & 0 deletions grype/presenter/models/document.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ type Document struct {
}

// NewDocument creates and populates a new Document struct, representing the populated JSON document.
//
//nolint:staticcheck // MetadataProvider is deprecated but still used internally
func NewDocument(id clio.Identification, packages []pkg.Package, context pkg.Context, matches match.Matches, ignoredMatches []match.IgnoredMatch, metadataProvider vulnerability.MetadataProvider, appConfig any, dbInfo any, strategy SortStrategy, outputTimestamp bool) (Document, error) {
var timestamp []byte

Expand Down
5 changes: 3 additions & 2 deletions grype/presenter/models/match.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,11 @@ type FixDetails struct {
SuggestedVersion string `json:"suggestedVersion"`
}

//nolint:staticcheck // MetadataProvider is deprecated but still used internally
func newMatch(m match.Match, p pkg.Package, metadataProvider vulnerability.MetadataProvider) (*Match, error) {
relatedVulnerabilities := make([]VulnerabilityMetadata, 0)
for _, r := range m.Vulnerability.RelatedVulnerabilities {
relatedMetadata, err := metadataProvider.VulnerabilityMetadata(r)
relatedMetadata, err := metadataProvider.VulnerabilityMetadata(r) //nolint:staticcheck // deprecated API still used internally
if err != nil {
return nil, fmt.Errorf("unable to fetch related vuln=%q metadata: %+v", r, err)
}
Expand All @@ -50,7 +51,7 @@ func newMatch(m match.Match, p pkg.Package, metadataProvider vulnerability.Metad
metadata := m.Vulnerability.Metadata
if metadata == nil {
var err error
metadata, err = metadataProvider.VulnerabilityMetadata(m.Vulnerability.Reference)
metadata, err = metadataProvider.VulnerabilityMetadata(m.Vulnerability.Reference) //nolint:staticcheck // deprecated API still used internally
if err != nil {
return nil, fmt.Errorf("unable to fetch related vuln=%q metadata: %+v", m.Vulnerability.Reference, err)
}
Expand Down
1 change: 1 addition & 0 deletions grype/presenter/models/metadata_mock.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"github.com/anchore/grype/grype/vulnerability"
)

//nolint:staticcheck // MetadataProvider is deprecated but still used internally for testing
var _ vulnerability.MetadataProvider = (*MetadataMock)(nil)

// MetadataMock provides the behavior required for a vulnerability.Provider for the purpose of testing.
Expand Down
1 change: 1 addition & 0 deletions grype/presenter/presenter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
)

// GetPresenter retrieves a Presenter that matches a CLI option.
//
// Deprecated: this will be removed in v1.0
func GetPresenter(f string, templatePath string, showSuppressed bool, pb models.PresenterConfig) presenter.Presenter {
return format.GetPresenter(format.Parse(f), format.PresentationConfig{
Expand Down
1 change: 1 addition & 0 deletions grype/version/deprecated.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package version

// NewVersion creates a new Version instance with the provided raw version string and format.
//
// Deprecated: NewVersion is deprecated, use New instead.
func NewVersion(raw string, format Format) *Version {
return New(raw, format)
Expand Down
2 changes: 2 additions & 0 deletions grype/vulnerability/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,11 @@ type Criteria interface {
}

// MetadataProvider implementations provide ways to look up vulnerability metadata
//
// Deprecated: vulnerability.Vulnerability objects now have metadata included
type MetadataProvider interface {
// VulnerabilityMetadata returns the metadata associated with a vulnerability
//
// Deprecated: vulnerability.Vulnerability objects now have metadata included
VulnerabilityMetadata(ref Reference) (*Metadata, error)
}
Expand Down
8 changes: 5 additions & 3 deletions grype/vulnerability_matcher.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ func (m *VulnerabilityMatcher) normalizeByCVE(match match.Match) match.Match {

ref := effectiveCVERecordRefs[0]

upstreamMetadata, err := m.VulnerabilityProvider.VulnerabilityMetadata(ref)
upstreamMetadata, err := m.VulnerabilityProvider.VulnerabilityMetadata(ref) //nolint:staticcheck // deprecated API still used internally
if err != nil {
log.WithFields("id", ref.ID, "namespace", ref.Namespace, "error", err).Warn("unable to fetch effective CVE metadata")
return match
Expand Down Expand Up @@ -398,12 +398,13 @@ func isCVE(id string) bool {
return strings.HasPrefix(strings.ToLower(id), "cve-")
}

//nolint:staticcheck // MetadataProvider is deprecated but still used internally
func hasSeverityAtOrAbove(store vulnerability.MetadataProvider, severity vulnerability.Severity, matches match.Matches) bool {
if severity == vulnerability.UnknownSeverity {
return false
}
for m := range matches.Enumerate() {
metadata, err := store.VulnerabilityMetadata(m.Vulnerability.Reference)
metadata, err := store.VulnerabilityMetadata(m.Vulnerability.Reference) //nolint:staticcheck // deprecated API still used internally
if err != nil {
continue
}
Expand Down Expand Up @@ -435,9 +436,10 @@ func logListSummary(vl *monitorWriter) {
}
}

//nolint:staticcheck // MetadataProvider is deprecated but still used internally
func updateVulnerabilityList(mon *monitorWriter, matches []match.Match, ignores []match.IgnoredMatch, dropped []match.IgnoredMatch, metadataProvider vulnerability.MetadataProvider) {
for _, m := range matches {
metadata, err := metadataProvider.VulnerabilityMetadata(m.Vulnerability.Reference)
metadata, err := metadataProvider.VulnerabilityMetadata(m.Vulnerability.Reference) //nolint:staticcheck // deprecated API still used internally
if err != nil || metadata == nil {
mon.BySeverity[vulnerability.UnknownSeverity].Increment()
continue
Expand Down
24 changes: 11 additions & 13 deletions internal/schemaver/schema_ver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,21 +28,19 @@ func Parse(s string) (SchemaVer, error) {
return SchemaVer{}, fmt.Errorf("invalid schema version format: %s", s)
}
// check that all parts are integers
var values [3]int
for i, part := range parts {
if i == 0 {
part = strings.TrimPrefix(part, "v")
}
v, err := strconv.Atoi(part)
if err != nil || v < 0 {
return SchemaVer{}, fmt.Errorf("invalid schema version format: %s", s)
}
values[i] = v
model, err := strconv.Atoi(strings.TrimPrefix(parts[0], "v"))
if err != nil || model < 1 {
return SchemaVer{}, fmt.Errorf("invalid schema version format: %s", s)
}
revision, err := strconv.Atoi(parts[1])
if err != nil || revision < 0 {
return SchemaVer{}, fmt.Errorf("invalid schema version format: %s", s)
}
if values[0] < 1 {
return SchemaVer{}, fmt.Errorf("model value must be greater than 0: %s", s)
addition, err := strconv.Atoi(parts[2])
if err != nil || addition < 0 {
return SchemaVer{}, fmt.Errorf("invalid schema version format: %s", s)
}
return New(values[0], values[1], values[2]), nil
return New(model, revision, addition), nil
}

func (s SchemaVer) Valid() bool {
Expand Down
2 changes: 1 addition & 1 deletion schema/grype/db-search/json/schema-1.1.3.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"description": "is the detailed information about the affected package"
},
"namespace": {
"description": "is a holdover value from the v5 DB schema that combines provider and search methods into a single value\nDeprecated: this field will be removed in a later version of the search schema"
"description": "is a holdover value from the v5 DB schema that combines provider and search methods into a single value\n\nDeprecated: this field will be removed in a later version of the search schema"
},
"os": {
"description": "identifies the operating system release that the affected package is released for"
Expand Down
2 changes: 1 addition & 1 deletion schema/grype/db-search/json/schema-latest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"description": "is the detailed information about the affected package"
},
"namespace": {
"description": "is a holdover value from the v5 DB schema that combines provider and search methods into a single value\nDeprecated: this field will be removed in a later version of the search schema"
"description": "is a holdover value from the v5 DB schema that combines provider and search methods into a single value\n\nDeprecated: this field will be removed in a later version of the search schema"
},
"os": {
"description": "identifies the operating system release that the affected package is released for"
Expand Down
Loading