popey
1
Help shape the future of Grype! Share your thoughts in our quick 5-question survey. Your feedback will guide our development priorities and help us better serve your needs. Thank you! 
Release Notes:
Version v0.92.0
Added Features
Bug Fixes
- adjust namespace translation logic to be v5 compatible #2634 @westonsteimel
- fall back to fuzzy constraint units #2651 @willmurphyscode
- adjust version prefix check when excluding overlapping packages #2653 @westonsteimel
- Dropping group from npm package names leads to false positives #2554 #2645 @kzantow
- Potential regression in CVE detection from 0.87.0 (v5 schema) to 0.88.0 (v6 schema) for go-module detection #2642]
- Removal of temporary files not working on Windows #2233 #2657 @popey
- @jridgewell/gen-mapping incorrectly attributed GHSA-8rmg-jf7p-4p22 #1886 #2645 @kzantow
- Vulnerability reported on @group/name dependency when actual vulnerability exists on name dependency #1701 #2645 @kzantow
- Grype false negatives in versions v0.88.0 and later leading to missed critical vulnerabilities #2628 #2645 @kzantow
- PHP pecl redis mixes with redis project itself and creates false positive cve #1804
- False Positive: Openssl CVE-2022-2068, CVE-2022-1292, CVE-2021-3711 in SUSE Enterprise 15 SP5 #1729
- Grype does not handle purl file input with packages from different distributions #2630 #2639 @chovanecadam
- grype pkg:golang/k8s.io/ingress-nginx@v1.11.2 does not show cve #2580 #2586 @goatwu1993
(Full Changelog)
