Skip to content

Commit 0b10eee

Browse files
kylos101kylos101
authored
Merge pull request #316 from gitpod-io/kb/fix-grype-nil-pointer-panic
fix: update grype to v0.91.0 to resolve nil pointer panic
2 parents 9bbfce1 + 394e89a commit 0b10eee

24 files changed

+316
-296
lines changed

cmd/sign-cache.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ Example:
3939
RunE: func(cmd *cobra.Command, args []string) error {
4040
manifestPath, _ := cmd.Flags().GetString("from-manifest")
4141
dryRun, _ := cmd.Flags().GetBool("dry-run")
42-
42+
4343
// Get max concurrency setting (env var as default, CLI flag overrides)
4444
maxConcurrency, _ := cmd.Flags().GetInt("max-signing-concurrency")
4545
if !cmd.Flags().Changed("max-signing-concurrency") {

go.mod

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ go 1.24.1
44

55
require (
66
github.com/anchore/clio v0.0.0-20250926015255-f418e0b4892c
7-
github.com/anchore/grype v0.90.0
8-
github.com/anchore/syft v1.21.0
7+
github.com/anchore/grype v0.91.0
8+
github.com/anchore/syft v1.22.0
99
github.com/aws/aws-sdk-go-v2 v1.38.1
1010
github.com/aws/aws-sdk-go-v2/config v1.31.3
1111
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.59
@@ -59,7 +59,7 @@ require (
5959
dario.cat/mergo v1.0.2 // indirect
6060
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
6161
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
62-
github.com/BurntSushi/toml v1.4.0 // indirect
62+
github.com/BurntSushi/toml v1.5.0 // indirect
6363
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
6464
github.com/DataDog/zstd v1.5.5 // indirect
6565
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.3 // indirect
@@ -73,7 +73,8 @@ require (
7373
github.com/Microsoft/go-winio v0.6.2 // indirect
7474
github.com/Microsoft/hcsshim v0.11.7 // indirect
7575
github.com/OneOfOne/xxhash v1.2.8 // indirect
76-
github.com/ProtonMail/go-crypto v1.1.5 // indirect
76+
github.com/ProtonMail/go-crypto v1.1.6 // indirect
77+
github.com/STARRY-S/zip v0.2.1 // indirect
7778
github.com/acobaugh/osrelease v0.1.0 // indirect
7879
github.com/adrg/xdg v0.5.3 // indirect
7980
github.com/agext/levenshtein v1.2.1 // indirect
@@ -84,9 +85,10 @@ require (
8485
github.com/anchore/go-logger v0.0.0-20250813181427-74728f89a619 // indirect
8586
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
8687
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
88+
github.com/anchore/go-sync v0.0.0-20250326131806-4eda43a485b6 // indirect
8789
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
8890
github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115 // indirect
89-
github.com/anchore/stereoscope v0.1.0 // indirect
91+
github.com/anchore/stereoscope v0.1.2 // indirect
9092
github.com/andybalholm/brotli v1.1.1 // indirect
9193
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
9294
github.com/aquasecurity/go-pep440-version v0.0.1 // indirect
@@ -111,10 +113,14 @@ require (
111113
github.com/becheran/wildmatch-go v1.0.0 // indirect
112114
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
113115
github.com/bitnami/go-version v0.0.0-20250131085805-b1f57a8634ef // indirect
116+
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
114117
github.com/blang/semver v3.5.1+incompatible // indirect
115118
github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
116119
github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
117120
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
121+
github.com/bodgit/plumbing v1.3.0 // indirect
122+
github.com/bodgit/sevenzip v1.6.0 // indirect
123+
github.com/bodgit/windows v1.0.1 // indirect
118124
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
119125
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
120126
github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -126,7 +132,7 @@ require (
126132
github.com/cloudflare/circl v1.6.0 // indirect
127133
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
128134
github.com/containerd/cgroups v1.1.0 // indirect
129-
github.com/containerd/containerd v1.7.26 // indirect
135+
github.com/containerd/containerd v1.7.27 // indirect
130136
github.com/containerd/containerd/api v1.8.0 // indirect
131137
github.com/containerd/continuity v0.4.4 // indirect
132138
github.com/containerd/errdefs v1.0.0 // indirect
@@ -154,9 +160,8 @@ require (
154160
github.com/docker/go-connections v0.5.0 // indirect
155161
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
156162
github.com/docker/go-units v0.5.0 // indirect
157-
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
163+
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
158164
github.com/dustin/go-humanize v1.0.1 // indirect
159-
github.com/edsrzf/mmap-go v1.1.0 // indirect
160165
github.com/elliotchance/phpserialize v1.4.0 // indirect
161166
github.com/emirpasic/gods v1.18.1 // indirect
162167
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
@@ -201,6 +206,7 @@ require (
201206
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
202207
github.com/godbus/dbus/v5 v5.1.0 // indirect
203208
github.com/gogo/protobuf v1.3.2 // indirect
209+
github.com/gohugoio/hashstructure v0.5.0 // indirect
204210
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
205211
github.com/golang/snappy v0.0.4 // indirect
206212
github.com/google/certificate-transparency-go v1.3.2 // indirect
@@ -248,11 +254,11 @@ require (
248254
github.com/mattn/go-isatty v0.0.20 // indirect
249255
github.com/mattn/go-runewidth v0.0.16 // indirect
250256
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
257+
github.com/mholt/archives v0.1.0 // indirect
251258
github.com/mitchellh/copystructure v1.2.0 // indirect
252259
github.com/mitchellh/go-homedir v1.1.0 // indirect
253260
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
254261
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
255-
github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
256262
github.com/mitchellh/mapstructure v1.5.0 // indirect
257263
github.com/mitchellh/reflectwalk v1.0.2 // indirect
258264
github.com/moby/docker-image-spec v1.3.1 // indirect
@@ -265,6 +271,7 @@ require (
265271
github.com/muesli/termenv v0.16.0 // indirect
266272
github.com/ncruces/go-strftime v0.1.9 // indirect
267273
github.com/nwaples/rardecode v1.1.3 // indirect
274+
github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect
268275
github.com/oklog/ulid v1.3.1 // indirect
269276
github.com/olekukonko/tablewriter v0.0.5 // indirect
270277
github.com/onsi/gomega v1.35.1 // indirect
@@ -288,13 +295,11 @@ require (
288295
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
289296
github.com/rivo/uniseg v0.4.7 // indirect
290297
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c // indirect
291-
github.com/saferwall/pe v1.5.6 // indirect
292298
github.com/sagikazarmark/locafero v0.12.0 // indirect
293299
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
294300
github.com/sassoftware/go-rpmutils v0.4.0 // indirect
295301
github.com/sassoftware/relic v7.2.1+incompatible // indirect
296302
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
297-
github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d // indirect
298303
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 // indirect
299304
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
300305
github.com/segmentio/backo-go v1.0.0 // indirect
@@ -308,6 +313,7 @@ require (
308313
github.com/sigstore/timestamp-authority v1.2.9 // indirect
309314
github.com/skeema/knownhosts v1.3.1 // indirect
310315
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
316+
github.com/sorairolake/lzip-go v0.3.5 // indirect
311317
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
312318
github.com/spdx/tools-golang v0.5.5 // indirect
313319
github.com/spf13/afero v1.15.0 // indirect
@@ -316,8 +322,8 @@ require (
316322
github.com/spf13/viper v1.21.0 // indirect
317323
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
318324
github.com/subosito/gotenv v1.6.0 // indirect
319-
github.com/sylabs/sif/v2 v2.20.2 // indirect
320-
github.com/sylabs/squashfs v1.0.5 // indirect
325+
github.com/sylabs/sif/v2 v2.21.1 // indirect
326+
github.com/sylabs/squashfs v1.0.6 // indirect
321327
github.com/therootcompany/xz v1.0.1 // indirect
322328
github.com/theupdateframework/go-tuf v0.7.0 // indirect
323329
github.com/theupdateframework/go-tuf/v2 v2.2.0 // indirect
@@ -349,6 +355,7 @@ require (
349355
go.uber.org/multierr v1.11.0 // indirect
350356
go.uber.org/zap v1.27.0 // indirect
351357
go.yaml.in/yaml/v3 v3.0.4 // indirect
358+
go4.org v0.0.0-20230225012048-214862532bf5 // indirect
352359
golang.org/x/crypto v0.45.0 // indirect
353360
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
354361
golang.org/x/net v0.47.0 // indirect

0 commit comments

Comments
 (0)