Fix grype not scanning C deps that dont have CPEs

kovidgoyal · kovidgoyal · commit 54368be5546f · 2025-09-18T09:22:28.000+05:30
diff --git a/.github/workflows/ci.py b/.github/workflows/ci.py
@@ -222,7 +222,7 @@ def check_dependencies() -> None:
     dest = os.path.join(SW, 'macos')
     os.makedirs(dest, exist_ok=True)
     install_bundle(dest, os.path.basename(dest))
-    cmdline = [grype, '--by-cve', '--config', gc, '--fail-on', 'medium', '--only-fixed']
+    cmdline = [grype, '--by-cve', '--config', gc, '--fail-on', 'medium', '--only-fixed', '--add-cpes-if-none']
     if (cp := subprocess.run(cmdline + ['dir:' + SW])).returncode != 0:
         raise SystemExit(cp.returncode)
     # Now test against the SBOM
diff --git a/bypy/sources.json b/bypy/sources.json
@@ -65,11 +65,11 @@
     },
 
     {
-        "name": "libxml2 2.12.7",
+        "name": "libxml2 2.12.10",
         "spdx": "MIT",
         "unix": {
             "file_extension": "tar.xz",
-            "hash": "sha256:24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56",
+            "hash": "sha256:c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995",
             "urls": ["https://download.gnome.org/sources/libxml2/{version_except_last}/{filename}"]
         }
     },

Original file line number	Diff line number	Diff line change
`@@ -65,11 +65,11 @@`
`65`	`65`	`},`
`66`	`66`
`67`	`67`	`{`
`68`		`- "name": "libxml2 2.12.7",`
	`68`	`+ "name": "libxml2 2.12.10",`
`69`	`69`	`"spdx": "MIT",`
`70`	`70`	`"unix": {`
`71`	`71`	`"file_extension": "tar.xz",`
`72`		`- "hash": "sha256:24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56",`
	`72`	`+ "hash": "sha256:c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995",`
`73`	`73`	`"urls": ["https://download.gnome.org/sources/libxml2/{version_except_last}/{filename}"]`
`74`	`74`	`}`
`75`	`75`	`},`