Merge pull request #1138 from wolfi-dev/dependabot/go_modules/github.…

…com/anchore/grype-0.80.0 build(deps): bump github.com/anchore/grype from 0.79.6 to 0.80.0
wolfi-dev · Sep 4, 2024 · c76d15d · c76d15d
2 parents 3ccd87b + ffbda88
commit c76d15d
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	chainguard.dev/melange v0.11.3-0.20240819231553-2dbb223df3be
 	cloud.google.com/go/storage v1.43.0
 	github.com/adrg/xdg v0.5.0
-	github.com/anchore/grype v0.79.6
+	github.com/anchore/grype v0.80.0
 	github.com/anchore/stereoscope v0.0.3
 	github.com/anchore/syft v1.11.1
 	github.com/chainguard-dev/clog v1.5.1-0.20240811185937-4c523ae4593f
@@ -190,7 +190,7 @@ require (
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.5 // indirect
+	github.com/hashicorp/go-getter v1.7.6 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -272,8 +272,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype v0.79.6 h1:/QgRweQ1w87FKCpFmH6sHNoa01Qg8VUk4+Z+X2N3/FA=
-github.com/anchore/grype v0.79.6/go.mod h1:0y31hGgOkHn1TyKC5Ap3rnkZ0SF/35+s08XY6Vleng4=
+github.com/anchore/grype v0.80.0 h1:nedqwzcfyVQprEjTAY7X2w8sm0hKkCLSBf3TEDgXsRo=
+github.com/anchore/grype v0.80.0/go.mod h1:G9VpcSwea0sLMyOjdO2u9utNDBSC+4yeZ4GEr6tB1NQ=
 github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f h1:B/E9ixKNCasntpoch61NDaQyGPDXLEJlL+B9B/PbdbA=
 github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.3 h1:JRPHySy8S6P+Ff3IDiQ29ap1i8/laUQxDk9K1eFh/2U=
@@ -707,8 +707,8 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4=
-github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.6 h1:5jHuM+aH373XNtXl9TNTUH5Qd69Trve11tHIrB+6yj4=
+github.com/hashicorp/go-getter v1.7.6/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=

diff --git a/pkg/cli/advisory_guide.go b/pkg/cli/advisory_guide.go
@@ -182,6 +182,7 @@ func cmdAdvisoryGuide() *cobra.Command {
 			if err != nil {
 				return fmt.Errorf("failed to create vulnerability scanner: %w", err)
 			}
+			defer scanner.Close()
 
 			// We don't want logging, it's unnecessary and interrupts the flow of the guide.
 			ctx = clog.WithLogger(ctx, clog.NewLogger(internal.NopLogger()))

diff --git a/pkg/cli/advisory_validate_fixes.go b/pkg/cli/advisory_validate_fixes.go
@@ -210,6 +210,7 @@ func findInvalidFixedAdvisoriesForAPK(
 	if err != nil {
 		return nil, fmt.Errorf("creating scanner: %w", err)
 	}
+	defer scanner.Close()
 
 	// TODO: Scanning needs a better interface, this is a hack to seek to the start of the file.
 	//  Consider using io.ReaderAt.

diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go
@@ -271,6 +271,7 @@ func scanEverything(ctx context.Context, p *scanParams, inputs []string, advisor
 		if err != nil {
 			return fmt.Errorf("failed to create scanner: %w", err)
 		}
+		defer scanner.Close()
 
 		for i, ch := range done {
 			select {

diff --git a/pkg/scan/apk.go b/pkg/scan/apk.go
@@ -11,6 +11,7 @@ import (
 	"github.com/adrg/xdg"
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
+	v5 "github.com/anchore/grype/grype/db/v5"
 	"github.com/anchore/grype/grype/matcher"
 	"github.com/anchore/grype/grype/matcher/dotnet"
 	"github.com/anchore/grype/grype/matcher/golang"
@@ -83,6 +84,7 @@ func newTargetAPK(s *sbomSyft.SBOM) (TargetAPK, error) {
 type Scanner struct {
 	datastore            *store.Store
 	dbStatus             *db.Status
+	dbCloser             v5.DBCloser
 	vulnerabilityMatcher *grype.VulnerabilityMatcher
 	disableSBOMCache     bool
 }
@@ -158,13 +160,13 @@ func NewScanner(opts Options) (*Scanner, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to load vulnerability database: %w", err)
 	}
-	defer dbCloser.Close()
 
 	vulnerabilityMatcher := NewGrypeVulnerabilityMatcher(*datastore, opts.UseCPEs)
 
 	return &Scanner{
 		datastore:            datastore,
 		dbStatus:             dbStatus,
+		dbCloser:             dbCloser,
 		vulnerabilityMatcher: vulnerabilityMatcher,
 		disableSBOMCache:     opts.DisableSBOMCache,
 	}, nil
@@ -248,6 +250,13 @@ func (s *Scanner) APKSBOM(ctx context.Context, ssbom *sbomSyft.SBOM) (*Result, e
 	return result, nil
 }
 
+// Close closes the scanner's database connection.
+func (s *Scanner) Close() {
+	if s.dbCloser != nil {
+		s.dbCloser.Close()
+	}
+}
+
 func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher {
 	return &grype.VulnerabilityMatcher{
 		Store:    datastore,

diff --git a/pkg/scan/apk_test.go b/pkg/scan/apk_test.go
@@ -94,6 +94,7 @@ func TestScanner_ScanAPK(t *testing.T) {
 	if err != nil {
 		t.Fatalf("creating new scanner: %v", err)
 	}
+	t.Cleanup(scanner.Close)
 
 	for _, tt := range testTargets {
 		for _, arch := range []string{"x86_64", "aarch64"} {