Will Murphy

**What happened**: I was trying to release chronicle, and I had to downgrade my local go to make the `make release` command in this repo work. **What you expected to...

**What would you like to be added**: I'd like for all the dependabot and similar PRs that go into a release to be present in release notes, but collapsed by...

``` "pull_request_target.opened" is not a known webhook name (https://developer.github.com/v3/activity/events/types/) "pull_request_target.reopened" is not a known webhook name (https://developer.github.com/v3/activity/events/types/) "pull_request_target.synchronize" is not a known webhook name (https://developer.github.com/v3/activity/events/types/) "pull_request_target.edited" is not a known...

This PR adds the ability for vunnel to emit EUS-specific fix information from the red hat provider. It enables the following match distinctions: ``` # non-EUS - package is vulnerable...

**What would you like to be added**: Elsewhere at Anchore, we use `orjson` over `json` because it's faster. It looks like `mashumaro`, a library providing dataclass mixins for JSON deserialization...

Depends on anchore/grype#2540 and anchore/vunnel#796. Will need to be updated to depend on a released version of grype once the grype change is released.

Also needs anchore/vunnel#796 and anchore/grype-db#540 to be released before it will help, but then it will fix #2446.

When scanning Wolfi images, GHSAs have "Unknown" severity

2

**What happened**: When scanning Wolfi images, GHSAs have "Unknown" severity. **What you expected to happen**: GHSAs should have the same severity as shown in the GitHub advisory web UI. **How...

**What happened**: Adding some exploratory unit tests to grype, received unexpected failures, see linked PR. These tests probably cause some FPs on old JVM versions when comparing to other old...