There is a new pull request by jcgruenhage against master on the void-packages repository

https://github.com/jcgruenhage/void-packages grype
https://github.com/void-linux/void-packages/pull/34511

New packages: grype and syft
This adds two new packages, `syft`, a SBOM generator with support for creating SBOMs from loads of sources, and `grype`, a vulnerability scanner based on `syft`. `grype` includes `syft` as a library, and because go includes those statically, which is why `grype` does not have a dependency on `syft` here.
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**


A patch file from https://github.com/void-linux/void-packages/pull/34511.patch is attached