Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2025-01-14 16:23:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Tue Jan 14 16:23:08 2025 rev:2 rq:1237622 version:1.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-01-13 17:51:16.541470038 +0100 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1881/zizmor.changes 2025-01-14 16:23:54.553139916 +0100 @@ -1,0 +2,11 @@ +Tue Jan 14 05:42:08 UTC 2025 - [email protected] + +- Update to version 1.1.1: + * chore: prep 1.1.1 (#438) + * chore(deps): bump the cargo group with 4 updates (#434) + * chore(deps): bump the github-actions group with 2 updates + (#436) + * fix: bump github-actions-models (#437) + * docs: bump trophies (#430) + +------------------------------------------------------------------- Old: ---- zizmor-1.1.0.obscpio New: ---- zizmor-1.1.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.6up8qg/_old 2025-01-14 16:23:57.209249728 +0100 +++ /var/tmp/diff_new_pack.6up8qg/_new 2025-01-14 16:23:57.229250555 +0100 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.1.0 +Version: 1.1.1 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.6up8qg/_old 2025-01-14 16:23:57.609266266 +0100 +++ /var/tmp/diff_new_pack.6up8qg/_new 2025-01-14 16:23:57.637267424 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.1.0</param> + <param name="revision">v1.1.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.6up8qg/_old 2025-01-14 16:23:57.865276850 +0100 +++ /var/tmp/diff_new_pack.6up8qg/_new 2025-01-14 16:23:57.897278173 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">b178d52d3530969ba7e4ce0c87e5fc520bdd154e</param></service></servicedata> + <param name="changesrevision">ec37d0a0e5ab398b9e1c47259ef200a3a4e86104</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1881/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.1.0.obscpio -> zizmor-1.1.1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/.github/workflows/pypi.yml new/zizmor-1.1.1/.github/workflows/pypi.yml --- old/zizmor-1.1.0/.github/workflows/pypi.yml 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/.github/workflows/pypi.yml 2025-01-13 17:03:43.000000000 +0100 @@ -42,7 +42,7 @@ sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} # zizmor: ignore[cache-poisoning] manylinux: auto - name: Upload wheels - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: wheels-linux-${{ matrix.platform.target }} path: dist @@ -72,7 +72,7 @@ sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} # zizmor: ignore[cache-poisoning] manylinux: musllinux_1_2 - name: Upload wheels - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: wheels-musllinux-${{ matrix.platform.target }} path: dist @@ -97,7 +97,7 @@ args: --release --out dist sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} # zizmor: ignore[cache-poisoning] - name: Upload wheels - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: wheels-windows-${{ matrix.platform.target }} path: dist @@ -122,7 +122,7 @@ args: --release --out dist sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} # zizmor: ignore[cache-poisoning] - name: Upload wheels - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: wheels-macos-${{ matrix.platform.target }} path: dist @@ -139,7 +139,7 @@ command: sdist args: --out dist - name: Upload sdist - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: wheels-sdist path: dist diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/.github/workflows/zizmor.yml new/zizmor-1.1.1/.github/workflows/zizmor.yml --- old/zizmor-1.1.0/.github/workflows/zizmor.yml 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/.github/workflows/zizmor.yml 2025-01-13 17:03:43.000000000 +0100 @@ -25,7 +25,7 @@ env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif category: zizmor diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/Cargo.lock new/zizmor-1.1.1/Cargo.lock --- old/zizmor-1.1.0/Cargo.lock 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/Cargo.lock 2025-01-13 17:03:43.000000000 +0100 @@ -273,9 +273,9 @@ [[package]] name = "clap" -version = "4.5.23" +version = "4.5.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84" +checksum = "a8eb5e908ef3a6efbe1ed62520fb7287959888c88485abe072543190ecc66783" dependencies = [ "clap_builder", "clap_derive", @@ -293,9 +293,9 @@ [[package]] name = "clap_builder" -version = "4.5.23" +version = "4.5.26" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838" +checksum = "96b01801b5fc6a0a232407abc821660c9c6d25a1cafc0d4f85f29fb8d9afc121" dependencies = [ "anstream", "anstyle", @@ -305,9 +305,9 @@ [[package]] name = "clap_derive" -version = "4.5.18" +version = "4.5.24" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab" +checksum = "54b755194d6389280185988721fffba69495eed5ee9feeee9a599b53db80318c" dependencies = [ "heck", "proc-macro2", @@ -616,9 +616,9 @@ [[package]] name = "github-actions-models" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "1e9576dac15088d565d47b67d09bd9fd9f0d84bda4b0d34af91ab55327f4c2d0" +checksum = "1d63182827fb1d242303a2365a963579469c66559011fa01c4b5822a19be8075" dependencies = [ "indexmap", "serde", @@ -1057,9 +1057,9 @@ [[package]] name = "libc" -version = "0.2.166" +version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "c2ccc108bbc0b1331bd061864e7cd823c0cab660bbe6970e66e2c0614decde36" +checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libredox" @@ -1766,9 +1766,9 @@ [[package]] name = "serde_json" -version = "1.0.134" +version = "1.0.135" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d" +checksum = "2b0d7ba2887406110130a978386c4e1befb98c674b4fba677954e4db976630d9" dependencies = [ "itoa", "memchr", @@ -2191,9 +2191,9 @@ [[package]] name = "tokio" -version = "1.42.0" +version = "1.43.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551" +checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e" dependencies = [ "backtrace", "bytes", @@ -2207,9 +2207,9 @@ [[package]] name = "tokio-macros" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" +checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8" dependencies = [ "proc-macro2", "quote", @@ -2373,9 +2373,9 @@ [[package]] name = "tree-sitter" -version = "0.24.6" +version = "0.24.7" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5f2434c86ba59ed15af56039cc5bf1acf8ba76ce301e32ef08827388ef285ec5" +checksum = "a5387dffa7ffc7d2dae12b50c6f7aab8ff79d6210147c6613561fc3d474c6f75" dependencies = [ "cc", "regex", @@ -3108,7 +3108,7 @@ [[package]] name = "zizmor" -version = "1.1.0" +version = "1.1.1" dependencies = [ "annotate-snippets", "anstream", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/Cargo.toml new/zizmor-1.1.1/Cargo.toml --- old/zizmor-1.1.0/Cargo.toml 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/Cargo.toml 2025-01-13 17:03:43.000000000 +0100 @@ -1,7 +1,7 @@ [package] name = "zizmor" description = "Static analysis for GitHub Actions" -version = "1.1.0" +version = "1.1.1" edition = "2021" repository = "https://github.com/woodruffw/zizmor"; homepage = "https://github.com/woodruffw/zizmor"; @@ -17,13 +17,13 @@ anstream = "0.6.18" anyhow = "1.0.95" camino = { version = "1.1.9", features = ["serde1"] } -clap = { version = "4.5.23", features = ["derive", "env"] } +clap = { version = "4.5.26", features = ["derive", "env"] } clap-verbosity-flag = { version = "3.0.2", features = [ "tracing", ], default-features = false } etcetera = "0.8.0" flate2 = "1.0.35" -github-actions-models = "0.19.0" +github-actions-models = "0.20.0" http-cache-reqwest = "0.15.0" human-panic = "2.0.1" indexmap = "2.7.0" @@ -41,17 +41,17 @@ reqwest-middleware = "0.4.0" serde = { version = "1.0.217", features = ["derive"] } serde-sarif = "0.7.0" -serde_json = "1.0.134" +serde_json = "1.0.135" serde_yaml = "0.9.34" # TODO remove pending https://github.com/tree-sitter/tree-sitter/pull/4034 streaming-iterator = "0.1.9" tar = "0.4.43" terminal-link = "0.1.0" -tokio = { version = "1.42.0", features = ["rt-multi-thread"] } +tokio = { version = "1.43.0", features = ["rt-multi-thread"] } tracing = "0.1.41" tracing-indicatif = "0.3.8" tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } -tree-sitter = "0.24.6" +tree-sitter = "0.24.7" tree-sitter-bash = "0.23.3" tree-sitter-powershell = "0.24.4" yamlpath = "0.14.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/docs/release-notes.md new/zizmor-1.1.1/docs/release-notes.md --- old/zizmor-1.1.0/docs/release-notes.md 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/docs/release-notes.md 2025-01-13 17:03:43.000000000 +0100 @@ -7,10 +7,17 @@ This page contains _abbreviated_, user-focused release notes for each version of `zizmor`. -## Upcoming (UNRELEASED) +## Next (UNRELEASED) Nothing to see here (yet!) +## v1.1.1 + +### Fixed + +* Fixed a regression where workflows with calls to unpinned reusable workflows + would fail to parse (#437) + ## v1.1.0 This release comes with one new audit ([secrets-inherit]), plus a slew diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/docs/snippets/trophies.md new/zizmor-1.1.1/docs/snippets/trophies.md --- old/zizmor-1.1.0/docs/snippets/trophies.md 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/docs/snippets/trophies.md 2025-01-13 17:03:43.000000000 +0100 @@ -272,6 +272,14 @@ - hynek/svcs#111 +- { width="40" loading=lazy align=left } icsharpcode + + --- + + ??? example "Examples" + - icsharpcode/ILSpy#3365 + + - { width="40" loading=lazy align=left } Instagram --- @@ -322,6 +330,14 @@ - maxmind/GeoIP2-node#1387 +- { width="40" loading=lazy align=left } mfussenegger + + --- + + ??? example "Examples" + - mfussenegger/nvim-lint#710 + + - { width="40" loading=lazy align=left } mkuf --- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/docs/snippets/trophies.txt new/zizmor-1.1.1/docs/snippets/trophies.txt --- old/zizmor-1.1.0/docs/snippets/trophies.txt 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/docs/snippets/trophies.txt 2025-01-13 17:03:43.000000000 +0100 @@ -60,6 +60,7 @@ hynek/stamina#81 hynek/structlog#663 hynek/svcs#111 +icsharpcode/ILSpy#3365 Instagram/LibCST#1262 lmstudio-ai/venvstacks#51 matplotlib/matplotlib#29251 @@ -75,6 +76,7 @@ maxmind/geoip2-csv-converter#87 maxmind/mmdbwriter#104 maxmind/GeoIP2-node#1387 +mfussenegger/nvim-lint#710 mkuf/prind#183 mne-tools/mne-python#13011 MoarVM/MoarVM#1875 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.1.0/docs/usage.md new/zizmor-1.1.1/docs/usage.md --- old/zizmor-1.1.0/docs/usage.md 2025-01-13 06:15:57.000000000 +0100 +++ new/zizmor-1.1.1/docs/usage.md 2025-01-13 17:03:43.000000000 +0100 @@ -457,7 +457,7 @@ ```yaml - repo: https://github.com/woodruffw/zizmor-pre-commit - rev: v1.1.0 # (1)! + rev: v1.1.1 # (1)! hooks: - id: zizmor ``` ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.6up8qg/_old 2025-01-14 16:23:58.813316046 +0100 +++ /var/tmp/diff_new_pack.6up8qg/_new 2025-01-14 16:23:58.845317368 +0100 @@ -1,5 +1,5 @@ name: zizmor -version: 1.1.0 -mtime: 1736745357 -commit: b178d52d3530969ba7e4ce0c87e5fc520bdd154e +version: 1.1.1 +mtime: 1736784223 +commit: ec37d0a0e5ab398b9e1c47259ef200a3a4e86104
