Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package govulncheck for openSUSE:Factory checked in at 2025-01-14 16:22:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/govulncheck (Old) and /work/SRC/openSUSE:Factory/.govulncheck.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "govulncheck" Tue Jan 14 16:22:36 2025 rev:11 rq:1237548 version:1.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/govulncheck/govulncheck.changes 2024-10-16 23:54:39.640770278 +0200 +++ /work/SRC/openSUSE:Factory/.govulncheck.new.1881/govulncheck.changes 2025-01-14 16:23:33.700277563 +0100 @@ -1,0 +2,39 @@ +Mon Jan 13 18:11:03 UTC 2025 - Jeff Kowalczyk <[email protected]> + +- Update to version 1.1.4: + * go.mod: update golang.org/x dependencies + * go.mod: update golang.org/x dependencies + * cmd/govulncheck: remove unnecessary fixups + * cmd/govulncheck: better mask new (sbom) versions + * cmd/govulncheck: mask dirty dependency versions + * cmd/govulncheck: add missing test data + * cmd/govulncheck: set gotypesalias=1 when using >=1.23 toolchain + * go.mod: update golang.org/x dependencies + * internal/sarif: use empty arrays instead of nils + * cmd/govulncheck/testdata: expand set of go versions in fixup + * cmd/govulncheck: remove unused fixup + * internal/scan: add amounts to sbom text output + * internal/scan: remove 'scanning n packages...' msg + * internal/scan: add SBOM to text output + * internal/vulncheck: pass SBOM to handlers + * go.mod: update golang.org/x dependencies + * internal/semver: add SemverToGoTag + * internal/govulncheck: add sbom message type + * internal/openvex: refactor PURL + * internal/openvex: populate product subcomponents + * internal/scan: do not show stacks in traces mode for binaries + * internal/scan: reorganize trace text layout in trace mode + * go.mod: update golang.org/x dependencies + * internal/vulncheck: remove use of ssautil.AllFunctions + * cmd/govulncheck: update test file for main module vulnerabilities + * cmd/govulncheck: add docs on detecting main module vulns + * go.mod: update golang.org/x dependencies + * cmd/govulncheck: update unit tests + * internal/vulncheck: properly check for main package vulns + * internal/vulncheck: explicitly exclude devel from affected ranges + * internal/vulncheck: consider main module when checking bin vulns + * internal/vulncheck: exclude dev go versions from ancient check +- Packaging improvements: + * Update to BuildRequires: golang(API) >= 1.22 matching go.mod + +------------------------------------------------------------------- Old: ---- govulncheck-1.1.3.tar.gz New: ---- govulncheck-1.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ govulncheck.spec ++++++ --- /var/tmp/diff_new_pack.ty8NyZ/_old 2025-01-14 16:23:34.168296928 +0100 +++ /var/tmp/diff_new_pack.ty8NyZ/_new 2025-01-14 16:23:34.168296928 +0100 @@ -1,7 +1,7 @@ # # spec file for package govulncheck # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: govulncheck -Version: 1.1.3 +Version: 1.1.4 Release: 0 Summary: CLI tool to report known CVE vulnerabilities in Go source code and binaries License: BSD-3-Clause @@ -25,7 +25,7 @@ URL: https://github.com/golang/vuln Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: golang(API) >= 1.21 +BuildRequires: golang(API) >= 1.22 # Required to build on SLE-12 ExcludeArch: s390 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ty8NyZ/_old 2025-01-14 16:23:34.196298087 +0100 +++ /var/tmp/diff_new_pack.ty8NyZ/_new 2025-01-14 16:23:34.200298252 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/golang/vuln.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.1.3</param> + <param name="revision">v1.1.4</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ty8NyZ/_old 2025-01-14 16:23:34.220299080 +0100 +++ /var/tmp/diff_new_pack.ty8NyZ/_new 2025-01-14 16:23:34.220299080 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/golang/vuln.git</param> - <param name="changesrevision">4ea4418106cea3bb2c9aa098527c924e9e1fbbb4</param></service></servicedata> + <param name="changesrevision">d1f380186385b4f64e00313f31743df8e4b89a77</param></service></servicedata> (No newline at EOF) ++++++ govulncheck-1.1.3.tar.gz -> govulncheck-1.1.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/govulncheck/govulncheck-1.1.3.tar.gz /work/SRC/openSUSE:Factory/.govulncheck.new.1881/govulncheck-1.1.4.tar.gz differ: char 12, line 1 ++++++ vendor.tar.gz ++++++ ++++ 9465 lines of diff (skipped)
