Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2025-01-29 16:18:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.2316 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Wed Jan 29 16:18:31 2025 rev:72 rq:1241184 version:0.58.2 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2024-12-03 20:48:26.190120787 +0100 +++ /work/SRC/openSUSE:Factory/.trivy.new.2316/trivy.changes 2025-01-29 16:19:13.845496636 +0100 @@ -1,0 +2,86 @@ +Wed Jan 29 11:56:12 UTC 2025 - dmuel...@suse.com + +- Update to version 0.58.2 ( + bsc#1234512, CVE-2024-45337, + bsc#1235265, CVE-2024-45338): + * release: v0.58.2 [release/v0.58] (#8216) + * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) + * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) + * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) + * release: v0.58.1 [release/v0.58] (#8120) + * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) + * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) + * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) + * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) + * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) + * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) + * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) + * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) + * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) + * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) + * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119) + * release: v0.58.0 [main] (#7874) + * fix(misconf): wrap AWS EnvVar to iac types (#7407) + * chore(deps): Upgrade trivy-checks (#8018) + * refactor(misconf): Remove unused options (#7896) + * docs: add terminology page to explain Trivy concepts (#7996) + * feat: add `workspaceRelationship` (#7889) + * refactor(sbom): simplify relationship generation (#7985) + * chore: remove Go checks (#7907) + * docs: improve databases documentation (#7732) + * refactor: remove support for custom Terraform checks (#7901) + * docs: fix dead links (#7998) + * docs: drop AWS account scanning (#7997) + * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) + * fix(cli): Handle empty ignore files more gracefully (#7962) + * fix(misconf): load full Terraform module (#7925) + * fix(misconf): properly resolve local Terraform cache (#7983) + * refactor(k8s): add v prefix for Go packages (#7839) + * test: replace Go checks with Rego (#7867) + * feat(misconf): log causes of HCL file parsing errors (#7634) + * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) + * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) + * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) + * chore: downgrade the failed block expand message to debug (#7964) + * fix(misconf): do not erase variable type for child modules (#7941) + * feat(go): construct dependencies of `go.mod` main module in the parser (#7977) + * feat(go): construct dependencies in the parser (#7973) + * feat: add cvss v4 score and vector in scan response (#7968) + * docs: add `overview` page for `others` (#7972) + * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) + * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965) + * chore(deps): bump the common group with 4 updates (#7949) + * feat(oracle): add `flavors` support (#7858) + * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953) + * chore(deps): Bump up trivy-checks to v1.3.0 (#7959) + * fix(k8s): check all results for vulnerabilities (#7946) + * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945) + * feat(secret): Add built-in secrets rules for Private Packagist (#7826) + * docs: Fix broken links (#7900) + * docs: fix mistakes/typos (#7942) + * feat: Update registry fallbacks (#7679) + * fix(alpine): add `UID` for removed packages (#7887) + * chore(deps): bump the aws group with 6 updates (#7902) + * chore(deps): bump the common group with 6 updates (#7904) + * fix(debian): infinite loop (#7928) + * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912) + * docs: add note about temporary podman socket (#7921) + * docs: combine trivy.dev into trivy docs (#7884) + * test: change branch in spdx schema link to check in integration tests (#7935) + * docs: add Headlamp to the Trivy Ecosystem page (#7916) + * fix(report): handle `g...@github.com` schema for misconfigs in `sarif` report (#7898) + * chore(k8s): enhance k8s scan log (#6997) + * fix(terraform): set null value as fallback for missing variables (#7669) + * fix(misconf): handle null properties in CloudFormation templates (#7813) + * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882) + * chore(deps): bump the common group across 1 directory with 20 updates (#7876) + * chore: bump containerd to v2.0.0 (#7875) + * fix: Improve version comparisons when build identifiers are present (#7873) + * feat(k8s): add default commands for unknown platform (#7863) + * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868) + * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862) + * test: save `containerd` image into archive and use in tests (#7816) + * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854) + * chore: bump golangci-lint to v1.61.0 (#7853) + +------------------------------------------------------------------- @@ -470 +556 @@ -- Update to version 0.51.1: +- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817): Old: ---- trivy-0.57.1.tar.zst New: ---- trivy-0.58.2.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.c2zvzC/_old 2025-01-29 16:19:16.253596498 +0100 +++ /var/tmp/diff_new_pack.c2zvzC/_new 2025-01-29 16:19:16.257596664 +0100 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.57.1 +Version: 0.58.2 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.c2zvzC/_old 2025-01-29 16:19:16.289597991 +0100 +++ /var/tmp/diff_new_pack.c2zvzC/_new 2025-01-29 16:19:16.293598157 +0100 @@ -1,5 +1,5 @@ -mtime: 1733152795 -commit: 7b167d9c3b42696274d8b3dffebce782481d162e1c1407e3c3db6c328a8e3422 -url: https://src.opensuse.org/cwh/trivy.git -revision: 7b167d9c3b42696274d8b3dffebce782481d162e1c1407e3c3db6c328a8e3422 +mtime: 1738152459 +commit: 757447aee927fa8446de045d0c1b532e9a3787977a6cd9b2e6282a170bd4b0a5 +url: https://src.opensuse.org/dirkmueller/trivy.git +revision: 757447aee927fa8446de045d0c1b532e9a3787977a6cd9b2e6282a170bd4b0a5 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.c2zvzC/_old 2025-01-29 16:19:16.313598986 +0100 +++ /var/tmp/diff_new_pack.c2zvzC/_new 2025-01-29 16:19:16.317599152 +0100 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.57.1</param> + <param name="revision">v0.58.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.c2zvzC/_old 2025-01-29 16:19:16.337599982 +0100 +++ /var/tmp/diff_new_pack.c2zvzC/_new 2025-01-29 16:19:16.345600313 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">b7947b37ee47ea79dff550462c297164eb47aa9e</param></service></servicedata> + <param name="changesrevision">936f06a57864d073aa77b38f77fe76c4fcb1f7c1</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff: old/*: No such file or directory diff: new/*: No such file or directory ++++++ trivy-0.57.1.tar.zst -> trivy-0.58.2.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.57.1.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.2316/trivy-0.58.2.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.2316/vendor.tar.zst differ: char 6, line 1
