Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2025-04-25 22:18:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Fri Apr 25 22:18:51 2025 rev:75 rq:1272461 version:0.61.1 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2025-02-26 17:16:05.121089639 +0100 +++ /work/SRC/openSUSE:Factory/.trivy.new.30101/trivy.changes 2025-04-25 22:20:00.881315075 +0200 @@ -1,0 +2,108 @@ +Thu Apr 24 15:03:57 UTC 2025 - dmuel...@suse.com + +- Update to version 0.61.1: + * release: v0.61.1 [release/v0.61] (#8704) + * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) + * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) + * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) + * release: v0.61.0 [main] (#8507) + * fix(misconf): Improve logging for unsupported checks (#8634) + * feat(k8s): add support for controllers (#8614) + * fix(debian): don't include empty licenses for `dpkgs` (#8623) + * fix(misconf): Check values wholly prior to evalution (#8604) + * chore(deps): Bump trivy-checks (#8619) + * fix(k8s): show report for `--report all` (#8613) + * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) + * refactor: rename scanner to service (#8584) + * fix(misconf): do not skip loading documents from subdirectories (#8526) + * refactor(misconf): get a block or attribute without calling HasChild (#8586) + * fix(misconf): identify the chart file exactly by name (#8590) + * test: use table-driven tests in Helm scanner tests (#8592) + * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) + * chore(deps): bump the common group across 1 directory with 10 updates (#8566) + * fix(misconf): do not use cty.NilVal for non-nil values (#8567) + * docs(cli): improve flag value display format (#8560) + * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) + * docs: remove slack (#8565) + * fix: use `--file-patterns` flag for all post analyzers (#7365) + * docs(python): Mention pip-compile (#8484) + * feat(misconf): adapt aws_opensearch_domain (#8550) + * feat(misconf): adapt AWS::EC2::VPC (#8534) + * docs: fix a broken link (#8546) + * fix(fs): check postAnalyzers for StaticPaths (#8543) + * refactor(misconf): remove unused methods for ec2.Instance (#8536) + * feat(misconf): adapt aws_default_security_group (#8538) + * feat(fs): optimize scanning performance by direct file access for known paths (#8525) + * feat(misconf): adapt AWS::DynamoDB::Table (#8529) + * style: Fix MD syntax in self-hosting.md (#8523) + * perf(misconf): retrieve check metadata from annotations once (#8478) + * feat(misconf): Add support for aws_ami (#8499) + * fix(misconf): skip Azure CreateUiDefinition (#8503) + * refactor(misconf): use OPA v1 (#8518) + * fix(misconf): add ephemeral block type to config schema (#8513) + * perf(misconf): parse input for Rego once (#8483) + * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) + * chore: replace deprecated tenv linter with usetesting (#8504) + * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) + * chore(deps): bump the common group across 1 directory with 13 updates (#8491) + * chore: use go.mod for managing Go tools (#8493) + * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) + * release: v0.60.0 [main] (#8327) + * fix(sbom): improve logic for binding direct dependency to parent component (#8489) + * chore(deps): remove missed replace of `trivy-db` (#8492) + * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) + * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) + * docs: add abbreviation list (#8453) + * chore(terraform): assign *terraform.Module 'parent' field (#8444) + * feat: add report summary table (#8177) + * chore(deps): bump the github-actions group with 3 updates (#8473) + * refactor(vex): improve SBOM reference handling with project standards (#8457) + * ci: update GitHub Actions cache to v4 (#8475) + * feat: add `--vuln-severity-source` flag (#8269) + * fix(os): add mapping OS aliases (#8466) + * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) + * chore(deps): Bump trivy-checks to v1.7.1 (#8467) + * refactor(report): write tables after rendering all results (#8357) + * docs: update VEX documentation index page (#8458) + * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) + * feat(misconf): render causes for Terraform (#8360) + * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) + * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) + * chore(deps): update go-rustaudit location (#8450) + * fix: update all documentation links (#8045) + * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) + * chore(deps): bump the common group with 6 updates (#8411) + * fix(k8s): add missed option `PkgRelationships` (#8442) + * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346) + * feat(go): fix parsing main module version for go >= 1.24 (#8433) + * refactor(misconf): make Rego scanner independent of config type (#7517) + * fix(image): disable AVD-DS-0007 for history scanning (#8366) + * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) + * chore: remove mockery (#8417) + * test(server): replace mock driver with memory cache in server tests (#8416) + * test: replace mock with memory cache and fix non-deterministic tests (#8410) + * test: replace mock with memory cache in scanner tests (#8413) + * test: use memory cache (#8403) + * fix(spdx): init `pkgFilePaths` map for all formats (#8380) + * chore(deps): bump the common group across 1 directory with 11 updates (#8381) + * docs: correct Ruby documentation (#8402) + * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) + * fix: don't use `scope` for `trivy registry login` command (#8393) + * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) + * chore(terraform): export module path on terraform modules (#8374) + * fix(terraform): apply parser options to submodule parsing (#8377) + * docs: Fix typos in documentation (#8361) + * docs: fix navigate links (#8336) + * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) + * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) + * chore: remove debug prints (#8347) + * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) + * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) + * chore(deps): bump Go to `v1.23.5` (#8341) + * fix(python): add `poetry` v2 support (#8323) + * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) + * fix(misconf): ecs include enhanced for container insights (#8326) + * fix(sbom): preserve OS packages from multiple SBOMs (#8325) + * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) + +------------------------------------------------------------------- Old: ---- trivy-0.59.1.tar.zst New: ---- trivy-0.61.1.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.dpONYP/_old 2025-04-25 22:20:02.145368198 +0200 +++ /var/tmp/diff_new_pack.dpONYP/_new 2025-04-25 22:20:02.149368365 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.59.1 +Version: 0.61.1 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 @@ -25,10 +25,9 @@ URL: https://github.com/aquasecurity/trivy Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst -Patch1: jwe-avoid-unbounded-splits.patch BuildRequires: golang-packaging BuildRequires: zstd -BuildRequires: golang(API) = 1.23 +BuildRequires: golang(API) = 1.24 Requires: ca-certificates Requires: git-core Requires: rpm @@ -45,10 +44,6 @@ %prep %setup -a1 -( - cd vendor/github.com/go-jose/go-jose/v4 -%patch -P 1 -p1 -) %build export CGO_ENABLED=1 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.dpONYP/_old 2025-04-25 22:20:02.185369878 +0200 +++ /var/tmp/diff_new_pack.dpONYP/_new 2025-04-25 22:20:02.189370047 +0200 @@ -1,5 +1,5 @@ -mtime: 1740565169 -commit: 7ca63ef7514307238c0f1d8d92767cb7822b6c03c75c6bed34f60798fce83caa +mtime: 1745507690 +commit: dd38f6440d12446b021b0fe646a97ee07ec95545bbad8a6166f23d01fd3d92d0 url: https://src.opensuse.org/dirkmueller/trivy.git -revision: 7ca63ef7514307238c0f1d8d92767cb7822b6c03c75c6bed34f60798fce83caa +revision: dd38f6440d12446b021b0fe646a97ee07ec95545bbad8a6166f23d01fd3d92d0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.dpONYP/_old 2025-04-25 22:20:02.209370888 +0200 +++ /var/tmp/diff_new_pack.dpONYP/_new 2025-04-25 22:20:02.209370888 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.59.1</param> + <param name="revision">v0.61.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.dpONYP/_old 2025-04-25 22:20:02.229371727 +0200 +++ /var/tmp/diff_new_pack.dpONYP/_new 2025-04-25 22:20:02.233371896 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">9aabfd2a91e7278384bce7ccc6841a1d2851feb0</param></service></servicedata> + <param name="changesrevision">7d3b4ffdd6b22ae80215f3a04421606b1f78de6a</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ trivy-0.59.1.tar.zst -> trivy-0.61.1.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.59.1.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.30101/trivy-0.61.1.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.30101/vendor.tar.zst differ: char 7, line 1