Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package zizmor for openSUSE:Factory checked
in at 2025-08-19 16:45:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/zizmor (Old)
and /work/SRC/openSUSE:Factory/.zizmor.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor"
Tue Aug 19 16:45:11 2025 rev:14 rq:1300156 version:1.12.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-07-02
12:13:33.436848927 +0200
+++ /work/SRC/openSUSE:Factory/.zizmor.new.1085/zizmor.changes 2025-08-19
16:46:25.123610880 +0200
@@ -1,0 +2,43 @@
+Mon Aug 18 13:04:34 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 1.12.1:
+ * Bug Fixes
+ - Fixed a bug where the cache-poisoning would incorrectly
+ detect the opposite cases for cache enablement (#1081)
+
+-------------------------------------------------------------------
+Mon Aug 18 12:58:27 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 1.12.0:
+ * New Features
+ - New audit: unsound-condition detects if: conditions that
+ inadvertently always evaluate to true (#1053)
+ * Enhancements
+ - The cache-poisoning audit now supports auto-fixes for many
+ findings (#923)
+ - The known-vulnerable-actions audit now supports auto-fixes
+ for many findings (#1019)
+ - zizmor is now stricter about parsing uses: clauses. In
+ particular, zizmor will no longer accept uses: org/repo
+ without a trailing @ref, as GitHub Actions itself does not
+ accept this syntax (#1019)
+ - The use-trusted-publishing audit now detects many more
+ patterns, including cargo publish and other run: blocks that
+ make use of publishing commands directly (#1042)
+ - The insecure-commands audit now supports auto-fixes for many
+ findings (#1045)
+ - The template-injection audit now detects more action
+ injection sinks (#1059)
+ * Bug Fixes
+ - Fixed a bug where --fix would fail to preserve comments when
+ modifying block-style YAML mappings (#995)
+ - Fixed a bug where zizmor would crash when given a GitHub API
+ token with leading or trailing whitespace (#1027)
+ - Fixed a bug where template-injection findings in --fix mode
+ would be incorrectly patched when referencing an env.*
+ context (#1052)
+ - Fixed a bug where template-injection findings in --fix mode
+ would be patched with shell syntax that didn't match the
+ step's actual shell (#1064)
+
+-------------------------------------------------------------------
Old:
----
zizmor-1.11.0.obscpio
New:
----
zizmor-1.12.1.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ zizmor.spec ++++++
--- /var/tmp/diff_new_pack.3YTeU3/_old 2025-08-19 16:46:26.695676336 +0200
+++ /var/tmp/diff_new_pack.3YTeU3/_new 2025-08-19 16:46:26.699676504 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zizmor
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: zizmor
-Version: 1.11.0
+Version: 1.12.1
Release: 0
Summary: A static analysis tool for GitHub Actions
License: MIT
++++++ _service ++++++
--- /var/tmp/diff_new_pack.3YTeU3/_old 2025-08-19 16:46:26.743678336 +0200
+++ /var/tmp/diff_new_pack.3YTeU3/_new 2025-08-19 16:46:26.743678336 +0200
@@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">v1.11.0</param>
+ <param name="revision">v1.12.1</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.3YTeU3/_old 2025-08-19 16:46:26.767679335 +0200
+++ /var/tmp/diff_new_pack.3YTeU3/_new 2025-08-19 16:46:26.787680168 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/woodruffw/zizmor</param>
- <param
name="changesrevision">1cc8f934e6fad1414fbfc420bd02b0c325d9daab</param></service></servicedata>
+ <param
name="changesrevision">dbc12d4a217755d8dfd0362c3e84d58f13d6dfb7</param></service></servicedata>
(No newline at EOF)
++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst
/work/SRC/openSUSE:Factory/.zizmor.new.1085/vendor.tar.zst differ: char 7, line
1
++++++ zizmor-1.11.0.obscpio -> zizmor-1.12.1.obscpio ++++++
++++ 18967 lines of diff (skipped)
++++++ zizmor.obsinfo ++++++
--- /var/tmp/diff_new_pack.3YTeU3/_old 2025-08-19 16:46:27.423706650 +0200
+++ /var/tmp/diff_new_pack.3YTeU3/_new 2025-08-19 16:46:27.427706817 +0200
@@ -1,5 +1,5 @@
name: zizmor
-version: 1.11.0
-mtime: 1751309929
-commit: 1cc8f934e6fad1414fbfc420bd02b0c325d9daab
+version: 1.12.1
+mtime: 1755232029
+commit: dbc12d4a217755d8dfd0362c3e84d58f13d6dfb7
