Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2025-09-10 20:22:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Wed Sep 10 20:22:52 2025 rev:81 rq:1303631 version:0.66.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2025-09-05 21:43:14.948487554 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.1977/trivy.changes 2025-09-10 20:23:08.779506216 +0200 @@ -1,0 +2,53 @@ +Thu Sep 04 13:44:57 UTC 2025 - Dirk Müller <dmuel...@suse.com> + +- Update to version 0.66.0 (bsc#1248937, CVE-2025-58058): + * release: v0.66.0 [main] (#9289) + * chore(deps): bump the aws group with 7 updates (#9419) + * refactor(secret): clarify secret scanner messages (#9409) + * fix(cyclonedx): handle multiple license types (#9378) + * fix(repo): sanitize git repo URL before inserting into report metadata (#9391) + * test: add HTTP basic authentication to git test server (#9407) + * fix(sbom): add support for `file` component type of `CycloneDX` (#9372) + * fix(misconf): ensure module source is known (#9404) + * ci: migrate GitHub Actions from version tags to SHA pinning (#9405) + * fix: create temp file under composite fs dir (#9387) + * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403) + * refactor: switch to stable azcontainerregistry SDK package (#9319) + * chore(deps): bump the common group with 7 updates (#9382) + * refactor(misconf): migrate from custom Azure JSON parser (#9222) + * fix(repo): preserve RepoMetadata on FS cache hit (#9389) + * refactor(misconf): use atomic.Int32 (#9385) + * chore(deps): bump the aws group with 6 updates (#9383) + * docs: Fix broken link to "Built-in Checks" (#9375) + * fix(plugin): don't remove plugins when updating index.yaml file (#9358) + * fix: persistent flag option typo (#9374) + * chore(deps): bump the common group across 1 directory with 26 updates (#9347) + * fix(image): use standardized HTTP client for ECR authentication (#9322) + * refactor: export `systemFileFiltering` Post Handler (#9359) + * docs: update links to Semaphore pages (#9352) + * fix(conda): memory leak by adding closure method for `package.json` file (#9349) + * feat: add timeout handling for cache database operations (#9307) + * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296) + * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324) + * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301) + * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277) + * chore: fix some function names in comment (#9314) + * chore(deps): bump the aws group with 7 updates (#9311) + * docs: add explanation for how to use non-system certificates (#9081) + * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962) + * fix(misconf): preserve original paths of remote submodules from .terraform (#9294) + * refactor(terraform): make Scan method of Terraform plan scanner private (#9272) + * fix: suppress debug log for context cancellation errors (#9298) + * feat(secret): implement streaming secret scanner with byte offset tracking (#9264) + * fix(python): impove package name normalization (#9290) + * feat(misconf): added audit config attribute (#9249) + * refactor(misconf): decouple input fs and track extracted files with fs references (#9281) + * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291) + * refactor: simplify Detect function signature (#9280) + * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288) + * fix(fs): avoid shadowing errors in file.glob (#9286) + * test(misconf): move terraform scan tests to integration tests (#9271) + * test(misconf): drop gcp iam test covered by another case (#9285) + * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283) + +------------------------------------------------------------------- Old: ---- trivy-0.65.0.tar.zst New: ---- trivy-0.66.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.InOhcY/_old 2025-09-10 20:23:11.639626978 +0200 +++ /var/tmp/diff_new_pack.InOhcY/_new 2025-09-10 20:23:11.643627147 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.65.0 +Version: 0.66.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.InOhcY/_old 2025-09-10 20:23:11.691629174 +0200 +++ /var/tmp/diff_new_pack.InOhcY/_new 2025-09-10 20:23:11.695629343 +0200 @@ -1,5 +1,5 @@ -mtime: 1756993344 -commit: 463e1def1560c994814c18c2c2bcccd207dd15ff119c012b55bb47d424211c74 +mtime: 1757001936 +commit: 265147e787726a9af4061aae06ecc1932ff61a77bf7bda5c72ee86d1fd0da131 url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory ++++++ _service ++++++ --- /var/tmp/diff_new_pack.InOhcY/_old 2025-09-10 20:23:11.719630356 +0200 +++ /var/tmp/diff_new_pack.InOhcY/_new 2025-09-10 20:23:11.723630525 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.65.0</param> + <param name="revision">v0.66.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.InOhcY/_old 2025-09-10 20:23:11.747631538 +0200 +++ /var/tmp/diff_new_pack.InOhcY/_new 2025-09-10 20:23:11.751631707 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">b2b15459bac0efef73531c73b45e80d40ddd0fec</param></service></servicedata> + <param name="changesrevision">7bcb181268893fdd69ef4582588c040bb1036c33</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-09-04 18:06:21.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ trivy-0.65.0.tar.zst -> trivy-0.66.0.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.65.0.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1977/trivy-0.66.0.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1977/vendor.tar.zst differ: char 7, line 1
