Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package zizmor for openSUSE:Factory checked
in at 2025-09-15 19:51:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/zizmor (Old)
and /work/SRC/openSUSE:Factory/.zizmor.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor"
Mon Sep 15 19:51:58 2025 rev:15 rq:1304625 version:1.13.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-08-19
16:46:25.123610880 +0200
+++ /work/SRC/openSUSE:Factory/.zizmor.new.1977/zizmor.changes 2025-09-15
19:55:51.262529164 +0200
@@ -1,0 +2,65 @@
+Sun Sep 14 11:54:23 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 1.13.0:
+ * New Features
+ - New audit: undocumented-permissions detects explicit
+ permission grants that lack an explanatory comment (#1131)
+ Many thanks to @johnbillion for proposing and implementing
+ this audit!
+ * Enhancements
+ - zizmor's configuration discovery behavior has been
+ significantly refactored, making it easier to audit multiple
+ independent inputs with their own configuration files (#1094)
+ For most users, this change should cause no compatibility
+ issues. For example, the following commands will continue to
+ load the same configuration files as before:
+
+ zizmor .
+ zizmor .github/
+
+ For other users, the behavior will change, but in a way
+ that's intended to correct a long-standing bug with
+ configuration discovery. In particular, the following
+ commands will now behave differently:
+
+ # OLD: would discover config in $CWD
+ # NEW: will discover two different configs, one in each of the repos
+ zizmor ./repoA ./repoB
+
+ Separately from these changes, zizmor continues to support
+ --config <path> and ZIZMOR_CONFIG with the exact same
+ behavior as before.
+ See Configuration - Discovery for a detailed explanation of
+ the new behavior.
+ - Audit rules can now be disabled entirely in zizmor's
+ configuration. See rules..disable for details (#1132)
+ - The obfuscation audit now supports auto-fixes for many
+ findings (#1088)
+ * Bug Fixes
+ - zizmor now correctly honors --strict-collection when
+ collecting from remote inputs. This also means that the
+ default collection strictness has changed for remote inputs
+ to match all other inputs (#1122)
+ - Fixed a bug where zizmor would crash on certain UTF-8 inputs
+ lacking an explicit final newline due to a bug in the
+ annotate-snippets crate (#1136)
+ * Dependencies
+ - chore(deps): bump github/codeql-action in the github-actions
+ group (#1140)
+ - chore(deps): bump the cargo group with 4 updates (#1141)
+ - chore(docs): remove external links section, add crates.io
+ link to footer (#1137)
+ - bugfix(deps): bump annotate-snippets to 0.12.2 (#1136)
+ - chore(deps): bump the github-actions group with 3 updates
+ (#1129)
+ - chore(deps): bump the cargo group with 2 updates (#1130)
+ - chore(deps): bump tracing-subscriber from 0.3.19 to 0.3.20
+ (#1121)
+ - chore(deps): bump the github-actions group with 2 updates
+ (#1112)
+ - chore(deps): bump the cargo group with 5 updates (#1111)
+ - chore(deps): bump the cargo group with 6 updates (#1097)
+ - chore(deps): bump the github-actions group with 6 updates
+ (#1096)
+
+-------------------------------------------------------------------
Old:
----
zizmor-1.12.1.obscpio
New:
----
zizmor-1.13.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ zizmor.spec ++++++
--- /var/tmp/diff_new_pack.HLrDgT/_old 2025-09-15 19:55:51.970558893 +0200
+++ /var/tmp/diff_new_pack.HLrDgT/_new 2025-09-15 19:55:51.974559061 +0200
@@ -17,7 +17,7 @@
Name: zizmor
-Version: 1.12.1
+Version: 1.13.0
Release: 0
Summary: A static analysis tool for GitHub Actions
License: MIT
++++++ _service ++++++
--- /var/tmp/diff_new_pack.HLrDgT/_old 2025-09-15 19:55:52.030561413 +0200
+++ /var/tmp/diff_new_pack.HLrDgT/_new 2025-09-15 19:55:52.034561581 +0200
@@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">v1.12.1</param>
+ <param name="revision">v1.13.0</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.HLrDgT/_old 2025-09-15 19:55:52.054562420 +0200
+++ /var/tmp/diff_new_pack.HLrDgT/_new 2025-09-15 19:55:52.062562756 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/woodruffw/zizmor</param>
- <param
name="changesrevision">dbc12d4a217755d8dfd0362c3e84d58f13d6dfb7</param></service></servicedata>
+ <param
name="changesrevision">bcaa1bb94e561d2f3dd1673a5865840773c62970</param></service></servicedata>
(No newline at EOF)
++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst
/work/SRC/openSUSE:Factory/.zizmor.new.1977/vendor.tar.zst differ: char 7, line
1
++++++ zizmor-1.12.1.obscpio -> zizmor-1.13.0.obscpio ++++++
++++ 12916 lines of diff (skipped)
++++++ zizmor.obsinfo ++++++
--- /var/tmp/diff_new_pack.HLrDgT/_old 2025-09-15 19:55:52.370575689 +0200
+++ /var/tmp/diff_new_pack.HLrDgT/_new 2025-09-15 19:55:52.374575857 +0200
@@ -1,5 +1,5 @@
name: zizmor
-version: 1.12.1
-mtime: 1755232029
-commit: dbc12d4a217755d8dfd0362c3e84d58f13d6dfb7
+version: 1.13.0
+mtime: 1757719500
+commit: bcaa1bb94e561d2f3dd1673a5865840773c62970
