Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2025-10-14 18:09:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Tue Oct 14 18:09:57 2025 rev:18 rq:1311286 version:1.15.1 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-09-30 17:44:07.741663740 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.18484/zizmor.changes 2025-10-14 18:11:55.727944052 +0200 @@ -1,0 +2,59 @@ +Tue Oct 14 05:07:07 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.15.1: + * Bug Fixes + - Fixed a bug where zizmor would fail to parse Dependabot + configuration files due to missing support for some package + ecosystems (#1240) + +------------------------------------------------------------------- +Tue Oct 14 04:42:02 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.15.0: + This release comes with support for auditing Dependabot + configuration files! Like with composite action definition + auditing (introduced in v1.0.0), Dependabot configuration + auditing is enabled by default but can be disabled as part of + input collection. + To complement this new functionality, this release comes with two + new audits: dependabot-execution and dependabot-cooldown. + * New Features + - New audit: dependabot-execution detects Dependabot + configurations that allow insecure external code execution + (#1220) + - New audit: dependabot-cooldown detects Dependabot + configurations that do not include cooldown settings, or that + set an insufficient cooldown (#1223) + * Performance Improvements + - zizmor now uses jemalloc as its default allocator on non-MSVC + targets, which should significantly improve performance for + Linux and macOS users (#1200) + * Enhancements + - zizmor now unconditionally emits its version number to stderr + on startup (#1199) + - The ref-version-mismatch audit now supports auto-fixes for + many findings (#1205) + - The [impostor-commit] audit now supports auto-fixes for many + findings (#1090) + - zizmor is now more resilient to sporadic request failures + when performing GitHub API requests (#1219) + - --collect=dependabot is now supported as a collection option, + allowing users to audit only Dependabot configuration files + (#1215) + - The --fix mode (introduced with v1.10.0) is now considered + stable and no longer experimental (#1232) + * Bug Fixes + - Fixed a bug where zizmor would fail instead of analyzing + single-file inputs that lacked an explicit parent path + component, e.g. zizmor foo.yml instead of zizmor ./foo.yml + (#1212) + * Deprecations + - The workflows-only and actions-only values for --collect are + now deprecated. These values have been replaced with + workflows and actions, respectively, which have the same + behavior but can be composed together with other collection + modes. The deprecated modes will be removed in a future + release (#1228) + - Until removal, using these values will emit a warning. + +------------------------------------------------------------------- Old: ---- zizmor-1.14.2.obscpio New: ---- zizmor-1.15.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.oBHyoi/_old 2025-10-14 18:11:56.619981341 +0200 +++ /var/tmp/diff_new_pack.oBHyoi/_new 2025-10-14 18:11:56.631981843 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.14.2 +Version: 1.15.1 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.oBHyoi/_old 2025-10-14 18:11:56.711985187 +0200 +++ /var/tmp/diff_new_pack.oBHyoi/_new 2025-10-14 18:11:56.723985688 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.14.2</param> + <param name="revision">v1.15.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.oBHyoi/_old 2025-10-14 18:11:56.747986692 +0200 +++ /var/tmp/diff_new_pack.oBHyoi/_new 2025-10-14 18:11:56.751986859 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">03af241587ab470b23340e354be5682ba0850474</param></service></servicedata> + <param name="changesrevision">7984062d3401e27eed14a6da24a4e2740f6d2aee</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.18484/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.14.2.obscpio -> zizmor-1.15.1.obscpio ++++++ ++++ 5750 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.oBHyoi/_old 2025-10-14 18:11:57.524019132 +0200 +++ /var/tmp/diff_new_pack.oBHyoi/_new 2025-10-14 18:11:57.528019299 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.14.2 -mtime: 1759154339 -commit: 03af241587ab470b23340e354be5682ba0850474 +version: 1.15.1 +mtime: 1760411982 +commit: 7984062d3401e27eed14a6da24a4e2740f6d2aee
