Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2025-12-19 16:44:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Fri Dec 19 16:44:53 2025 rev:26 rq:1323625 version:1.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-12-05 16:55:46.458221759 +0100 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1928/zizmor.changes 2025-12-19 16:48:12.015779187 +0100 @@ -1,0 +2,45 @@ +Fri Dec 19 08:16:25 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.19.0: + * New Features + - New audit: archived-uses detects usages of archived + repositories in uses: clauses (#1411) + * Enhancements + - The use-trusted-publishing audit now detects additional + publishing command patterns, including common "wrapped" + patterns like bundle exec gem publish (#1394) + - zizmor now produces better error messages on a handful of + error cases involving invalid input files. Specifically, a + subset of syntax and schema errors now produce more detailed + and actionable error messages (#1396) + - The use-trusted-publishing audit now detects additional + publishing command patterns, including uv run ..., uvx ..., + and poetry publish (#1402) + - zizmor now produces more useful and less ambiguous spans for + many findings, particularly those from the + anonymous-definition audit (#1416) + - zizmor now discovers configuration files named zizmor.yaml, + in addition to zizmor.yml (#1431) + - zizmor now produces a more useful error message when input + collection yields no inputs (#1439) + - The --render-links flag now allows users to control zizmor's + OSC 8 terminal link rendering behavior. This is particularly + useful in environments that advertise themselves as terminals + but fail to correctly render or ignore OSC 8 links (#1454) + * Performance Improvements + - The [impostor-commit] audit is now significantly faster on + true positives, making true positive detection virtually as + fast as true negative detection. In practice, true positive + runs are over 100 times faster than before (#1429) + * Bug Fixes + - Fixed a bug where the obfuscation audit would crash if it + encountered a CMD shell that was defined outside of the + current step block (i.e. as a job or workflow default) + (#1418) + - Fixed a bug where the opentofu ecosystem was not recognized + in Dependabot configuration files (#1452) + - --color=always no longer implies --render-links=always, as + some environments (like GitHub Actions) support ANSI color + codes but fail to handle OSC escapes gracefully (#1454) + +------------------------------------------------------------------- Old: ---- zizmor-1.18.0.obscpio New: ---- zizmor-1.19.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.tvAyNC/_old 2025-12-19 16:48:18.412046670 +0100 +++ /var/tmp/diff_new_pack.tvAyNC/_new 2025-12-19 16:48:18.412046670 +0100 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.18.0 +Version: 1.19.0 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.tvAyNC/_old 2025-12-19 16:48:18.524051354 +0100 +++ /var/tmp/diff_new_pack.tvAyNC/_new 2025-12-19 16:48:18.532051688 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.18.0</param> + <param name="revision">v1.19.0</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.tvAyNC/_old 2025-12-19 16:48:18.564053027 +0100 +++ /var/tmp/diff_new_pack.tvAyNC/_new 2025-12-19 16:48:18.576053528 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">f203b457f66d9cd0d372d6c6ba0afe63d46f1b5b</param></service></servicedata> + <param name="changesrevision">a5e304f536f1ba836aba0b966eb459f99f1658c1</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1928/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.18.0.obscpio -> zizmor-1.19.0.obscpio ++++++ ++++ 9338 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.tvAyNC/_old 2025-12-19 16:48:19.696100367 +0100 +++ /var/tmp/diff_new_pack.tvAyNC/_new 2025-12-19 16:48:19.716101204 +0100 @@ -1,5 +1,5 @@ name: zizmor -version: 1.18.0 -mtime: 1764445608 -commit: f203b457f66d9cd0d372d6c6ba0afe63d46f1b5b +version: 1.19.0 +mtime: 1766098117 +commit: a5e304f536f1ba836aba0b966eb459f99f1658c1
