Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2026-01-12 10:24:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Mon Jan 12 10:24:52 2026 rev:27 rq:1326581 version:1.20.0 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-12-19 16:48:12.015779187 +0100 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1928/zizmor.changes 2026-01-12 10:33:03.398473475 +0100 @@ -1,0 +2,45 @@ +Sun Jan 11 08:15:07 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.20.0: + * Enhancements + - The excessive-permissions audit is now aware of the + artifact-metadata and models permissions (#1461) + - The cache-poisoning audit is now aware of the + ramsey/composer-install action (#1489) + - The unpinned-images audit is now significantly more precise + in the presence of matrix references, e.g. image: ${{ + matrix.image }} (#1482) + * Changes + - The default policy for the unpinned-uses audit has changed + from allowing ref-pinning for first-party actions (those + under actions/* and similar) to requiring hash-pinning. This + makes the default policy more strict, as well as more + consistent across the actions ecosystem. + Users who with to retain the old (permissive policy) for + first-party actions may configure it explicitly in their + zizmor.yml: + + zizmor.yml + rules: + unpinned-uses: + config: + policies: + actions/*: ref-pin + github/*: ref-pin + dependabot/*: ref-pin + + * Bug Fixes + - The dependabot-cooldown audit no longer flags missing + cooldowns on ecosystems that don't (yet) support cooldowns, + such as opentofu (#1480) + - Fixed a false positive in the cache-poisoning audit where + zizmor would treat empty strings (e.g. cache: '') as enabling + rather than disabling caching (#1482) + - Fixed two gaps in the use-trusted-publishing audit's + detection of common yarn publishing commands (#1495) + * Miscellaneous + - zizmor's configuration now has an official JSON schema that + will be available via SchemaStore soon! Many thanks to + @kiwamizamurai for implementing this improvement! + +------------------------------------------------------------------- Old: ---- zizmor-1.19.0.obscpio New: ---- zizmor-1.20.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.WgZG8Z/_old 2026-01-12 10:33:05.594563581 +0100 +++ /var/tmp/diff_new_pack.WgZG8Z/_new 2026-01-12 10:33:05.630565057 +0100 @@ -1,7 +1,7 @@ # # spec file for package zizmor # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.19.0 +Version: 1.20.0 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.WgZG8Z/_old 2026-01-12 10:33:06.086583768 +0100 +++ /var/tmp/diff_new_pack.WgZG8Z/_new 2026-01-12 10:33:06.138585902 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.19.0</param> + <param name="revision">v1.20.0</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.WgZG8Z/_old 2026-01-12 10:33:06.374595585 +0100 +++ /var/tmp/diff_new_pack.WgZG8Z/_new 2026-01-12 10:33:06.430597882 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">a5e304f536f1ba836aba0b966eb459f99f1658c1</param></service></servicedata> + <param name="changesrevision">2780ee5207ec9bb3b24e44b82edeb778c511435d</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1928/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.19.0.obscpio -> zizmor-1.20.0.obscpio ++++++ ++++ 7996 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.WgZG8Z/_old 2026-01-12 10:33:08.810695539 +0100 +++ /var/tmp/diff_new_pack.WgZG8Z/_new 2026-01-12 10:33:08.846697016 +0100 @@ -1,5 +1,5 @@ name: zizmor -version: 1.19.0 -mtime: 1766098117 -commit: a5e304f536f1ba836aba0b966eb459f99f1658c1 +version: 1.20.0 +mtime: 1767658877 +commit: 2780ee5207ec9bb3b24e44b82edeb778c511435d
