Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2026-01-12 10:26:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft" Mon Jan 12 10:26:41 2026 rev:113 rq:1326653 version:1.40.0 Changes: -------- --- /work/SRC/openSUSE:Factory/syft/syft.changes 2025-12-11 18:41:50.090717144 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1928/syft.changes 2026-01-12 10:35:46.885196075 +0100 @@ -1,0 +2,106 @@ +Sun Jan 11 08:52:07 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.40.0: + * Added Features + - Exclude development or test dependencies for PNPM Package + type [#4430 #4487 @rezmoss] + - Catalog istio binary (pilot-discovery, pilot-agent) [#4508 + #4521 @witchcraze] + - Catalog envoy binary [#4506 #4530 @witchcraze] + - Catalog grafana binary [#4505 #4516 @witchcraze] + - Add a binary classifier for valkey [#3400 #4509 @witchcraze] + * Bug Fixes + - old bitnami images without spdx files arent getting picked up + correctly in the catalog [#4529 #4532 @rezmoss] + - wrong traefik rc versions at binary detection [#3535 #4499 + @rezmoss] + - FromPOSIX() in internals\windows\path.go assumes that all + Windows root paths must have a colon terminator [#4070 #4075 + @luissantosHCIT] + - binary cataloger is picking up the go version instead of the + actual binary version in traefik experimental images [#4498 + #4499 @rezmoss] + * Dependencies + - chore(deps): update anchore dependencies (#4535) + - chore(deps): bump the go-minor-patch group with 3 updates + (#4524) + - chore(deps): bump the actions-minor-patch group across 1 + directory with 2 updates (#4525) + - chore(deps): bump actions/download-artifact from 6.0.0 to + 7.0.0 (#4526) + - chore(deps): bump actions/upload-artifact from 4.4.3 to 6.0.0 + (#4527) + - chore(deps): bump modernc.org/sqlite from 1.41.0 to 1.42.2 + (#4513) + - chore(deps): bump anchore/sbom-action from 0.20.11 to 0.21.0 + (#4501) + - chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.7 + to 6.7.8 (#4502) + - chore(deps): bump github.com/spdx/tools-golang from 0.5.5 to + 0.5.6 (#4503) + - chore(deps): update tools to latest versions (#4504) + - chore(deps): bump github.com/hashicorp/go-getter from 1.8.3 + to 1.8.4 (#4518) + - chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.18 + to 0.5.19 (#4520) + +------------------------------------------------------------------- +Sun Jan 11 08:46:25 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.39.0: + * Added Features + - add support for Gemfile.next.lock [#4457 @HatiCode] + - Command output to give more information on what catalogers + look for and what they can find [#4155 #4317 @wagoodman] + - Support reading lzma compressed .go.buildinfo sections with + upx [#4411 #4480 @wagoodman] + - Specify specific snap revision to pull [#4389 #4439 + @VictorHuu] + - Cannot detect embedded deps.json metadata in single-file .NET + binaries [#4344 #4375 @rezmoss] + - ELF note cataloger does not pick up OS field, but should + [#4384 #4438 @VictorHuu] + * Bug Fixes + - remove debug print statement in dependency parser [#4412 + @cgreeno] + - dotnet-deps cataloger should skip project references with + type "project" when building the sbom [#4423 #4436 @rezmoss] + - File digests not computed when using --base-path [#4410 #4478 + @wagoodman] + - Syft should not define subpaths by default in PURLs [#4394 + #4395 @rezmoss] + - go: valid purl but incorrect name [#1737 #4395 @rezmoss] + - Incorrect Go module PURL generation when module path contains + /vN (e.g. /v5) [#4316 #4395 @rezmoss] + - Failing to convert npm repository information correctly to + SPDX [#4362 #4390 @kendrickm] + * Dependencies + - chore(deps): update tools to latest versions (#4491) + - chore(deps): bump modernc.org/sqlite from 1.40.1 to 1.41.0 + (#4489) + - chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 + (#4481) + - chore(deps): bump github.com/goccy/go-yaml from 1.19.0 to + 1.19.1 (#4482) + - chore(deps): bump actions/cache from 5.0.0 to 5.0.1 (#4476) + - chore(deps): bump actions/cache in /.github/actions/bootstrap + (#4477) + - chore(deps): update tools to latest versions (#4473) + - chore(deps): update tools to latest versions (#4466) + - chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 + (#4468) + - chore(deps): bump actions/cache from 4.3.0 to 5.0.0 (#4469) + - chore(deps): bump github.com/anchore/stereoscope from 0.1.14 + to 0.1.16 (#4470) + - chore(deps): bump actions/cache in /.github/actions/bootstrap + (#4471) + - chore(deps): update tools to latest versions (#4462) + - chore(deps): update tools to latest versions (#4456) + - chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.7.5 + to 6.7.7 (#4460) + - chore(deps): bump peter-evans/create-pull-request from 7.0.11 + to 8.0.0 (#4459) + - chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 + (#4458) + +------------------------------------------------------------------- Old: ---- syft-1.38.2.obscpio New: ---- syft-1.40.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syft.spec ++++++ --- /var/tmp/diff_new_pack.YWldFT/_old 2026-01-12 10:35:48.377257481 +0100 +++ /var/tmp/diff_new_pack.YWldFT/_new 2026-01-12 10:35:48.385257810 +0100 @@ -1,7 +1,7 @@ # # spec file for package syft # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: syft -Version: 1.38.2 +Version: 1.40.0 Release: 0 Summary: CLI tool and library for generating a Software Bill of Materials License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YWldFT/_old 2026-01-12 10:35:48.445260279 +0100 +++ /var/tmp/diff_new_pack.YWldFT/_new 2026-01-12 10:35:48.445260279 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/anchore/syft</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.38.2</param> + <param name="revision">v1.40.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YWldFT/_old 2026-01-12 10:35:48.513263078 +0100 +++ /var/tmp/diff_new_pack.YWldFT/_new 2026-01-12 10:35:48.521263407 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/syft</param> - <param name="changesrevision">bfe63f83dbaea88e22a5cfcd7d704c034c953730</param></service></servicedata> + <param name="changesrevision">11e871566b35765fe69da439fa3beaef123bc143</param></service></servicedata> (No newline at EOF) ++++++ syft-1.38.2.obscpio -> syft-1.40.0.obscpio ++++++ ++++ 35782 lines of diff (skipped) ++++++ syft.obsinfo ++++++ --- /var/tmp/diff_new_pack.YWldFT/_old 2026-01-12 10:35:53.633473801 +0100 +++ /var/tmp/diff_new_pack.YWldFT/_new 2026-01-12 10:35:53.633473801 +0100 @@ -1,5 +1,5 @@ name: syft -version: 1.38.2 -mtime: 1765313763 -commit: bfe63f83dbaea88e22a5cfcd7d704c034c953730 +version: 1.40.0 +mtime: 1767874609 +commit: 11e871566b35765fe69da439fa3beaef123bc143 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1928/vendor.tar.gz differ: char 13, line 1
