Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2026-01-19 18:37:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Mon Jan 19 18:37:52 2026 rev:29 rq:1328005 version:1.22.0 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2026-01-17 14:56:46.344247215 +0100 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1928/zizmor.changes 2026-01-19 18:41:54.155486048 +0100 @@ -1,0 +2,11 @@ +Mon Jan 19 06:31:44 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.22.0: + * Changes + - The misfeature audit now only shows non-"well known" shell: + findings when running with the "auditor" persona (#1532) + * Bug Fixes + - Fixed a bug where inputs containing CRLF line endings were + not patched correctly by the unpinned-uses audit (#1536) + +------------------------------------------------------------------- Old: ---- zizmor-1.21.0.obscpio New: ---- zizmor-1.22.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.ENd266/_old 2026-01-19 18:41:54.963519481 +0100 +++ /var/tmp/diff_new_pack.ENd266/_new 2026-01-19 18:41:54.967519646 +0100 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.21.0 +Version: 1.22.0 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ENd266/_old 2026-01-19 18:41:55.011521466 +0100 +++ /var/tmp/diff_new_pack.ENd266/_new 2026-01-19 18:41:55.015521633 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.21.0</param> + <param name="revision">v1.22.0</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> @@ -16,7 +16,7 @@ <service name="set_version" mode="manual"> </service> <service name="cargo_vendor" mode="manual"> - <param name="update">true</param> + <param name="update">false</param> <param name="srcdir">zizmor</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ENd266/_old 2026-01-19 18:41:55.051523122 +0100 +++ /var/tmp/diff_new_pack.ENd266/_new 2026-01-19 18:41:55.059523453 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">5175a6c9707e21e9e300e8dd14a2aac5d1099d4a</param></service></servicedata> + <param name="changesrevision">94308f638c114a3f42c4c842abee9cf46f166890</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1928/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.21.0.obscpio -> zizmor-1.22.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/Cargo.lock new/zizmor-1.22.0/Cargo.lock --- old/zizmor-1.21.0/Cargo.lock 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/Cargo.lock 2026-01-17 06:10:08.000000000 +0100 @@ -3966,7 +3966,7 @@ [[package]] name = "yamlpatch" -version = "0.10.0" +version = "0.11.0" dependencies = [ "indexmap", "insta", @@ -4106,7 +4106,7 @@ [[package]] name = "zizmor" -version = "1.21.0" +version = "1.22.0" dependencies = [ "annotate-snippets", "anstream", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/Cargo.toml new/zizmor-1.22.0/Cargo.toml --- old/zizmor-1.21.0/Cargo.toml 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/Cargo.toml 2026-01-17 06:10:08.000000000 +0100 @@ -24,7 +24,7 @@ subfeature = { path = "crates/subfeature", version = "0.0.4" } tree-sitter-iter = { path = "crates/tree-sitter-iter", version = "0.0.3" } yamlpath = { path = "crates/yamlpath", version = "0.33.0" } -yamlpatch = { path = "crates/yamlpatch", version = "0.10.0" } +yamlpatch = { path = "crates/yamlpatch", version = "0.11.0" } anyhow = "1.0.100" itertools = "0.14.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/yamlpatch/Cargo.toml new/zizmor-1.22.0/crates/yamlpatch/Cargo.toml --- old/zizmor-1.21.0/crates/yamlpatch/Cargo.toml 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/yamlpatch/Cargo.toml 2026-01-17 06:10:08.000000000 +0100 @@ -1,6 +1,6 @@ [package] name = "yamlpatch" -version = "0.10.0" +version = "0.11.0" description = "Comment and format-preserving YAML patch operations" repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/yamlpatch"; keywords = ["yaml", "patch"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/yamlpatch/README.md new/zizmor-1.22.0/crates/yamlpatch/README.md --- old/zizmor-1.21.0/crates/yamlpatch/README.md 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/yamlpatch/README.md 2026-01-17 06:10:08.000000000 +0100 @@ -49,6 +49,7 @@ - **MergeInto**: Merge values into existing mappings - **Append**: Append items to block sequences - **ReplaceComment**: Replace comments associated with features +- **EmplaceComment**: Insert or update comments associated with features - **RewriteFragment**: Rewrite portions of string values (useful for templating) Each operation preserves the document's formatting and structure (as best-effort). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/yamlpatch/src/lib.rs new/zizmor-1.22.0/crates/yamlpatch/src/lib.rs --- old/zizmor-1.21.0/crates/yamlpatch/src/lib.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/yamlpatch/src/lib.rs 2026-01-17 06:10:08.000000000 +0100 @@ -314,10 +314,16 @@ // we capriciously choose to emplace the new comment at the end // of the first line of the feature. let line_range = line_span(document, feature.location.byte_span.0); - let insert_pos = line_range.end - 1; + let mut insert_pos = line_range.end; + if let Some(b'\n') = document.source().as_bytes().get(insert_pos - 1) { + insert_pos -= 1; + } + if let Some(b'\r') = document.source().as_bytes().get(insert_pos - 1) { + insert_pos -= 1; + } let mut result = content.to_string(); - result.replace_range(insert_pos..insert_pos, &format!(" {new}")); + result.insert_str(insert_pos, &format!(" {new}")); result } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/yamlpatch/tests/unit_tests.rs new/zizmor-1.22.0/crates/yamlpatch/tests/unit_tests.rs --- old/zizmor-1.21.0/crates/yamlpatch/tests/unit_tests.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/yamlpatch/tests/unit_tests.rs 2026-01-17 06:10:08.000000000 +0100 @@ -755,6 +755,36 @@ } #[test] +fn test_emplace_comment_crlf() { + let original = r#" +foo: + bar: abc +"#; + + let document = yamlpath::Document::new(original.replace("\n", "\r\n")).unwrap(); + + assert!(document.source().contains("\r\n")); + + let operations = vec![Patch { + route: route!("foo", "bar"), + operation: Op::EmplaceComment { + new: "# same line".into(), + }, + }]; + + let result = apply_yaml_patches(&document, &operations).unwrap(); + + insta::assert_snapshot!(format_patch(result.source()), @r" + --- PATCH --- + + foo: + bar: abc # same line + + --- END PATCH --- + "); +} + +#[test] fn test_replace_empty_block_value() { let original = r#" foo: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/Cargo.toml new/zizmor-1.22.0/crates/zizmor/Cargo.toml --- old/zizmor-1.21.0/crates/zizmor/Cargo.toml 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/Cargo.toml 2026-01-17 06:10:08.000000000 +0100 @@ -1,7 +1,7 @@ [package] name = "zizmor" description = "Static analysis for GitHub Actions" -version = "1.21.0" +version = "1.22.0" repository = "https://github.com/zizmorcore/zizmor"; documentation = "https://docs.zizmor.sh"; keywords = ["cli", "github-actions", "static-analysis", "security"] @@ -25,6 +25,8 @@ gh-token-tests = [] # Test-only: enable all online audits. online-tests = ["gh-token-tests"] +# Test-only: enable 'crater' tests. +crater-tests = ["online-tests"] # Test-only: enable tests that require `unbuffer` for TTY behavior. tty-tests = [] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/src/audit/misfeature.rs new/zizmor-1.22.0/crates/zizmor/src/audit/misfeature.rs --- old/zizmor-1.21.0/crates/zizmor/src/audit/misfeature.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/src/audit/misfeature.rs 2026-01-17 06:10:08.000000000 +0100 @@ -83,13 +83,15 @@ .build(step)?, ); } - // Flag any other non-well-known shell with a pedantic finding. + // Flag any other non-well-known shell with an auditor finding. + // NOTE: This was originally pedantic, but it can be very noisy for + // users who intentioanlly use custom shells. Some((_, shell_loc)) => { findings.push( Self::finding() .confidence(Confidence::High) .severity(Severity::Low) - .persona(Persona::Pedantic) + .persona(Persona::Auditor) .add_location( step.location().with_keys(["run".into()]).key_only().annotated("uses a non-well-known shell") ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/src/audit/unpinned_uses.rs new/zizmor-1.22.0/crates/zizmor/src/audit/unpinned_uses.rs --- old/zizmor-1.21.0/crates/zizmor/src/audit/unpinned_uses.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/src/audit/unpinned_uses.rs 2026-01-17 06:10:08.000000000 +0100 @@ -317,6 +317,60 @@ } #[tokio::test] + async fn test_fix_crlf() { + let workflow_content = r#" +name: Test +on: push +permissions: {} +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout with ref-pin + uses: actions/[email protected] +"#; + + let workflow_content = workflow_content.replace("\n", "\r\n"); + + let key = InputKey::local("fakegroup".into(), "test_unpinned_uses.yml", None::<&str>); + let workflow = Workflow::from_string(workflow_content.to_string(), key).unwrap(); + + let state = crate::state::AuditState::new( + false, + Some( + github::Client::new( + &github::GitHubHost::default(), + &github::GitHubToken::new(&std::env::var("GH_TOKEN").unwrap()).unwrap(), + "/tmp".into(), + ) + .unwrap(), + ), + ); + + let audit = UnpinnedUses::new(&state).unwrap(); + + let input = workflow.into(); + let findings = audit + .audit(UnpinnedUses::ident(), &input, &Config::default()) + .await + .unwrap(); + + let new_doc = findings[0].fixes[0].apply(input.as_document()).unwrap(); + insta::assert_snapshot!(new_doc.source(), @r" + + name: Test + on: push + permissions: {} + jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout with ref-pin + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + "); + } + + #[tokio::test] async fn test_fix_overwrites_comment() { let workflow_content = r#" name: Test diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/tests/integration/audit/misfeature.rs new/zizmor-1.22.0/crates/zizmor/tests/integration/audit/misfeature.rs --- old/zizmor-1.21.0/crates/zizmor/tests/integration/audit/misfeature.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/tests/integration/audit/misfeature.rs 2026-01-17 06:10:08.000000000 +0100 @@ -31,7 +31,7 @@ insta::assert_snapshot!( zizmor() .input(input_under_test("misfeature/non-well-known-shell.yml")) - .args(["--persona=pedantic"]) + .args(["--persona=auditor"]) .run()?, @r" help[misfeature]: usage of GitHub Actions misfeatures diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/crater.rs new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/crater.rs --- old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/crater.rs 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/crater.rs 2026-01-17 06:10:08.000000000 +0100 @@ -0,0 +1,34 @@ +//! "Crater" runs of zizmor, i.e. over large external projects. +//! +//! The idea behind these tests is to detect (unintended) large changes +//! between versions of zizmor. + +use crate::common::{OutputMode, zizmor}; + +#[cfg_attr(not(feature = "crater-tests"), ignore)] +#[test] +fn curl() -> anyhow::Result<()> { + insta::assert_snapshot!( + zizmor() + .offline(false) + .output(OutputMode::Both) + .args(["--persona=pedantic"]) + .input("curl/curl@6c8956c1cbf5cffcd2fd4571cf277e2eec280578") + .run()? + ); + Ok(()) +} + +#[cfg_attr(not(feature = "crater-tests"), ignore)] +#[test] +fn libssh2() -> anyhow::Result<()> { + insta::assert_snapshot!( + zizmor() + .offline(false) + .output(OutputMode::Both) + .args(["--persona=pedantic"]) + .input("libssh2/libssh2@cb252b5909630dd439d3f80ca9318a99da253dbe") + .run()? + ); + Ok(()) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__curl.snap new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__curl.snap --- old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__curl.snap 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__curl.snap 2026-01-17 06:10:08.000000000 +0100 @@ -0,0 +1,24 @@ +--- +source: crates/zizmor/tests/integration/e2e/crater.rs +expression: "zizmor().offline(false).output(OutputMode::Both).args([\"--persona=pedantic\"]).input(\"curl/curl@6c8956c1cbf5cffcd2fd4571cf277e2eec280578\").run()?" +--- +🌈 zizmor v@@VERSION@@ + INFO collect_inputs: zizmor::registry::input: collected 17 inputs from curl/curl + INFO audit: zizmor: 🌈 completed .github/dependabot.yml + INFO audit: zizmor: 🌈 completed .github/workflows/appveyor-status.yml + INFO audit: zizmor: 🌈 completed .github/workflows/checkdocs.yml + INFO audit: zizmor: 🌈 completed .github/workflows/checksrc.yml + INFO audit: zizmor: 🌈 completed .github/workflows/checkurls.yml + INFO audit: zizmor: 🌈 completed .github/workflows/codeql.yml + INFO audit: zizmor: 🌈 completed .github/workflows/configure-vs-cmake.yml + INFO audit: zizmor: 🌈 completed .github/workflows/curl-for-win.yml + INFO audit: zizmor: 🌈 completed .github/workflows/distcheck.yml + INFO audit: zizmor: 🌈 completed .github/workflows/fuzz.yml + INFO audit: zizmor: 🌈 completed .github/workflows/http3-linux.yml + INFO audit: zizmor: 🌈 completed .github/workflows/label.yml + INFO audit: zizmor: 🌈 completed .github/workflows/linux-old.yml + INFO audit: zizmor: 🌈 completed .github/workflows/linux.yml + INFO audit: zizmor: 🌈 completed .github/workflows/macos.yml + INFO audit: zizmor: 🌈 completed .github/workflows/non-native.yml + INFO audit: zizmor: 🌈 completed .github/workflows/windows.yml +No findings to report. Good job! (2 ignored, 44 suppressed) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__libssh2.snap new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__libssh2.snap --- old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__libssh2.snap 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__crater__libssh2.snap 2026-01-17 06:10:08.000000000 +0100 @@ -0,0 +1,14 @@ +--- +source: crates/zizmor/tests/integration/e2e/crater.rs +expression: "zizmor().offline(false).output(OutputMode::Both).args([\"--persona=pedantic\"]).input(\"libssh2/libssh2@cb252b5909630dd439d3f80ca9318a99da253dbe\").run()?" +--- +🌈 zizmor v@@VERSION@@ + INFO collect_inputs: zizmor::registry::input: collected 7 inputs from libssh2/libssh2 + INFO audit: zizmor: 🌈 completed .github/dependabot.yml + INFO audit: zizmor: 🌈 completed .github/workflows/appveyor_docker.yml + INFO audit: zizmor: 🌈 completed .github/workflows/appveyor_status.yml + INFO audit: zizmor: 🌈 completed .github/workflows/ci.yml + INFO audit: zizmor: 🌈 completed .github/workflows/cifuzz.yml + INFO audit: zizmor: 🌈 completed .github/workflows/codeql.yml + INFO audit: zizmor: 🌈 completed .github/workflows/openssh_server.yml +No findings to report. Good job! (2 ignored, 10 suppressed) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e.rs new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e.rs --- old/zizmor-1.21.0/crates/zizmor/tests/integration/e2e.rs 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/crates/zizmor/tests/integration/e2e.rs 2026-01-17 06:10:08.000000000 +0100 @@ -6,6 +6,7 @@ mod anchors; mod collect; +mod crater; mod json_v1; #[cfg_attr(not(feature = "gh-token-tests"), ignore)] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/docs/audits.md new/zizmor-1.22.0/docs/audits.md --- old/zizmor-1.21.0/docs/audits.md 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/docs/audits.md 2026-01-17 06:10:08.000000000 +0100 @@ -1028,6 +1028,11 @@ These shells may not be available on all runners, and are generally impossible to analyze with any confidence. + !!! note + + These findings are only shown when running with the "auditor" + [persona](./usage.md#using-personas), as they can be very noisy. + ### Remediation Address the misfeature by removing or replacing its usage. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/docs/integrations.md new/zizmor-1.22.0/docs/integrations.md --- old/zizmor-1.21.0/docs/integrations.md 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/docs/integrations.md 2026-01-17 06:10:08.000000000 +0100 @@ -257,7 +257,7 @@ ```yaml - repo: https://github.com/zizmorcore/zizmor-pre-commit - rev: v1.21.0 # (1)! + rev: v1.22.0 # (1)! hooks: - id: zizmor ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/docs/release-notes.md new/zizmor-1.22.0/docs/release-notes.md --- old/zizmor-1.21.0/docs/release-notes.md 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/docs/release-notes.md 2026-01-17 06:10:08.000000000 +0100 @@ -9,6 +9,18 @@ ## Next (UNRELEASED) +## 1.22.0 + +### Changes ⚠️ + +* The [misfeature] audit now only shows non-"well known" `#!/yaml shell:` + findings when running with the "auditor" persona (#1532) + +### Bug Fixes 🐛 + +* Fixed a bug where inputs containing CRLF line endings were not patched + correctly by the [unpinned-uses] audit (#1536) + ## 1.21.0 ### New Features 🌈 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/docs/snippets/trophies.md new/zizmor-1.22.0/docs/snippets/trophies.md --- old/zizmor-1.21.0/docs/snippets/trophies.md 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/docs/snippets/trophies.md 2026-01-17 06:10:08.000000000 +0100 @@ -1226,6 +1226,7 @@ --- ??? example "Examples" + - pypa/packaging#1035 - pypa/packaging.python.org#1765 - pypa/pip-audit#851 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.21.0/docs/snippets/trophies.txt new/zizmor-1.22.0/docs/snippets/trophies.txt --- old/zizmor-1.21.0/docs/snippets/trophies.txt 2026-01-16 05:06:53.000000000 +0100 +++ new/zizmor-1.22.0/docs/snippets/trophies.txt 2026-01-17 06:10:08.000000000 +0100 @@ -249,6 +249,7 @@ pyca/service-identity#75 pydata/pydata-sphinx-theme#2077 pylast/pylast#465 +pypa/packaging#1035 pypa/packaging.python.org#1765 pypa/pip-audit#851 pypi/stdlib-list#138 ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.ENd266/_old 2026-01-19 18:41:55.591545466 +0100 +++ /var/tmp/diff_new_pack.ENd266/_new 2026-01-19 18:41:55.603545963 +0100 @@ -1,5 +1,5 @@ name: zizmor -version: 1.21.0 -mtime: 1768536413 -commit: 5175a6c9707e21e9e300e8dd14a2aac5d1099d4a +version: 1.22.0 +mtime: 1768626608 +commit: 94308f638c114a3f42c4c842abee9cf46f166890
