Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2026-02-02 14:58:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.1995 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Mon Feb 2 14:58:55 2026 rev:85 rq:1330386 version:0.69.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2025-12-29 15:18:30.295203915 +0100 +++ /work/SRC/openSUSE:Factory/.trivy.new.1995/trivy.changes 2026-02-02 14:59:08.716538199 +0100 @@ -2 +2 @@ -Mon Dec 29 09:58:28 UTC 2025 - Dirk Müller <[email protected]> +Mon Feb 02 10:31:54 UTC 2026 - Dirk Müller <[email protected]> @@ -4,4 +4,77 @@ -- Update to version 0.68.2: - * release: v0.68.2 [release/v0.68] (#9950) - * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) - * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946) +- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702): + * release: v0.69.0 [main] (#9886) + * chore: bump trivy-checks to v2 (#9875) + * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) + * fix(repo): return a nil interface for gitAuth if missing (#10097) + * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) + * fix(rust): implement version inheritance for Cargo mono repos (#10011) + * feat(activestate): add support ActiveState images (#10081) + * feat(vex): support per-repo tls configuration (#10030) + * refactor: allow per-request transport options override (#10083) + * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) + * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) + * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) + * feat(rocky): enable modular package vulnerability detection (#10069) + * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) + * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) + * feat(report): add Trivy version to JSON output (#10065) + * fix(rust): add cargo workspace members glob support (#10032) + * feat: add AnalyzedBy field to track which analyzer detected packages (#10059) + * fix: use canonical SPDX license IDs from embeded licenses.json (#10053) + * docs: fix link to Docker Image Specification (#10057) + * feat(secret): add detection for Symfony default secret key (#9892) + * refactor(misconf): move common logic to base value and simplify typed values (#9986) + * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) + * feat(misconf): use Terraform plan configuration to partially restore schema (#9623) + * feat(misconf): add action block to Terraform schema (#10035) + * fix(misconf): correct typos in block and attribute names (#9993) + * test(misconf): simplify test values using *Test helpers (#9985) + * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) + * feat(misconf): support for ARM resources defined as an object (#9959) + * feat(misconf): support for azurerm_*_web_app (#9944) + * test: migrate private test helpers to `export_test.go` convention (#10043) + * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) + * fix(secret): improve word boundary detection for Hugging Face tokens (#10046) + * fix(go): use ldflags version for all pseudo-versions (#10037) + * chore: switch to ID from AVDID in internal and user-facing fields (#9655) + * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) + * fix: move enum into items for array-type fields in JSON Schema (#10039) + * docs: fix incorrect documentation URLs (#10038) + * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) + * fix(docker): fix non-det scan results for images with embedded SBOM (#9866) + * chore(deps): bump the github-actions group with 11 updates (#10001) + * test: fix assertion after 2026 roll over (#10002) + * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) + * fix(license): normalize licenses for PostAnalyzers (#9941) + * feat(nodejs): parse licenses from `package-lock.json` file (#9983) + * chore: update reference links to Go Wiki (#9987) + * refactor: add xslices.Map and replace lo.Map usages (#9984) + * fix(image): race condition in image artifact inspection (#9966) + * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971) + * refactor(debian): use txtar format for test data (#9957) + * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973) + * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930) + * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932) + * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961) + * perf(misconf): optimize string concatenation in azure scanner (#9969) + * chore: add client option to install script (#9962) + * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956) + * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952) + * docs: update binary signature verification for sigstore bundles (#9929) + * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935) + * chore(alpine): add EOL date for alpine 3.23 (#9934) + * feat(cloudformation): add support for Fn::ForEach (#9508) + * ci: enable `check-latest` for `setup-go` (#9931) + * feat(debian): detect third-party packages using maintainer list (#9917) + * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924) + * feat(helm): add sslCertDir parameter (#9697) + * fix(misconf): respect .yml files when Helm charts are detected (#9912) + * feat(php): add support for dev dependencies in Composer (#9910) + * chore(deps): bump the common group across 1 directory with 9 updates (#9903) + * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859) + * fix: remove trailing tab in statefulset template (#9889) + * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800) + * feat(misconf): initial ansible scanning support (#9332) + * feat(misconf): Update Azure Database schema (#9811) + * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869) + * chore: update the install script (#9874) @@ -12,4 +85 @@ -- Update to version 0.68.1 (bsc#1251363, CVE-2025-47911, - bsc#1251547, CVE-2025-58190, bsc#1253512, CVE-2025-47913, - bsc#1253512, CVE-2025-47913, bsc#1253786, CVE-2025-58181, - bsc#1253977, CVE-2025-47914): +- Update to version 0.68.1: Old: ---- trivy-0.68.2.tar.zst New: ---- trivy-0.69.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.HZNAdG/_old 2026-02-02 14:59:10.468612256 +0100 +++ /var/tmp/diff_new_pack.HZNAdG/_new 2026-02-02 14:59:10.472612424 +0100 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.68.2 +Version: 0.69.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.HZNAdG/_old 2026-02-02 14:59:10.512614115 +0100 +++ /var/tmp/diff_new_pack.HZNAdG/_new 2026-02-02 14:59:10.516614285 +0100 @@ -1,5 +1,5 @@ -mtime: 1767005426 -commit: 2a31742e2345f9d7617b0b7bfde8e3f5c3e6682ad3833fa3b5f7718e12942f32 +mtime: 1770029123 +commit: 32dbe3d53a36c812a53360b1b8992232303450539a332910d2327dac62ccc371 url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory ++++++ _service ++++++ --- /var/tmp/diff_new_pack.HZNAdG/_old 2026-02-02 14:59:10.548615638 +0100 +++ /var/tmp/diff_new_pack.HZNAdG/_new 2026-02-02 14:59:10.552615806 +0100 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.68.2</param> + <param name="revision">v0.69.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.HZNAdG/_old 2026-02-02 14:59:10.576616821 +0100 +++ /var/tmp/diff_new_pack.HZNAdG/_new 2026-02-02 14:59:10.580616990 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">0c40a8d4b9b943f1b679a20f8ba3cb61c94831de</param></service></servicedata> + <param name="changesrevision">8fb9191a07f5d92cb6088a8637b1001a2a7ad604</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-02-02 11:45:33.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ trivy-0.68.2.tar.zst -> trivy-0.69.0.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.68.2.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1995/trivy-0.69.0.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1995/vendor.tar.zst differ: char 7, line 1
