Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gitleaks for openSUSE:Factory checked in at 2026-03-24 18:49:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gitleaks (Old) and /work/SRC/openSUSE:Factory/.gitleaks.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gitleaks" Tue Mar 24 18:49:14 2026 rev:33 rq:1342158 version:8.30.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gitleaks/gitleaks.changes 2025-11-27 15:22:29.239323242 +0100 +++ /work/SRC/openSUSE:Factory/.gitleaks.new.8177/gitleaks.changes 2026-03-24 18:50:17.697986503 +0100 @@ -1,0 +2,9 @@ +Tue Mar 24 05:44:44 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 8.30.1: + * update goreleaser + * Removed unnecessary functions from report template (#2040) + * its the simple things (#2020) + * build: switch to Go 1.24 (#2002) + +------------------------------------------------------------------- Old: ---- gitleaks-8.30.0.obscpio New: ---- gitleaks-8.30.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gitleaks.spec ++++++ --- /var/tmp/diff_new_pack.TcbeiV/_old 2026-03-24 18:50:18.330012580 +0100 +++ /var/tmp/diff_new_pack.TcbeiV/_new 2026-03-24 18:50:18.334012745 +0100 @@ -1,7 +1,7 @@ # # spec file for package gitleaks # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2024 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -18,7 +18,7 @@ Name: gitleaks -Version: 8.30.0 +Version: 8.30.1 Release: 0 Summary: Protect and discover secrets using Gitleaks License: MIT @@ -27,7 +27,7 @@ Source1: vendor.tar.gz BuildRequires: bash-completion BuildRequires: fish -BuildRequires: go1.25 >= 1.25.4 +BuildRequires: go1.24 >= 1.24.11 BuildRequires: zsh %description ++++++ _service ++++++ --- /var/tmp/diff_new_pack.TcbeiV/_old 2026-03-24 18:50:18.366014066 +0100 +++ /var/tmp/diff_new_pack.TcbeiV/_new 2026-03-24 18:50:18.370014231 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/zricethezav/gitleaks</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v8.30.0</param> + <param name="revision">v8.30.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.TcbeiV/_old 2026-03-24 18:50:18.414016047 +0100 +++ /var/tmp/diff_new_pack.TcbeiV/_new 2026-03-24 18:50:18.418016212 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/zricethezav/gitleaks</param> - <param name="changesrevision">6eaad039603a4de39fddd1cf5f727391efe9974e</param></service></servicedata> + <param name="changesrevision">83d9cd684c87d95d656c1458ef04895a7f1cbd8e</param></service></servicedata> (No newline at EOF) ++++++ gitleaks-8.30.0.obscpio -> gitleaks-8.30.1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/.goreleaser.yml new/gitleaks-8.30.1/.goreleaser.yml --- old/gitleaks-8.30.0/.goreleaser.yml 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/.goreleaser.yml 2026-03-12 16:40:37.000000000 +0100 @@ -1,3 +1,5 @@ +version: 2 + project_name: gitleaks builds: @@ -15,17 +17,26 @@ goarm: - "6" - "7" + ignore: + - goos: windows + goarch: arm tags: - gore2regex ldflags: - -s -w -X=github.com/zricethezav/gitleaks/v8/version.Version={{.Version}} archives: - - builds: [gitleaks] + - ids: [gitleaks] + name_template: >- + {{ .ProjectName }}_ + {{- .Version }}_ + {{- .Os }}_ + {{- if eq .Arch "amd64" }}x64 + {{- else if eq .Arch "386" }}x32 + {{- else }}{{ .Arch }}{{ end }} + {{- with .Arm }}v{{ . }}{{ end }} format_overrides: - goos: windows - format: zip - replacements: - amd64: x64 - 386: x32 + formats: [zip] release: prerelease: true + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/Dockerfile new/gitleaks-8.30.1/Dockerfile --- old/gitleaks-8.30.0/Dockerfile 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/Dockerfile 2026-03-12 16:40:37.000000000 +0100 @@ -1,4 +1,4 @@ -FROM golang:1.25 AS build +FROM golang:1.24 AS build WORKDIR /go/src/github.com/zricethezav/gitleaks COPY . . RUN VERSION=$(git describe --tags --abbrev=0) && \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/detect/codec/encodings.go new/gitleaks-8.30.1/detect/codec/encodings.go --- old/gitleaks-8.30.0/detect/codec/encodings.go 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/detect/codec/encodings.go 2026-03-12 16:40:37.000000000 +0100 @@ -3,8 +3,9 @@ import ( "fmt" "math" - "regexp" "strings" + + "github.com/zricethezav/gitleaks/v8/regexp" ) var ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/detect/codec/unicode.go new/gitleaks-8.30.1/detect/codec/unicode.go --- old/gitleaks-8.30.0/detect/codec/unicode.go 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/detect/codec/unicode.go 2026-03-12 16:40:37.000000000 +0100 @@ -2,10 +2,11 @@ import ( "bytes" - "regexp" "strconv" "strings" "unicode/utf8" + + "github.com/zricethezav/gitleaks/v8/regexp" ) var ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/go.mod new/gitleaks-8.30.1/go.mod --- old/gitleaks-8.30.0/go.mod 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/go.mod 2026-03-12 16:40:37.000000000 +0100 @@ -1,6 +1,6 @@ module github.com/zricethezav/gitleaks/v8 -go 1.25.4 +go 1.24.11 require ( github.com/BobuSumisu/aho-corasick v1.0.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/report/template.go new/gitleaks-8.30.1/report/template.go --- old/gitleaks-8.30.0/report/template.go 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/report/template.go 2026-03-12 16:40:37.000000000 +0100 @@ -29,7 +29,13 @@ // TODO: Add helper functions like escaping for JSON, XML, etc. t := template.New("custom") - t = t.Funcs(sprig.TxtFuncMap()) + + funcMap := sprig.TxtFuncMap() + delete(funcMap, "env") + delete(funcMap, "expandenv") + delete(funcMap, "getHostByName") + + t = t.Funcs(funcMap) t, err = t.Parse(templateText) if err != nil { return nil, fmt.Errorf("error parsing file: %w", err) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.30.0/report/template_test.go new/gitleaks-8.30.1/report/template_test.go --- old/gitleaks-8.30.0/report/template_test.go 2025-11-26 17:25:37.000000000 +0100 +++ new/gitleaks-8.30.1/report/template_test.go 2026-03-12 16:40:37.000000000 +0100 @@ -96,3 +96,52 @@ }) } } + +func TestTemplateDangerousFunctions(t *testing.T) { + tests := []struct { + name string + template string + wantErr string + }{ + { + name: "env is blocked", + template: `{{ env "SECRET" }}`, + wantErr: `function "env" not defined`, + }, + { + name: "expandenv is blocked", + template: `{{ expandenv "$SECRET" }}`, + wantErr: `function "expandenv" not defined`, + }, + { + name: "getHostByName is blocked", + template: `{{ getHostByName "localhost" }}`, + wantErr: `function "getHostByName" not defined`, + }, + { + name: "now is allowed (benign)", + template: `{{ now | date "2006-01-02" }}`, + wantErr: "", // should not error on parse + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tmpfile, err := os.CreateTemp(t.TempDir(), "test*.tmpl") + require.NoError(t, err) + defer os.Remove(tmpfile.Name()) + + _, err = tmpfile.WriteString(tt.template) + require.NoError(t, err) + tmpfile.Close() + + _, err = NewTemplateReporter(tmpfile.Name()) + if tt.wantErr != "" { + assert.Error(t, err) + assert.Contains(t, err.Error(), tt.wantErr) + } else { + assert.NoError(t, err) + } + }) + } +} ++++++ gitleaks.obsinfo ++++++ --- /var/tmp/diff_new_pack.TcbeiV/_old 2026-03-24 18:50:19.078043445 +0100 +++ /var/tmp/diff_new_pack.TcbeiV/_new 2026-03-24 18:50:19.082043610 +0100 @@ -1,5 +1,5 @@ name: gitleaks -version: 8.30.0 -mtime: 1764174337 -commit: 6eaad039603a4de39fddd1cf5f727391efe9974e +version: 8.30.1 +mtime: 1773330037 +commit: 83d9cd684c87d95d656c1458ef04895a7f1cbd8e ++++++ vendor.tar.gz ++++++
