Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package steampipe for openSUSE:Factory checked in at 2026-06-08 16:47:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/steampipe (Old) and /work/SRC/openSUSE:Factory/.steampipe.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "steampipe" Mon Jun 8 16:47:25 2026 rev:20 rq:1357963 version:2.4.4 Changes: -------- --- /work/SRC/openSUSE:Factory/steampipe/steampipe.changes 2026-04-23 19:22:22.785334040 +0200 +++ /work/SRC/openSUSE:Factory/.steampipe.new.2375/steampipe.changes 2026-06-08 16:47:28.306790534 +0200 @@ -1,0 +2,10 @@ +Mon Jun 08 11:40:28 UTC 2026 - Felix Niederwanger <[email protected]> + +- Update to version 2.4.4: + * v2.4.4 (#5003) + * Bump FdwVersion to 2.2.3 (FDW security release for CVE-2026-41889) (#4996) + * Bump go-jose/v4 + otel/sdk for CVEs; add v2.4.3 CHANGELOG (#4995) + * Bump github.com/jackc/pgx/v5 to v5.9.2 (CVE-2026-41889) (#4990) + * Add CHANGELOG.md entry for v2.4.2 (#4984) + +------------------------------------------------------------------- Old: ---- steampipe-2.4.2.obscpio New: ---- steampipe-2.4.4.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ steampipe.spec ++++++ --- /var/tmp/diff_new_pack.iWnNkR/_old 2026-06-08 16:47:29.986860202 +0200 +++ /var/tmp/diff_new_pack.iWnNkR/_new 2026-06-08 16:47:29.990860368 +0200 @@ -17,7 +17,7 @@ Name: steampipe -Version: 2.4.2 +Version: 2.4.4 Release: 0 Summary: Query various APIs and services via SQL language License: AGPL-3.0-only ++++++ _service ++++++ --- /var/tmp/diff_new_pack.iWnNkR/_old 2026-06-08 16:47:30.066863520 +0200 +++ /var/tmp/diff_new_pack.iWnNkR/_new 2026-06-08 16:47:30.070863686 +0200 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/turbot/steampipe.git</param> <param name="scm">git</param> - <param name="revision">v2.4.2</param> + <param name="revision">v2.4.4</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.iWnNkR/_old 2026-06-08 16:47:30.102865013 +0200 +++ /var/tmp/diff_new_pack.iWnNkR/_new 2026-06-08 16:47:30.110865345 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/turbot/steampipe.git</param> - <param name="changesrevision">90cfc54cf0e8e6811ae66b64ac4d8d017ec36db5</param></service></servicedata> + <param name="changesrevision">49ee0b8f32640ae8d007ad8cf90a8ac82840cb27</param></service></servicedata> (No newline at EOF) ++++++ steampipe-2.4.2.obscpio -> steampipe-2.4.4.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/steampipe-2.4.2/CHANGELOG.md new/steampipe-2.4.4/CHANGELOG.md --- old/steampipe-2.4.2/CHANGELOG.md 2026-04-22 15:42:52.000000000 +0200 +++ new/steampipe-2.4.4/CHANGELOG.md 2026-05-25 15:54:07.000000000 +0200 @@ -1,3 +1,21 @@ +## v2.4.4 [2026-05-25] +_Bug fixes_ +- Update embedded `steampipe-postgres-fdw` to `v2.2.4` — fixes `statement_timeout`, `pg_cancel_backend`, and `pg_terminate_backend` having no effect when a plugin's gRPC stream stalls. Affected sessions previously held `AccessShareLock` indefinitely, blocking partition swaps and other DDL until restart. ([steampipe-postgres-fdw#671](https://github.com/turbot/steampipe-postgres-fdw/issues/671)) + +## v2.4.3 [2026-05-19] +_Dependencies_ +- Bump `jackc/pgx/v5` from v5.7.6 to v5.9.2 to remediate CVE-2026-41889. ([#4990](https://github.com/turbot/steampipe/pull/4990)) +- Bump `go-jose/go-jose/v4` from v4.1.3 to v4.1.4 to remediate CVE-2026-34986. +- Bump `go.opentelemetry.io/otel/sdk` from v1.40.0 to v1.43.0 to remediate CVE-2026-24051 and CVE-2026-39883. +- Update embedded `steampipe-postgres-fdw` to `v2.2.3` (carries the pgx v5.9.2 / CVE-2026-41889 fix). + +## v2.4.2 [2026-04-22] +_Bug fixes_ +- Fix `steampipe plugin install` failing with an opaque `403 Forbidden` when stale GHCR credentials are present in `~/.docker/config.json` (e.g. from a prior `docker login`). Now retries the OCI pull anonymously when stored credentials are rejected. ([pipe-fittings#792](https://github.com/turbot/pipe-fittings/pull/792)) + +_Dependencies_ +- Bump `pipe-fittings/v2` from v2.9.0 to v2.9.1. + ## v2.4.0 [2026-02-27] _Whats new_ - Compiled with Go 1.26. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/steampipe-2.4.2/go.mod new/steampipe-2.4.4/go.mod --- old/steampipe-2.4.2/go.mod 2026-04-22 15:42:52.000000000 +0200 +++ new/steampipe-2.4.4/go.mod 2026-05-25 15:54:07.000000000 +0200 @@ -23,7 +23,7 @@ github.com/hashicorp/go-plugin v1.7.0 github.com/hashicorp/go-version v1.7.0 github.com/hashicorp/hcl/v2 v2.24.0 - github.com/jackc/pgx/v5 v5.7.6 + github.com/jackc/pgx/v5 v5.9.2 github.com/jedib0t/go-pretty/v6 v6.6.9 github.com/karrick/gows v0.3.0 github.com/mattn/go-isatty v0.0.20 @@ -162,18 +162,18 @@ github.com/zclconf/go-cty-yaml v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect - go.opentelemetry.io/otel v1.40.0 // indirect + go.opentelemetry.io/otel v1.43.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect - go.opentelemetry.io/otel/metric v1.40.0 // indirect - go.opentelemetry.io/otel/sdk v1.40.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect - go.opentelemetry.io/otel/trace v1.40.0 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/otel/sdk v1.43.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect + go.opentelemetry.io/otel/trace v1.43.0 // indirect go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sys v0.40.0 + golang.org/x/sys v0.42.0 golang.org/x/term v0.39.0 // indirect golang.org/x/time v0.12.0 // indirect golang.org/x/tools v0.40.0 // indirect @@ -204,7 +204,7 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/logrusorgru/aurora v2.0.3+incompatible // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/steampipe-2.4.2/go.sum new/steampipe-2.4.4/go.sum --- old/steampipe-2.4.2/go.sum 2026-04-22 15:42:52.000000000 +0200 +++ new/steampipe-2.4.4/go.sum 2026-05-25 15:54:07.000000000 +0200 @@ -833,8 +833,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -1036,8 +1036,8 @@ github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= -github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= +github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw= +github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -1294,8 +1294,8 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= -go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= -go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 h1:QcFwRrZLc82r8wODjvyCbP7Ifp3UANaBSmhDSFjnqSc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0/go.mod h1:CXIWhUomyWBG/oY2/r/kLp6K/cmx9e/7DLpBuuGdLCA= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= @@ -1304,14 +1304,14 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I= -go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= -go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= -go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= -go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= -go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= -go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= -go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= -go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -1611,8 +1611,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= -golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/steampipe-2.4.2/pkg/constants/db.go new/steampipe-2.4.4/pkg/constants/db.go --- old/steampipe-2.4.2/pkg/constants/db.go 2026-04-22 15:42:52.000000000 +0200 +++ new/steampipe-2.4.4/pkg/constants/db.go 2026-05-25 15:54:07.000000000 +0200 @@ -28,7 +28,7 @@ // constants for installing db and fdw images const ( DatabaseVersion = "14.19.0" - FdwVersion = "2.2.2" + FdwVersion = "2.2.4" // PostgresImageRef is the OCI Image ref for the database binaries PostgresImageRef = "ghcr.io/turbot/steampipe/db:14.19.0" ++++++ steampipe.obsinfo ++++++ --- /var/tmp/diff_new_pack.iWnNkR/_old 2026-06-08 16:47:31.586926553 +0200 +++ /var/tmp/diff_new_pack.iWnNkR/_new 2026-06-08 16:47:31.590926719 +0200 @@ -1,5 +1,5 @@ name: steampipe -version: 2.4.2 -mtime: 1776865372 -commit: 90cfc54cf0e8e6811ae66b64ac4d8d017ec36db5 +version: 2.4.4 +mtime: 1779717247 +commit: 49ee0b8f32640ae8d007ad8cf90a8ac82840cb27 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/steampipe/vendor.tar.gz /work/SRC/openSUSE:Factory/.steampipe.new.2375/vendor.tar.gz differ: char 116, line 2
