Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2026-06-22 17:37:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Mon Jun 22 17:37:57 2026 rev:35 rq:1360913 version:1.26.1 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2026-05-16 19:27:02.764234918 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1956/zizmor.changes 2026-06-22 17:38:09.000076630 +0200 @@ -1,0 +2,73 @@ +Sun Jun 21 12:19:33 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.26.1: + This is a small corrective release for 1.26.0. +- Update to version 1.26.0: + * New Features + - New audit: typosquat-uses detects uses: clauses that + reference likely typoed actions (#1985) + - New audit: unsound-ternary detects pseudo-ternary expressions + that don't evaluate as expected (#2085) + - New audit: adhoc-packages detects run: steps that install + packages in an ad-hoc manner (#2061) + * Enhancements + - The cache-poisoning audit now detects additional cache + disablement heuristics (#2053) + - The known-vulnerable-actions audit is now configurable. See + the configuration documentation for details (#2084) + - The excessive-permissions audit is now aware of the + code-quality permission (#2088) + - The unpinned-uses audit's auto-fix now uses the fully + qualified version tag (e.g. # v6.0.2) when fixing a + major-version ref (e.g. @v6) (#2127) + * Performance Improvements + - Most online audits are significantly faster, thanks to more + precise retry handling (#2036) + * Bug Fixes + - Fixed a bug where zizmor's LSP would not recognize + dependabot.yaml files in its default configuration (#2026) + - Fixed a bug where ref-version-mismatch would fail to fully + match some version comments (#2040) + - Fixed a bug where dependabot-cooldown would fail to honor the + user's configured days when performing autofixes (#2055) + - Steps and jobs gated by statically-false if: conditions (e.g. + if: false, if: ${{ false }}) are now skipped during auditing, + since they cannot execute (#2059, #2069) + - Fixed a bug where ref-version-mismatch would fail to identify + some valid version comments (#2073) + - Fixed a bug where unpinned-images would incorrectly flag + empty matrix expansions as unpinned container image + references (#2102) + - Fixed a bug where unpinned-images would incorrectly flag some + matrix expansions as unpinned (#2098) + - The SARIF (--format=sarif) and GitHub Annotations + (--format=github) output formats now provide more + correct/useful paths, particularly when the user provides a + relative path as input to zizmor rather than zizmor . (#1748, + #2095) + * Changes + - The impostor-commit audit no longer suggests auto-fixes, to + avoid incorrectly minimizing the amount of manual remediation + work needed (#2054) + - The JSON and SARIF outputs no longer contain a misleading + prefix key (#2095) + * Dependencies + - chore(deps): bump http from 1.4.1 to 1.4.2 in the cargo group + (#2125) + - chore(deps): bump the github-actions group across 1 directory + with 3 updates (#2119) + - chore(deps): bump the cargo group across 1 directory with 2 + updates (#2118) + - chore(deps): bump CodSpeedHQ/action from 4.15.1 to 4.17.0 in + the github-actions group (#2109) + - chore(deps): bump the github-actions group with 5 updates + (#2091) + - chore(deps): bump the cargo group with 5 updates (#2090) + - chore(deps): bump the cargo group with 3 updates (#2066) + - chore(deps): bump the github-actions group with 2 updates + (#2067) + - chore(deps): bump the cargo group with 3 updates (#2034) + - chore(deps): bump the github-actions group with 2 updates + (#2035) + +------------------------------------------------------------------- Old: ---- zizmor-1.25.2.obscpio New: ---- zizmor-1.26.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.3Sl8xU/_old 2026-06-22 17:38:10.748137756 +0200 +++ /var/tmp/diff_new_pack.3Sl8xU/_new 2026-06-22 17:38:10.752137896 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.25.2 +Version: 1.26.1 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT @@ -92,7 +92,8 @@ %{buildroot}/%{_bindir}/%{name} --completions=zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name} %check -%{cargo_test} +# https://github.com/zizmorcore/zizmor/issues/2139 +%{cargo_test} -- --skip e2e::issue_1745 %files %doc README.md ++++++ _service ++++++ --- /var/tmp/diff_new_pack.3Sl8xU/_old 2026-06-22 17:38:10.828140554 +0200 +++ /var/tmp/diff_new_pack.3Sl8xU/_new 2026-06-22 17:38:10.832140693 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.25.2</param> + <param name="revision">v1.26.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.3Sl8xU/_old 2026-06-22 17:38:10.860141672 +0200 +++ /var/tmp/diff_new_pack.3Sl8xU/_new 2026-06-22 17:38:10.864141813 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">b50d8f60e27e0084aa3a5f5dff46054a8253ac2a</param></service></servicedata> + <param name="changesrevision">597db4d7dc5730bdc1370197bf5678a5ca028abb</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1956/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.25.2.obscpio -> zizmor-1.26.1.obscpio ++++++ ++++ 13615 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.3Sl8xU/_old 2026-06-22 17:38:11.568166431 +0200 +++ /var/tmp/diff_new_pack.3Sl8xU/_new 2026-06-22 17:38:11.584166990 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.25.2 -mtime: 1778909818 -commit: b50d8f60e27e0084aa3a5f5dff46054a8253ac2a +version: 1.26.1 +mtime: 1782009199 +commit: 597db4d7dc5730bdc1370197bf5678a5ca028abb
