commit trivy for openSUSE:Factory

Source-Sync Mon, 02 Jan 2023 06:02:33 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package trivy for openSUSE:Factory checked 
in at 2023-01-02 15:02:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trivy (Old)
 and      /work/SRC/openSUSE:Factory/.trivy.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "trivy"

Mon Jan  2 15:02:13 2023 rev:39 rq:1046089 version:0.36.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/trivy/trivy.changes      2022-11-28 
11:07:31.959882083 +0100
+++ /work/SRC/openSUSE:Factory/.trivy.new.1563/trivy.changes    2023-01-02 
15:02:15.345380416 +0100
@@ -1,0 +2,58 @@
+Mon Jan 02 08:27:43 UTC 2023 - dmuel...@suse.com
+
+- Update to version 0.36.0:
+  * docs: improve compliance docs (#3340)
+  * feat(deps): add yarn lock dependency tree (#3348)
+  * fix: compliance change id and title naming (#3349)
+  * feat: add support for mix.lock files for elixir language (#3328)
+  * feat: add k8s cis bench (#3315)
+  * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch 
(#3322)
+  * revert: cache merged layers (#3334)
+  * feat(cyclonedx): add recommendation (#3336)
+  * feat(ubuntu): added support ubuntu ESM versions (#1893)
+  * fix: change logic to build relative paths for skip-dirs and skip-files 
(#3331)
+  * chore(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 2.0.1 
(#3265)
+  * feat: Adding support for Windows testing (#3037)
+  * feat: add support for Alpine 3.17 (#3319)
+  * docs: change PodFile.lock to Podfile.lock (#3318)
+  * fix(sbom): support for the detection of old CycloneDX predicate type 
(#3316)
+  * feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
+  * chore(go): remove experimental FS API usage in Wasm (#3299)
+  * ci: add workflow to add issues to roadmap project (#3292)
+  * fix(vuln): include duplicate vulnerabilities with different package paths 
in the final report (#3275)
+  * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#3250)
+  * feat(sbom): better support for third-party SBOMs (#3262)
+  * docs: add information about languages with support for dependency 
locations (#3306)
+  * feat(vm): add `region` option to vm scan to be able to scan any region's 
ami and ebs snapshots (#3284)
+  * chore(deps): bump github.com/Azure/azure-sdk-for-go from 
66.0.0+incompatible to 67.1.0+incompatible (#3251)
+  * fix(vuln): change severity vendor priority for ghsa-ids and vulns from 
govuln (#3255)
+  * docs: remove comparisons (#3289)
+  * feat: add support for Wolfi Linux (#3215)
+  * ci: add go.mod to canary workflow (#3288)
+  * feat(python): skip dev dependencies (#3282)
+  * chore: update ubuntu version for Github action runnners (#3257)
+  * fix(go): skip dep without Path for go-binaries (#3254)
+  * feat(rust): add ID for cargo pgks (#3256)
+  * chore(deps): bump github.com/samber/lo from 1.33.0 to 1.36.0 (#3263)
+  * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 
(#3253)
+  * feat: add support for swift cocoapods lock files (#2956)
+  * fix(sbom): use proper constants (#3286)
+  * chore(deps): bump golang.org/x/term from 0.1.0 to 0.3.0 (#3278)
+  * test(vm): import relevant analyzers (#3285)
+  * feat: support scan remote repository (#3131)
+  * docs: fix typo in fluxcd (#3268)
+  * docs: fix broken "ecosystem" link in readme (#3280)
+  * feat(misconf): Add compliance check support (#3130)
+  * docs: Adding Concourse resource for trivy (#3224)
+  * chore(deps): change golang from 1.19.2 to 1.19 (#3249)
+  * fix(sbom): duplicate dependson (#3261)
+  * chore(deps): bump alpine from 3.16.2 to 3.17.0 (#3247)
+  * chore(go): updates wazero to 1.0.0-pre.4 (#3242)
+  * feat(report): add dependency locations to sarif format (#3210)
+  * fix(rpm): add rocky to osVendors (#3241)
+  * docs: fix a typo (#3236)
+  * feat(dotnet): add dependency parsing for nuget lock files (#3222)
+  * docs: add pre-commit hook to community tools (#3203)
+  * feat(helm): pass arbitrary env vars to trivy (#3208)
+
+-------------------------------------------------------------------

Old:
----
  trivy-0.35.0.tar.gz

New:
----
  trivy-0.36.0.tar.zst

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ trivy.spec ++++++
--- /var/tmp/diff_new_pack.dvRpi1/_old  2023-01-02 15:02:17.549392802 +0100
+++ /var/tmp/diff_new_pack.dvRpi1/_new  2023-01-02 15:02:17.553392825 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package trivy
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,13 @@
 
 %global goipath github.com/aquasecurity/trivy
 Name:           trivy
-Version:        0.35.0
+Version:        0.36.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/aquasecurity/trivy
-Source:         %{name}-%{version}.tar.gz
+Source:         %{name}-%{version}.tar.zst
 Source1:        vendor.tar.zst
 BuildRequires:  golang-packaging
 BuildRequires:  zstd

++++++ _service ++++++
--- /var/tmp/diff_new_pack.dvRpi1/_old  2023-01-02 15:02:17.601393095 +0100
+++ /var/tmp/diff_new_pack.dvRpi1/_new  2023-01-02 15:02:17.605393117 +0100
@@ -2,14 +2,14 @@
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.35.0</param>
+    <param name="revision">v0.36.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">trivy-*.tar</param>
-    <param name="compression">gz</param>
+    <param name="compression">zst</param>
   </service>
   <service name="set_version" mode="disabled">
     <param name="basename">trivy</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.dvRpi1/_old  2023-01-02 15:02:17.629393252 +0100
+++ /var/tmp/diff_new_pack.dvRpi1/_new  2023-01-02 15:02:17.633393274 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param 
name="changesrevision">bd30e983e3b9444dd750478b6976ed79fbf7d4e5</param></service></servicedata>
+              <param 
name="changesrevision">4813cf5cfdaf22d3caf8ca2a2cc89448a5ef994f</param></service></servicedata>
 (No newline at EOF)
 

++++++ vendor.tar.zst ++++++
Binary files /var/tmp/diff_new_pack.dvRpi1/_old and 
/var/tmp/diff_new_pack.dvRpi1/_new differ

commit trivy for openSUSE:Factory

Reply via email to