Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2023-07-04 15:21:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.23466 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Tue Jul 4 15:21:56 2023 rev:55 rq:1096591 version:0.43.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2023-06-29 17:29:31.742681324 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.23466/trivy.changes 2023-07-04 15:22:12.970146577 +0200 @@ -1,0 +2,59 @@ +Mon Jul 03 13:22:20 UTC 2023 - dmuel...@suse.com + +- Update to version 0.43.0: + * chore(deps): Update defsec to v0.90.1 (#4739) + * feat(nodejs): support yarn workspaces (#4664) + * feat(cli): add include-dev-deps flag (#4700) + * fix(image): pass the secret scanner option to scan the img config (#4735) + * fix: scan job pod it not found on k8s-1.27.x (#4729) + * feat(docker): add support for mTLS authentication when connecting to registry (#4649) + * chore(deps): Update defsec to v0.90.0 (#4723) + * fix: skip scanning the gpg-pubkey package (#4720) + * Fix http registry oci pull (#4701) + * feat(misconf): Support skipping services (#4686) + * docs: fix supported modes for pubspec.lock files (#4713) + * fix(misconf): disable the terraform plan analyzer for other scanners (#4714) + * clarifying a dir path is required for custom policies (#4716) + * chore: update alpine base images (#4715) + * fix last-history-created (#4697) + * feat: kbom and cyclonedx v1.5 spec support (#4708) + * docs: add information about Aqua (#4590) + * fix: k8s escape resource filename on windows os (#4693) + * ci: ignore merge queue branches (#4696) + * chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695) + * chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694) + * feat: cyclondx sbom custom property support (#4688) + * ci: do not trigger tests in main (#4692) + * add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690) + * use group field for jar in cyclonedx (#4674) + * feat(java): capture licenses from pom.xml (#4681) + * feat(helm): make sessionAffinity configurable (#4623) + * fix: Show the correct URL of the secret scanning (#4682) + * document expected file pattern definition format (#4654) + * fix: format arg error (#4642) + * feat(k8s): cyclonedx kbom support (#4557) + * fix(nodejs): remove unused fields for the pnpm lockfile (#4630) + * fix(vm): update ext4-filesystem parser for parse multi block extents (#4616) + * ci: update build IDs (#4641) + * fix(debian): update EOL for Debian 12 (#4647) + * chore(deps): bump go-containerregistry (#4639) + * chore: unnecessary use of fmt.Sprintf (S1039) (#4637) + * fix(db): change argument order in Exists query for JavaDB (#4595) + * feat(aws): Add support to see successes in results (#4427) + * chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613) + * ci: do not trigger tests in main (#4614) + * chore(deps): bump sigstore/cosign-installer (#4609) + * chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608) + * ci: bypass the required status checks (#4611) + * ci: support merge queue (#3652) + * ci: matrix build for testing (#4587) + * feat: trivy k8s private registry support (#4567) + * docs: add general coverage page (#3859) + * chore: create SECURITY.md (#4601) + +------------------------------------------------------------------- +Fri Jun 30 15:06:47 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- add eol-dates.patch to list SLE/Leap 15.5 + +------------------------------------------------------------------- Old: ---- trivy-0.42.1.tar.zst New: ---- eol-dates.patch trivy-0.43.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.jizJtD/_old 2023-07-04 15:22:20.102189438 +0200 +++ /var/tmp/diff_new_pack.jizJtD/_new 2023-07-04 15:22:20.114189510 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.42.1 +Version: 0.43.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 @@ -25,6 +25,7 @@ URL: https://github.com/aquasecurity/trivy Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst +Patch1: eol-dates.patch BuildRequires: golang-packaging BuildRequires: zstd BuildRequires: golang(API) = 1.19 @@ -43,7 +44,7 @@ name of the container. %prep -%setup -qa1 +%autosetup -p1 -a1 %build export CGO_ENABLED=1 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.jizJtD/_old 2023-07-04 15:22:20.326190784 +0200 +++ /var/tmp/diff_new_pack.jizJtD/_new 2023-07-04 15:22:20.362191001 +0200 @@ -1,5 +1,5 @@ -mtime: 1687423182 -commit: bd3ac6761c4a78b56f49f38c55e1adafa000ce4c +mtime: 1688392392 +commit: de36092857fcbc957d70878ac2820425c07d1752 url: https://src.opensuse.org/dirkmueller/trivy.git -revision: bd3ac6761c4a78b56f49f38c55e1adafa000ce4c +revision: de36092857fcbc957d70878ac2820425c07d1752 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jizJtD/_old 2023-07-04 15:22:20.410191289 +0200 +++ /var/tmp/diff_new_pack.jizJtD/_new 2023-07-04 15:22:20.414191313 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.42.1</param> + <param name="revision">v0.43.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jizJtD/_old 2023-07-04 15:22:20.434191433 +0200 +++ /var/tmp/diff_new_pack.jizJtD/_new 2023-07-04 15:22:20.438191457 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">9a279fa7bb5ccdcda642f99ac2dfd80551082ee2</param></service></servicedata> + <param name="changesrevision">600819248ded6688801f6e92a9a49e9fa97b654b</param></service></servicedata> (No newline at EOF) ++++++ eol-dates.patch ++++++ >From 08770a6dfefcd1ad3c11abd395cef1af7c4a14a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= <d...@dmllr.de> Date: Fri, 30 Jun 2023 16:48:52 +0200 Subject: [PATCH] fix(suse): Add openSUSE Leap 15.5 eol date as well Taken directly from https://en.opensuse.org/Lifetime --- pkg/detector/ospkg/suse/suse.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go index 11a4d70c5a8..cbf0c4fd991 100644 --- a/pkg/detector/ospkg/suse/suse.go +++ b/pkg/detector/ospkg/suse/suse.go @@ -55,6 +55,7 @@ var ( "15.2": time.Date(2021, 11, 30, 23, 59, 59, 0, time.UTC), "15.3": time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC), "15.4": time.Date(2023, 11, 30, 23, 59, 59, 0, time.UTC), + "15.5": time.Date(2024, 12, 31, 23, 59, 59, 0, time.UTC), } ) ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.jizJtD/_old and /var/tmp/diff_new_pack.jizJtD/_new differ
