Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gosec for openSUSE:Factory checked
in at 2023-10-10 20:59:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gosec (Old)
and /work/SRC/openSUSE:Factory/.gosec.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec"
Tue Oct 10 20:59:54 2023 rev:11 rq:1116475 version:2.18.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2023-08-18
19:28:33.067336558 +0200
+++ /work/SRC/openSUSE:Factory/.gosec.new.28202/gosec.changes 2023-10-10
21:00:41.318927451 +0200
@@ -1,0 +2,48 @@
+Mon Oct 9 13:23:33 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- Packaging improvements:
+ * Summary and Description clarify the purpose of this CLI tool
+ * Use Group: Development/Languages/Go instead of Other
+ * Drop BuildRequires: golang-packaging. The recommended Go
+ toolchain dependency is BuildRequires: golang(API) >= 1.x or
+ optionally the metapackage BuildRequires: go
+ * Drop Requires: golang-packaging. The original macros for file
+ movements into GOPATH are obsolete with Go modules. Macro
+ go_nostrip is no longer needed with current binutils and Go.
+ * Remove %%{go_nostrip} macro which is no longer recommended
+
+-------------------------------------------------------------------
+Mon Oct 09 09:02:02 UTC 2023 - felix.niederwan...@suse.com
+
+- Update to version 2.18.0:
+ * Update the action to use gosec version v2.18.0 (#1029)
+ * Use a step ID in github release action to get the digest of the image
(#1028)
+ * Update to go version 1.21.2 and 1.20.9 (#1027)
+ * chore(deps): update all dependencies (#1026)
+ * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
+ * Fix typos in struct fields, comments, and docs (#1023)
+ * chore(deps): update all dependencies
+ * Fix lint warning
+ * Add a new rule which detects when a file is created with os.Create but the
configured permissions are less than 0666
+ * Fix lint warnings
+ * Update ginkgo to latest version
+ * Redesign and reimplement the slice out of bounds check using SSA code
representation
+ * docs: add reMarkable to users list
+ * chore(deps): update all dependencies
+ * Drop support for go 1.19.x since go team doesn't ship anymore security
fixes for it
+ * Update to latest go version
+ * chore(deps): update all dependencies (#1011)
+ * Fix hardcoded_credentials rule to only match on more specific patterns
(#1009)
+ * chore(deps): update all dependencies (#1008)
+ * Exclude maps from slince bounce check rule (#1006)
+ * Ignore struct pointers in G601 (#1003)
+ * Update gosec image version to 2.17.0 in the Github action (#1002)
+- Packaging improvements:
+ * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
+ The go metapackage points to a single go version that
+ increments at a date TBD after each go1.x major release. The
+ expression golang(API) is available immediately upon each go1.x
+ major release and is stable for expressing the minimum version
+ or a temporarily pinned version.
+
+-------------------------------------------------------------------
Old:
----
gosec-2.17.0.obscpio
New:
----
gosec-2.18.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gosec.spec ++++++
--- /var/tmp/diff_new_pack.CAMELP/_old 2023-10-10 21:00:43.198995628 +0200
+++ /var/tmp/diff_new_pack.CAMELP/_new 2023-10-10 21:00:43.202995773 +0200
@@ -1,7 +1,7 @@
#
# spec file for package gosec
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,20 +17,20 @@
Name: gosec
-Version: 2.17.0
+Version: 2.18.0
Release: 0
-Summary: Golang security checker
+Summary: CLI tool to scan the Go AST and SSA code representations for
security problems
License: Apache-2.0
-Group: Development/Languages/Other
+Group: Development/Languages/Go
URL: https://github.com/securego/gosec
Source: gosec-%{version}.tar.xz
Source1: vendor.tar.gz
-BuildRequires: go >= 1.20
-BuildRequires: golang-packaging
-%{go_nostrip}
+BuildRequires: golang(API) >= 1.20
%description
-Inspects source code for security problems by scanning the go abstract syntax
tree.
+CLI tool to inspect Go source code for security problems by scanning the
+abstract syntax tree (AST) and static single-assignment (SSA) code
+representations.
%prep
%autosetup -D -a 1
++++++ _service ++++++
--- /var/tmp/diff_new_pack.CAMELP/_old 2023-10-10 21:00:43.242997224 +0200
+++ /var/tmp/diff_new_pack.CAMELP/_new 2023-10-10 21:00:43.250997513 +0200
@@ -3,7 +3,7 @@
<param name="filename">gosec</param>
<param name="url">https://github.com/securego/gosec.git</param>
<param name="scm">git</param>
- <param name="version">v2.17.0</param>
+ <param name="version">v2.18.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
++++++ gosec-2.17.0.obscpio -> gosec-2.18.0.obscpio ++++++
++++ 2444 lines of diff (skipped)
++++++ gosec.obsinfo ++++++
--- /var/tmp/diff_new_pack.CAMELP/_old 2023-10-10 21:00:43.443004476 +0200
+++ /var/tmp/diff_new_pack.CAMELP/_new 2023-10-10 21:00:43.447004621 +0200
@@ -1,5 +1,5 @@
name: gosec
-version: 2.17.0
-mtime: 1692258781
-commit: 6a2c5e16a1ffeee4e64cfe2fe830f8e9d1d09c98
+version: 2.18.0
+mtime: 1696840672
+commit: 3952187ea76579f7b405e90336a90a56114a4119
++++++ vendor.tar.gz ++++++
++++ 8123 lines of diff (skipped)
