Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2023-11-08 22:19:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Wed Nov 8 22:19:14 2023 rev:59 rq:1124268 version:0.47.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2023-08-17 19:44:15.830869989 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.17445/trivy.changes 2023-11-08 22:20:34.977466262 +0100 @@ -1,0 +2,156 @@ +Tue Nov 07 12:24:51 UTC 2023 - [email protected] + +- Update to version 0.47.0: + * docs: add info that license scanning supports file-patterns flag (#5484) + * docs: add Zora integration into Ecosystem session (#5490) + * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) + * ci: use maximize build space for K8s tests (#5387) + * fix: correct error mismatch causing race in fast walks (#5516) + * docs: k8s vulnerability scanning (#5515) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506) + * chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493) + * docs: remove glad for java datasources (#5508) + * chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475) + * chore: remove unused logger attribute in amazon detector (#5476) + * fix: correct error mismatch causing race in fast walks (#5482) + * chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502) + * chore(deps): bump docker/build-push-action from 4 to 5 (#5500) + * chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491) + * fix(server): add licenses to `BlobInfo` message (#5382) + * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497) + * feat: scan vulns on k8s core component apps (#5418) + * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) + * chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472) + * fix(sbom): save digests for package/application when scanning SBOM files (#5432) + * docs: fix the broken link (#5454) + * docs: fix error when installing `PyYAML` for gh pages (#5462) + * fix(java): download java-db once (#5442) + * chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447) + * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) + * feat(misconf): Support `--ignore-policy` in config scans (#5359) + * docs(misconf): fix broken table for `Use container image` section (#5425) + * feat(dart): add graph support (#5374) + * refactor: define a new struct for scan targets (#5397) + * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) + * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) + * chore(deps): move to aws-sdk-go-v2 (#5381) + * docs: remove --scanners none (#5384) + * docs: Update container_image.md #5182 (#5193) + * feat(report): Add `InstalledFiles` field to Package (#4706) + * feat(k8s): add support for vulnerability detection (#5268) + * fix(python): override BOM in `requirements.txt` files (#5375) + * docs: add kbom documentation (#5363) + * test: use maximize build space for VM tests (#5362) + * chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365) + * fix(report): add escaping quotes in misconfig Title for asff template (#5351) + * ci: add workflow to check Go versions of dependencies (#5340) + * chore(deps): Upgrade defsec to v0.93.1 (#5348) + * chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300) + * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) + * fix: add config files to FS for post-analyzers (#5333) + * fix: fix MIME warnings after updating to Go 1.20 (#5336) + * build: fix a compile error with Go 1.21 (#5339) + * feat: added `Metadata` into the k8s resource's scan report (#5322) + * ci: check only PR's in `actions/stale` (#5337) + * chore: update adopters template (#5330) + * ci: do not trigger tests on the push event (#5313) + * fix(sbom): use PURL or Group and Name in case of Java (#5154) + * docs: add buildkite repository to ecosystem page (#5316) + * chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290) + * chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292) + * chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293) + * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286) + * chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289) + * chore: enable go-critic (#5302) + * chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288) + * chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287) + * close java-db client (#5273) + * chore(deps): bump docker/login-action from 2 to 3 (#5291) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294) + * chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304) + * chore(deps): bump github.com/opencontainers/image-spec (#5295) + * fix(report): removes git::http from uri in sarif (#5244) + * Improve the meaning of sentence (#5301) + * chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297) + * chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296) + * add app nil check (#5274) + * typo: in secret.md (#5281) + * docs: add info about `github` format (#5265) + * feat(dotnet): add license support for NuGet (#5217) + * docs: correctly export variables (#5260) + * chore: Add line numbers for lint output (#5247) + * chore(cli): disable java-db flags in server mode (#5263) + * feat(db): allow passing registry options (#5226) + * chore(deps): Bump up defsec to v0.93.0 (#5253) + * refactor(purl): use TypeApk from purl (#5232) + * chore: enable more linters (#5228) + * ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236) + * Fix typo on ide.md (#5239) + * refactor: use defined types (#5225) + * fix(purl): skip local Go packages (#5190) + * docs: update info about license scanning in Yarn projects (#5207) + * ci: auto apply labels (#5200) + * fix link (#5203) + * fix(purl): handle rust types (#5186) + * chore: auto-close issues (#5177) + * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093) + * fix(k8s): kbom support addons labels (#5178) + * test: validate SPDX with the JSON schema (#5124) + * chore: bump trivy-kubernetes-latest (#5161) + * docs: add 'Signature Verification' guide (#4731) + * docs: add image-scanner-with-trivy for ecosystem (#5159) + * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102) + * Update filtering.md (#5131) + * chore(deps): bump sigstore/cosign-installer (#5104) + * chore(deps): bump github.com/cyphar/filepath-securejoin (#5143) + * chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103) + * chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105) + * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126) + * chaging adopters discussion tempalte (#5091) + * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092) + * chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095) + * chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097) + * chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098) + * chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106) + * docs: add Bitnami (#5078) + * feat(docker): add support for scanning Bitnami components (#5062) + * feat: add support for .trivyignore.yaml (#5070) + * fix(terraform): improve detection of terraform files (#4984) + * feat: filter artifacts on --exclude-owned flag (#5059) + * fix(sbom): cyclonedx advisory should omit `null` value (#5041) + * build: maximize build space for build tests (#5072) + * feat: improve kbom component name (#5058) + * fix(pom): add licenses for pom artifacts (#5071) + * chore(deps): Update defsec to v0.92.0 (#5068) + * chore: bump Go to `1.20` (#5067) + * feat: PURL matching with qualifiers in OpenVEX (#5061) + * feat(java): add graph support for pom.xml (#4902) + * feat(swift): add vulns for cocoapods (#5037) + * fix: support image pull secret for additional workloads (#5052) + * fix: #5033 Superfluous double quote in html.tpl (#5036) + * docs(repo): update trivy repo usage and example (#5049) + * perf: Optimize Dockerfile for reduced layers and size (#5038) + * feat: scan K8s Resources Kind with --all-namespaces (#5043) + * fix: vulnerability typo (#5044) + * docs: adding a terraform tutorial to the docs (#3708) + * feat(report): add licenses to sarif format (#4866) + * feat(misconf): show the resource name in the report (#4806) + * chore: update alpine base images (#5015) + * feat: add Package.resolved swift files support (#4932) + * feat(nodejs): parse licenses in yarn projects (#4652) + * fix: k8s private registries support (#5021) + * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) + * feat(vuln): support last_affected field from osv (#4944) + * feat(server): add version endpoint (#4869) + * feat: k8s private registries support (#4987) + * fix(server): add indirect prop to package (#4974) + * docs: add coverage (#4954) + * feat(c): add location for lock file dependencies. (#4994) + * docs: adding blog post on ec2 (#4813) + * revert 32bit bins (#4977) + * chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917) + +------------------------------------------------------------------- Old: ---- trivy-0.44.1.tar.zst vendor.obscpio New: ---- trivy-0.47.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.S6E8Ha/_old 2023-11-08 22:20:37.521559723 +0100 +++ /var/tmp/diff_new_pack.S6E8Ha/_new 2023-11-08 22:20:37.525559870 +0100 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.44.1 +Version: 0.47.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 @@ -25,7 +25,7 @@ URL: https://github.com/aquasecurity/trivy Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst -BuildRequires: golang(API) = 1.19 +BuildRequires: golang(API) = 1.20 BuildRequires: golang-packaging BuildRequires: zstd Requires: ca-certificates ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.S6E8Ha/_old 2023-11-08 22:20:37.561561193 +0100 +++ /var/tmp/diff_new_pack.S6E8Ha/_new 2023-11-08 22:20:37.565561339 +0100 @@ -1,5 +1,5 @@ -mtime: 1692203616 -commit: fe5cccdebe8c3f80a50568289bbf4e65174e54d1 +mtime: 1699461074 +commit: e7076f0971c7963534b0ad701267258c921d4720 url: https://src.opensuse.org/dirkmueller/trivy.git -revision: fe5cccdebe8c3f80a50568289bbf4e65174e54d1 +revision: e7076f0971c7963534b0ad701267258c921d4720 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.S6E8Ha/_old 2023-11-08 22:20:37.585562074 +0100 +++ /var/tmp/diff_new_pack.S6E8Ha/_new 2023-11-08 22:20:37.589562221 +0100 @@ -1,20 +1,20 @@ <services> - <service name="tar_scm" mode="disabled"> + <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.44.1</param> + <param name="revision">v0.47.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> - <service name="recompress" mode="disabled"> + <service name="recompress" mode="manual"> <param name="file">trivy-*.tar</param> <param name="compression">zst</param> </service> - <service name="set_version" mode="disabled"> + <service name="set_version" mode="manual"> <param name="basename">trivy</param> </service> - <service name="go_modules" mode="disabled"> + <service name="go_modules" mode="manual"> <param name="compression">zst</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.S6E8Ha/_old 2023-11-08 22:20:37.613563103 +0100 +++ /var/tmp/diff_new_pack.S6E8Ha/_new 2023-11-08 22:20:37.613563103 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">f1052799894cc8a8480ff28e1c717a9d811876a2</param></service></servicedata> + <param name="changesrevision">d6df5fbcda878e43e5e02484304726ebe7c6c418</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.S6E8Ha/_old and /var/tmp/diff_new_pack.S6E8Ha/_new differ
