commit trivy for openSUSE:Factory

Source-Sync Thu, 01 Aug 2024 13:15:33 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package trivy for openSUSE:Factory checked 
in at 2024-08-01 22:06:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trivy (Old)
 and      /work/SRC/openSUSE:Factory/.trivy.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "trivy"

Thu Aug  1 22:06:07 2024 rev:68 rq:1191012 version:0.54.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/trivy/trivy.changes      2024-07-25 
16:03:35.614033929 +0200
+++ /work/SRC/openSUSE:Factory/.trivy.new.7232/trivy.changes    2024-08-01 
22:06:55.186630427 +0200
@@ -1,0 +2,70 @@
+Thu Aug 01 12:24:35 UTC 2024 - dmuel...@suse.com
+
+- Update to version 0.54.1:
+  * release: v0.54.1 [release/v0.54] (#7282)
+  * fix(flag): incorrect behavior for deprected flag `--clear-cache` 
[backport: release/v0.54] (#7285)
+  * fix(java): Return error when trying to find a remote pom to avoid segfault 
[backport: release/v0.54] (#7283)
+  * fix(plugin): do not call GitHub content API for releases and tags 
[backport: release/v0.54] (#7279)
+  * release: v0.54.0 [main] (#7075)
+  * docs: update ecosystem page reporting with plopsec.com app (#7262)
+  * chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
+  * feat(vex): retrieve VEX attestations from OCI registries (#7249)
+  * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)
+  * refactor(flag): return error if both `--download-db-only` and 
`--download-java-db-only` are specified (#7259)
+  * fix(nodejs): detect direct dependencies when using `latest` version for 
files `yarn.lock` + `package.json` (#7110)
+  * fix(java): avoid panic if deps from `pom` in `it` dir are not found (#7245)
+  * chore: show VEX notice for OSS maintainers in CI environments (#7246)
+  * feat(vuln): add `--pkg-relationships` (#7237)
+  * docs: show VEX cli pages + update config file page for VEX flags (#7244)
+  * fix(dotnet): show `nuget package dir not found` log only when checking 
`nuget` packages (#7194)
+  * chore(deps): bump the common group across 1 directory with 17 updates 
(#7230)
+  * feat(vex): VEX Repository support (#7206)
+  * fix(secret): skip regular strings contain secret patterns (#7182)
+  * feat: share build-in rules (#7207)
+  * fix(report): hide empty table when all secrets/license/misconfigs are 
ignored (#7171)
+  * fix(cli): error on missing config file (#7154)
+  * fix(secret): update length of `hugging-face-access-token` (#7216)
+  * feat(sbom): add vulnerability support for SPDX formats (#7213)
+  * ci: use free runner for all tests except `build tests` (#7215)
+  * chore(deps): bump the docker group across 1 directory with 2 updates 
(#7208)
+  * fix(secret): trim excessively long lines (#7192)
+  * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 
(#7201)
+  * fix(server): pass license categories to options (#7203)
+  * feat(mariner): Add support for Azure Linux (#7186)
+  * docs: updates config file (#7188)
+  * refactor(fs): remove unused field for CompositeFS (#7195)
+  * fix(dotnet): don't include non-runtime libraries into report for 
`*.deps.json` files (#7039)
+  * chore(deps): bump goreleaser from `v2.0.0` to `v2.1.0` (#7162)
+  * fix: add missing platform and type to spec (#7149)
+  * chore(deps): bump the aws group with 6 updates (#7166)
+  * feat(misconf): enabled China configuration for ACRs (#7156)
+  * fix: close file when failed to open gzip (#7164)
+  * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
+  * docs(misconf): add info about limitations for terraform plan json (#7143)
+  * chore: add VEX for Trivy images (#7140)
+  * chore(deps): bump the common group across 1 directory with 7 updates 
(#7125)
+  * chore: add VEX document and generator for Trivy  (#7128)
+  * fix(misconf): do not evaluate TF when a load error occurs (#7109)
+  * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)
+  * refactor(secret): move warning about file size after `IsBinary` check 
(#7123)
+  * chore(deps): bump the docker group with 2 updates (#7116)
+  * feat: add openSUSE tumbleweed detection and scanning (#6965)
+  * test: add missing advisory details for integration tests database (#7122)
+  * fix: Add dependencyManagement exclusions to the child exclusions (#6969)
+  * chore(deps): bump the aws group with 4 updates (#7115)
+  * fix: ignore nodes when listing permission is not allowed (#7107)
+  * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088)
+  * refactor(secret): add warning about large files (#7085)
+  * feat(nodejs): add license parser to pnpm analyser (#7036)
+  * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
+  * feat: add `log.FilePath()` function for logger (#7080)
+  * chore: bump golangci-lint from v1.58 to v1.59 (#7077)
+  * chore(deps): bump the common group across 1 directory with 23 updates 
(#7066)
+  * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation 
(#7065)
+  * refactor: pass DB dir to trivy-db (#7057)
+  * docs: navigate to the release highlights and summary (#7072)
+  * chore(deps): bump the github-actions group with 2 updates (#7067)
+-  drop add-opensuse-tumbleweed-db.patch,
+   add-opensuse-tumbleweed-support.patch: merged upstream
+
+-------------------------------------------------------------------

Old:
----
  add-opensuse-tumbleweed-db.patch
  add-opensuse-tumbleweed-support.patch
  trivy-0.53.0.tar.zst

New:
----
  trivy-0.54.1.tar.zst

BETA DEBUG BEGIN:
  Old:  * chore(deps): bump the github-actions group with 2 updates (#7067)
-  drop add-opensuse-tumbleweed-db.patch,
   add-opensuse-tumbleweed-support.patch: merged upstream
  Old:-  drop add-opensuse-tumbleweed-db.patch,
   add-opensuse-tumbleweed-support.patch: merged upstream
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ trivy.spec ++++++
--- /var/tmp/diff_new_pack.vteEgw/_old  2024-08-01 22:06:57.310718075 +0200
+++ /var/tmp/diff_new_pack.vteEgw/_new  2024-08-01 22:06:57.314718239 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           trivy
-Version:        0.53.0
+Version:        0.54.1
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@@ -25,9 +25,6 @@
 URL:            https://github.com/aquasecurity/trivy
 Source:         %{name}-%{version}.tar.zst
 Source1:        vendor.tar.zst
-# From https://github.com/aquasecurity/trivy-db/pull/411.patch
-Patch1:         add-opensuse-tumbleweed-db.patch
-Patch2:         
https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
 BuildRequires:  golang(API) = 1.22
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
@@ -47,10 +44,6 @@
 
 %prep
 %setup -a1
-pushd vendor/github.com/aquasecurity/trivy-db
-%patch -P 1 -p1
-popd
-%patch -P 2 -p1
 
 %build
 export CGO_ENABLED=1

++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.vteEgw/_old  2024-08-01 22:06:57.350719725 +0200
+++ /var/tmp/diff_new_pack.vteEgw/_new  2024-08-01 22:06:57.354719890 +0200
@@ -1,5 +1,5 @@
-mtime: 1721900438
-commit: c709c9b19354ffa52c7fe7938c785c7f7f230d2932bd0885306431f73d5399fe
+mtime: 1722525389
+commit: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00
 url: https://src.opensuse.org/dirkmueller/trivy.git
-revision: c709c9b19354ffa52c7fe7938c785c7f7f230d2932bd0885306431f73d5399fe
+revision: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00
 

++++++ _service ++++++
--- /var/tmp/diff_new_pack.vteEgw/_old  2024-08-01 22:06:57.374720716 +0200
+++ /var/tmp/diff_new_pack.vteEgw/_new  2024-08-01 22:06:57.378720881 +0200
@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.53.0</param>
+    <param name="revision">v0.54.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.vteEgw/_old  2024-08-01 22:06:57.398721706 +0200
+++ /var/tmp/diff_new_pack.vteEgw/_new  2024-08-01 22:06:57.402721871 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param 
name="changesrevision">c55b0e6cac49c5d30abe6c0d4ccbb56932a0a45d</param></service></servicedata>
+              <param 
name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>
 (No newline at EOF)
 

++++++ build.specials.obscpio ++++++
diff: old/*: No such file or directory
diff: new/*: No such file or directory

++++++ trivy-0.53.0.tar.zst -> trivy-0.54.1.tar.zst ++++++
/work/SRC/openSUSE:Factory/trivy/trivy-0.53.0.tar.zst 
/work/SRC/openSUSE:Factory/.trivy.new.7232/trivy-0.54.1.tar.zst differ: char 7, 
line 1

++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/trivy/vendor.tar.zst 
/work/SRC/openSUSE:Factory/.trivy.new.7232/vendor.tar.zst differ: char 7, line 1

commit trivy for openSUSE:Factory

Reply via email to