Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osv-scanner for openSUSE:Factory checked in at 2025-06-16 11:47:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osv-scanner (Old) and /work/SRC/openSUSE:Factory/.osv-scanner.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osv-scanner" Mon Jun 16 11:47:24 2025 rev:32 rq:1285992 version:2.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/osv-scanner/osv-scanner.changes 2025-04-30 19:05:38.833489974 +0200 +++ /work/SRC/openSUSE:Factory/.osv-scanner.new.19631/osv-scanner.changes 2025-06-16 11:47:26.230544401 +0200 @@ -1,0 +2,59 @@ +Mon Jun 16 06:42:00 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- Update to version 2.0.3: + * Features: + - Feature #1943 Added a flag to suppress "no package sources + found" error. + - Feature #1844 Allow flags to be passed after scan targets, + e.g. osv-scanner ./scan-this-dir --format=vertical, by + updating to cli/v3 + - Feature #1882 Added a stable tag to container images for + releases that follow semantic versioning. + - Feature #1846 Experimental: Add --experimental-extractors and + --experimental-disable-extractors flags to allow for more + granular control over which OSV-Scalibr dependency extractors + are used. + * Fixes: + - Bug #1856 Improve XML output by guessing and matching the + indentation of existing <dependency> elements. + - Bug #1850 Prevent escaping of single quotes in XML attributes + for better readability and correctness. + - Bug #1922 Prevent a potential panic in MatchVulnerabilities + when the API response is nil, particularly on timeout. + - Bug #1916 Add the "ubuntu" namespace to the debian purl type + to correctly parse dpkg BOMs generated on Ubuntu. + - Bug #1871 Ensure inventories are sorted by PURL in addition + to name and version to prevent incorrect deduplication of + packages. + - Bug #1919 Improve error reporting by including the underlying + error when the response body from a Maven registry cannot be + read. + - Bug #1857 Fix an issue where SPDX output is not correctly + outputted because it was getting overwritten. + - Bug #1873 Fix the GitHub Action to not ignore general errors + during execution. + - Bug #1955 Fix issue causing error messages to be spammed when + not running in a git repository. + - Bug #1930 Fix issue where Maven client loses auth data during + extraction. + * Misc: + - Update dependencies and updated golang to 1.24.4 + - fix(deps): update osv-scanner minor (#1951) + - chore(deps): update golang docker tag to v1.24.4 (#1933) + - chore(deps): update github/codeql-action action to v3.29.0 + (#1932) + - fix(deps): update osv-scanner minor (#1914) + - chore(deps): update ossf/scorecard-action action to v2.4.2 + (#1915) + - chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 in + /experimental/javareach in the go_modules group across 1 + directory (#1811) + - chore(deps): update golangci/golangci-lint-action action to + v8 (#1766) + - fix(deps): update osv-scanner minor (#1863) + - chore(deps): update workflows (#1837) + - chore(deps): lock file maintenance (#1838) + - chore(deps): update golang docker tag to v1.24.3 (#1864) + - fix(deps): update osv-scanner minor (#1836) + +------------------------------------------------------------------- Old: ---- osv-scanner-2.0.2.obscpio New: ---- osv-scanner-2.0.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osv-scanner.spec ++++++ --- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:28.886662138 +0200 +++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:28.898662670 +0200 @@ -17,7 +17,7 @@ Name: osv-scanner -Version: 2.0.2 +Version: 2.0.3 Release: 0 Summary: Vulnerability scanner written in Go License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:28.962665507 +0200 +++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:28.970665862 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/google/osv-scanner</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.0.2</param> + <param name="revision">v2.0.3</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:29.006667458 +0200 +++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:29.010667635 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/google/osv-scanner</param> - <param name="changesrevision">a2a23858b9650035f019219937f91ae615474b4d</param></service></servicedata> + <param name="changesrevision">4f77b30556bb6d171b5d55f01da4fb0261b9da7d</param></service></servicedata> (No newline at EOF) ++++++ osv-scanner-2.0.2.obscpio -> osv-scanner-2.0.3.obscpio ++++++ ++++ 16497 lines of diff (skipped) ++++++ osv-scanner.obsinfo ++++++ --- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:29.958709659 +0200 +++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:29.962709836 +0200 @@ -1,5 +1,5 @@ name: osv-scanner -version: 2.0.2 -mtime: 1745992070 -commit: a2a23858b9650035f019219937f91ae615474b4d +version: 2.0.3 +mtime: 1750038914 +commit: 4f77b30556bb6d171b5d55f01da4fb0261b9da7d ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/osv-scanner/vendor.tar.gz /work/SRC/openSUSE:Factory/.osv-scanner.new.19631/vendor.tar.gz differ: char 13, line 1