Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package osv-scanner for openSUSE:Factory
checked in at 2025-06-16 11:47:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/osv-scanner (Old)
and /work/SRC/openSUSE:Factory/.osv-scanner.new.19631 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osv-scanner"
Mon Jun 16 11:47:24 2025 rev:32 rq:1285992 version:2.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/osv-scanner/osv-scanner.changes 2025-04-30
19:05:38.833489974 +0200
+++ /work/SRC/openSUSE:Factory/.osv-scanner.new.19631/osv-scanner.changes
2025-06-16 11:47:26.230544401 +0200
@@ -1,0 +2,59 @@
+Mon Jun 16 06:42:00 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 2.0.3:
+ * Features:
+ - Feature #1943 Added a flag to suppress "no package sources
+ found" error.
+ - Feature #1844 Allow flags to be passed after scan targets,
+ e.g. osv-scanner ./scan-this-dir --format=vertical, by
+ updating to cli/v3
+ - Feature #1882 Added a stable tag to container images for
+ releases that follow semantic versioning.
+ - Feature #1846 Experimental: Add --experimental-extractors and
+ --experimental-disable-extractors flags to allow for more
+ granular control over which OSV-Scalibr dependency extractors
+ are used.
+ * Fixes:
+ - Bug #1856 Improve XML output by guessing and matching the
+ indentation of existing <dependency> elements.
+ - Bug #1850 Prevent escaping of single quotes in XML attributes
+ for better readability and correctness.
+ - Bug #1922 Prevent a potential panic in MatchVulnerabilities
+ when the API response is nil, particularly on timeout.
+ - Bug #1916 Add the "ubuntu" namespace to the debian purl type
+ to correctly parse dpkg BOMs generated on Ubuntu.
+ - Bug #1871 Ensure inventories are sorted by PURL in addition
+ to name and version to prevent incorrect deduplication of
+ packages.
+ - Bug #1919 Improve error reporting by including the underlying
+ error when the response body from a Maven registry cannot be
+ read.
+ - Bug #1857 Fix an issue where SPDX output is not correctly
+ outputted because it was getting overwritten.
+ - Bug #1873 Fix the GitHub Action to not ignore general errors
+ during execution.
+ - Bug #1955 Fix issue causing error messages to be spammed when
+ not running in a git repository.
+ - Bug #1930 Fix issue where Maven client loses auth data during
+ extraction.
+ * Misc:
+ - Update dependencies and updated golang to 1.24.4
+ - fix(deps): update osv-scanner minor (#1951)
+ - chore(deps): update golang docker tag to v1.24.4 (#1933)
+ - chore(deps): update github/codeql-action action to v3.29.0
+ (#1932)
+ - fix(deps): update osv-scanner minor (#1914)
+ - chore(deps): update ossf/scorecard-action action to v2.4.2
+ (#1915)
+ - chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 in
+ /experimental/javareach in the go_modules group across 1
+ directory (#1811)
+ - chore(deps): update golangci/golangci-lint-action action to
+ v8 (#1766)
+ - fix(deps): update osv-scanner minor (#1863)
+ - chore(deps): update workflows (#1837)
+ - chore(deps): lock file maintenance (#1838)
+ - chore(deps): update golang docker tag to v1.24.3 (#1864)
+ - fix(deps): update osv-scanner minor (#1836)
+
+-------------------------------------------------------------------
Old:
----
osv-scanner-2.0.2.obscpio
New:
----
osv-scanner-2.0.3.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ osv-scanner.spec ++++++
--- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:28.886662138 +0200
+++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:28.898662670 +0200
@@ -17,7 +17,7 @@
Name: osv-scanner
-Version: 2.0.2
+Version: 2.0.3
Release: 0
Summary: Vulnerability scanner written in Go
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:28.962665507 +0200
+++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:28.970665862 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/google/osv-scanner</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v2.0.2</param>
+ <param name="revision">v2.0.3</param>
<param name="match-tag">v*</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:29.006667458 +0200
+++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:29.010667635 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/google/osv-scanner</param>
- <param
name="changesrevision">a2a23858b9650035f019219937f91ae615474b4d</param></service></servicedata>
+ <param
name="changesrevision">4f77b30556bb6d171b5d55f01da4fb0261b9da7d</param></service></servicedata>
(No newline at EOF)
++++++ osv-scanner-2.0.2.obscpio -> osv-scanner-2.0.3.obscpio ++++++
++++ 16497 lines of diff (skipped)
++++++ osv-scanner.obsinfo ++++++
--- /var/tmp/diff_new_pack.RwfE6B/_old 2025-06-16 11:47:29.958709659 +0200
+++ /var/tmp/diff_new_pack.RwfE6B/_new 2025-06-16 11:47:29.962709836 +0200
@@ -1,5 +1,5 @@
name: osv-scanner
-version: 2.0.2
-mtime: 1745992070
-commit: a2a23858b9650035f019219937f91ae615474b4d
+version: 2.0.3
+mtime: 1750038914
+commit: 4f77b30556bb6d171b5d55f01da4fb0261b9da7d
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/osv-scanner/vendor.tar.gz
/work/SRC/openSUSE:Factory/.osv-scanner.new.19631/vendor.tar.gz differ: char
13, line 1
