Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2025-09-29 16:32:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.11973 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Mon Sep 29 16:32:50 2025 rev:16 rq:1307586 version:1.14.1 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-09-15 19:55:51.262529164 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.11973/zizmor.changes 2025-09-29 16:35:10.845857338 +0200 @@ -1,0 +2,41 @@ +Sun Sep 28 15:02:36 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.14.1: + * Bug Fixes + - Fixed a bug where the ref-version-mismatch would incorrectly + show the wrong commit SHAs in its findings (#1183) + +------------------------------------------------------------------- +Sun Sep 28 14:51:11 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.14.0: + * New Features + - New audit: ref-version-mismatch detects mismatches between + hash-pinned action references and their version comments + (#972) + * Enhancements + - zizmor no longer uses the "Unknown" severity or confidence + levels for any findings. All findings previously categorized + at these levels are now given a more meaningful level (#1164) + - The use-trusted-publishing audit now detects various Trusted + Publishing patterns for the npm ecosystem (#1161) + - The unsound-condition audit now supports auto-fixes for many + findings (#1089) + - zizmor's error handling has been restructured, improving the + quality of error messages and their associated suggestions + (#1169) + * Bug Fixes + - Fixed a bug where the cache-poisoning audit would fail to + detect some cache usage variants in newer versions of + actions/setup-node (#1152) + - Fixed a bug where the obfuscation audit would incorrectly + flag some subexpressions as constant-reducible when they were + not (#1170) + * Deprecations + - The unknown values for --min-severity and --min-confidence + are now deprecated. These values were already no-ops (and + have been since introduction), and will be removed in a + future release (#1164) + - Until removal, using these values will emit a warning. + +------------------------------------------------------------------- Old: ---- zizmor-1.13.0.obscpio New: ---- zizmor-1.14.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.LFWCRT/_old 2025-09-29 16:35:11.481884116 +0200 +++ /var/tmp/diff_new_pack.LFWCRT/_new 2025-09-29 16:35:11.485884284 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.13.0 +Version: 1.14.1 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.LFWCRT/_old 2025-09-29 16:35:11.529886136 +0200 +++ /var/tmp/diff_new_pack.LFWCRT/_new 2025-09-29 16:35:11.533886305 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.13.0</param> + <param name="revision">v1.14.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.LFWCRT/_old 2025-09-29 16:35:11.553887147 +0200 +++ /var/tmp/diff_new_pack.LFWCRT/_new 2025-09-29 16:35:11.557887315 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">bcaa1bb94e561d2f3dd1673a5865840773c62970</param></service></servicedata> + <param name="changesrevision">6c8b25171a2be4e79ce8a7e7374b547e38087ef7</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.11973/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.13.0.obscpio -> zizmor-1.14.1.obscpio ++++++ ++++ 8015 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.LFWCRT/_old 2025-09-29 16:35:12.137911734 +0200 +++ /var/tmp/diff_new_pack.LFWCRT/_new 2025-09-29 16:35:12.137911734 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.13.0 -mtime: 1757719500 -commit: bcaa1bb94e561d2f3dd1673a5865840773c62970 +version: 1.14.1 +mtime: 1758914880 +commit: 6c8b25171a2be4e79ce8a7e7374b547e38087ef7
