Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osv-scanner for openSUSE:Factory checked in at 2026-03-25 21:19:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osv-scanner (Old) and /work/SRC/openSUSE:Factory/.osv-scanner.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osv-scanner" Wed Mar 25 21:19:33 2026 rev:43 rq:1342370 version:2.3.5 Changes: -------- --- /work/SRC/openSUSE:Factory/osv-scanner/osv-scanner.changes 2026-02-18 17:10:54.291396315 +0100 +++ /work/SRC/openSUSE:Factory/.osv-scanner.new.8177/osv-scanner.changes 2026-03-27 06:46:33.750686100 +0100 @@ -1,0 +2,52 @@ +Wed Mar 25 06:04:45 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.3.5 (.4 was not released): + * Features: + - Feature #2571 Enable transitive scanning for Python + requirements.txt files using the deps.dev API. + - Feature #2649 Add ability to allow unsafe plugins, logging a + warning when any unsafe plugin is enabled. + * Fixes: + - Bug #2630 Improve startup performance on Windows Terminal by + updating lipgloss. + - Bug #2599 Ensure the package deprecation enricher respects + the same configuration as other plugins. + - Bug #2600 Ensure the Java extractor plugin for call analysis + respects the same configuration as other plugins. + * Misc: + - Update osv-scalibr from v0.4.2 to v0.4.5. Release notes: + v0.4.3, v0.4.4, v0.4.5. + - Fix broken release workflow. + * Dependencies + - build(deps): bump github.com/cloudflare/circl from 1.6.1 to + 1.6.3 in the go_modules group across 1 directory (#2550) + - build(deps): bump github.com/docker/cli from + 28.3.3+incompatible to 29.2.0+incompatible in the go_modules + group across 1 directory (#2590) + - build(deps): bump github.com/modelcontextprotocol/go-sdk from + 1.4.0 to 1.4.1 in the go_modules group across 1 directory + (#2659) + - build(deps-dev): bump json from 2.18.1 to 2.19.2 in /docs in + the bundler group across 1 directory (#2660) + - build(deps-dev): bump nokogiri from 1.18.10 to 1.19.1 in + /docs in the bundler group across 1 directory (#2536) + - chore(deps): lock file maintenance (#2563) + - chore(deps): update alpine:3.23 docker digest to 2510918 + (#2561) + - chore(deps): update docker/setup-buildx-action action to v4 + (#2621) + - chore(deps): update golang docker tag to v1.26.1 (#2618) + - chore(deps): update ruby:3 docker digest to cddc8a7 (#2647) + - chore(deps): update workflows (#2562) + - chore(deps): update workflows (#2620) + - chore(deps): update workflows (#2648) + - chore(deps): update workflows (major) (#2569) + - fix(deps): update module + github.com/modelcontextprotocol/go-sdk to v1.3.1 [security] + (#2560) + - fix(deps): update module google.golang.org/grpc to v1.79.3 + [security] (#2655) + - fix(deps): update osv-scanner minor (#2566) + - fix(deps): update osv-scanner minor (#2619) + +------------------------------------------------------------------- Old: ---- osv-scanner-2.3.3.obscpio New: ---- osv-scanner-2.3.5.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osv-scanner.spec ++++++ --- /var/tmp/diff_new_pack.Zi2lA3/_old 2026-03-27 06:46:36.798811920 +0100 +++ /var/tmp/diff_new_pack.Zi2lA3/_new 2026-03-27 06:46:36.798811920 +0100 @@ -17,14 +17,15 @@ Name: osv-scanner -Version: 2.3.3 +Version: 2.3.5 Release: 0 Summary: Vulnerability scanner written in Go License: Apache-2.0 URL: https://github.com/google/osv-scanner Source: osv-scanner-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: go1.25 >= 1.25.7 +# 16.0 fails with go.mod requires go >= 1.26.0 (running go 1.26rc3; GOTOOLCHAIN=local) +BuildRequires: go1.26 >= 1.26.1 %description Use OSV-Scanner to find existing vulnerabilities affecting your project's ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Zi2lA3/_old 2026-03-27 06:46:36.842813736 +0100 +++ /var/tmp/diff_new_pack.Zi2lA3/_new 2026-03-27 06:46:36.846813901 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/google/osv-scanner</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.3.3</param> + <param name="revision">v2.3.5</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Zi2lA3/_old 2026-03-27 06:46:36.874815057 +0100 +++ /var/tmp/diff_new_pack.Zi2lA3/_new 2026-03-27 06:46:36.878815222 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/google/osv-scanner</param> - <param name="changesrevision">b97d1de7d8c3c7de8c11308b3d9cb5bbf3f7a0e9</param></service></servicedata> + <param name="changesrevision">30bcc134e23fbc35731021ee43ec433c483715d7</param></service></servicedata> (No newline at EOF) ++++++ osv-scanner-2.3.3.obscpio -> osv-scanner-2.3.5.obscpio ++++++ ++++ 30518 lines of diff (skipped) ++++++ osv-scanner.obsinfo ++++++ --- /var/tmp/diff_new_pack.Zi2lA3/_old 2026-03-27 06:46:38.226870867 +0100 +++ /var/tmp/diff_new_pack.Zi2lA3/_new 2026-03-27 06:46:38.230871032 +0100 @@ -1,5 +1,5 @@ name: osv-scanner -version: 2.3.3 -mtime: 1770853370 -commit: b97d1de7d8c3c7de8c11308b3d9cb5bbf3f7a0e9 +version: 2.3.5 +mtime: 1774330619 +commit: 30bcc134e23fbc35731021ee43ec433c483715d7 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/osv-scanner/vendor.tar.gz /work/SRC/openSUSE:Factory/.osv-scanner.new.8177/vendor.tar.gz differ: char 13, line 1
