Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2026-04-18 21:36:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Sat Apr 18 21:36:12 2026 rev:32 rq:1347894 version:1.24.1 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2026-04-13 23:20:05.715116755 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.11940/zizmor.changes 2026-04-18 21:36:44.374462740 +0200 @@ -1,0 +2,9 @@ +Sat Apr 18 05:47:48 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.24.1: + * Bug Fixes + - Fixed a bug where the ref-version-mismatch audit would + incorrectly flag some version comments as not containing an + appropriate version (#1900) + +------------------------------------------------------------------- Old: ---- zizmor-1.24.0.obscpio New: ---- zizmor-1.24.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.czS3wU/_old 2026-04-18 21:36:46.870566088 +0200 +++ /var/tmp/diff_new_pack.czS3wU/_new 2026-04-18 21:36:46.894567081 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.24.0 +Version: 1.24.1 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.czS3wU/_old 2026-04-18 21:36:47.342585631 +0200 +++ /var/tmp/diff_new_pack.czS3wU/_new 2026-04-18 21:36:47.378587121 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.24.0</param> + <param name="revision">v1.24.1</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.czS3wU/_old 2026-04-18 21:36:47.570595071 +0200 +++ /var/tmp/diff_new_pack.czS3wU/_new 2026-04-18 21:36:47.626597390 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">d5aba605f4267b96e34775de183955ff0a3197ad</param></service></servicedata> + <param name="changesrevision">2eaf42bcccfed62978cee0905902acbc294d5123</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.11940/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.24.0.obscpio -> zizmor-1.24.1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/Cargo.lock new/zizmor-1.24.1/Cargo.lock --- old/zizmor-1.24.0/Cargo.lock 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/Cargo.lock 2026-04-13 19:40:00.000000000 +0200 @@ -1016,7 +1016,7 @@ [[package]] name = "github-actions-expressions" -version = "1.24.0" +version = "1.24.1" dependencies = [ "itertools", "pest", @@ -1030,7 +1030,7 @@ [[package]] name = "github-actions-models" -version = "1.24.0" +version = "1.24.1" dependencies = [ "indexmap", "insta", @@ -2926,7 +2926,7 @@ [[package]] name = "subfeature" -version = "1.24.0" +version = "1.24.1" dependencies = [ "memchr", "regex", @@ -3440,7 +3440,7 @@ [[package]] name = "tree-sitter-iter" -version = "1.24.0" +version = "1.24.1" dependencies = [ "tree-sitter", "tree-sitter-yaml", @@ -4364,7 +4364,7 @@ [[package]] name = "yamlpatch" -version = "1.24.0" +version = "1.24.1" dependencies = [ "indexmap", "insta", @@ -4380,7 +4380,7 @@ [[package]] name = "yamlpath" -version = "1.24.0" +version = "1.24.1" dependencies = [ "line-index", "self_cell", @@ -4504,7 +4504,7 @@ [[package]] name = "zizmor" -version = "1.24.0" +version = "1.24.1" dependencies = [ "annotate-snippets", "anstream", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/Cargo.toml new/zizmor-1.24.1/Cargo.toml --- old/zizmor-1.24.0/Cargo.toml 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/Cargo.toml 2026-04-13 19:40:00.000000000 +0200 @@ -17,15 +17,15 @@ edition = "2024" license = "MIT" rust-version = "1.88.0" -version = "1.24.0" +version = "1.24.1" [workspace.dependencies] -github-actions-expressions = { path = "crates/github-actions-expressions", version = "1.24.0" } -github-actions-models = { path = "crates/github-actions-models", version = "1.24.0" } -subfeature = { path = "crates/subfeature", version = "1.24.0" } -tree-sitter-iter = { path = "crates/tree-sitter-iter", version = "1.24.0" } -yamlpath = { path = "crates/yamlpath", version = "1.24.0" } -yamlpatch = { path = "crates/yamlpatch", version = "1.24.0" } +github-actions-expressions = { path = "crates/github-actions-expressions", version = "1.24.1" } +github-actions-models = { path = "crates/github-actions-models", version = "1.24.1" } +subfeature = { path = "crates/subfeature", version = "1.24.1" } +tree-sitter-iter = { path = "crates/tree-sitter-iter", version = "1.24.1" } +yamlpath = { path = "crates/yamlpath", version = "1.24.1" } +yamlpatch = { path = "crates/yamlpatch", version = "1.24.1" } anyhow = "1.0.102" itertools = "0.14.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/crates/zizmor/src/audit/ref_version_mismatch.rs new/zizmor-1.24.1/crates/zizmor/src/audit/ref_version_mismatch.rs --- old/zizmor-1.24.0/crates/zizmor/src/audit/ref_version_mismatch.rs 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/crates/zizmor/src/audit/ref_version_mismatch.rs 2026-04-13 19:40:00.000000000 +0200 @@ -32,8 +32,8 @@ vec![ // Matches "# tag=v2.8.0", "# tag=v6-beta", or any non-whitespace tag token. Regex::new(r"#\s*tag\s*=\s*(\S+)").unwrap(), - // Matches "# v2.8.0" and prerelease forms like "# v1.2.3-rc.1". - Regex::new(r"#\s*(v\d+(?:\.\d+)*(?:-[\w.-]+)?)").unwrap(), + // Matches "# v2.8.0" and prerelease forms like "# v1.2.3-rc.1", with or without the `v` suffix. + Regex::new(r"#\s*(v?\d+(?:\.\d+)*(?:-[\w.-]+)?)").unwrap(), // More flexible: "# version: 2.8.0" Regex::new(r"#\s*(?:version|ver)\s*[:=]\s*(v?\d+(?:\.\d+)*(?:-[\w.-]+)?)").unwrap(), ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/crates/zizmor/tests/integration/audit/ref_version_mismatch.rs new/zizmor-1.24.1/crates/zizmor/tests/integration/audit/ref_version_mismatch.rs --- old/zizmor-1.24.0/crates/zizmor/tests/integration/audit/ref_version_mismatch.rs 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/crates/zizmor/tests/integration/audit/ref_version_mismatch.rs 2026-04-13 19:40:00.000000000 +0200 @@ -187,3 +187,18 @@ Ok(()) } + +/// Bug #1899: version comments like `# 1.2.3` (without a `v` prefix) should be detected correctly. +#[cfg_attr(not(feature = "gh-token-tests"), ignore)] +#[test] +fn test_issue_1899() -> Result<()> { + insta::assert_snapshot!( + zizmor() + .offline(false) + .input(input_under_test("ref-version-mismatch/issue-1899-repro.yml")) + .run()?, + @"No findings to report. Good job!" + ); + + Ok(()) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/crates/zizmor/tests/integration/test-data/ref-version-mismatch/issue-1899-repro.yml new/zizmor-1.24.1/crates/zizmor/tests/integration/test-data/ref-version-mismatch/issue-1899-repro.yml --- old/zizmor-1.24.0/crates/zizmor/tests/integration/test-data/ref-version-mismatch/issue-1899-repro.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.24.1/crates/zizmor/tests/integration/test-data/ref-version-mismatch/issue-1899-repro.yml 2026-04-13 19:40:00.000000000 +0200 @@ -0,0 +1,17 @@ +name: ISSUE-1899-REPRO + +on: + push: + +permissions: {} + +concurrency: + group: ISSUE-1899-REPRO + cancel-in-progress: true + +jobs: + test: + name: test + runs-on: ubuntu-latest + steps: + - uses: canonical/charming-actions/check-libraries@1753e0803f70445132e92acd45c905aba6473225 # 2.7.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml new/zizmor-1.24.1/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml --- old/zizmor-1.24.0/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml 2026-04-13 19:40:00.000000000 +0200 @@ -29,3 +29,6 @@ # No finding, the tag points to another tag that points to 9d47c6ad4b02e050fd481d890b2ea34778fd09d6 - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + + # No finding, comment matches (even without v prefix) + - uses: canonical/charming-actions/check-libraries@1753e0803f70445132e92acd45c905aba6473225 # 2.7.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.24.0/docs/release-notes.md new/zizmor-1.24.1/docs/release-notes.md --- old/zizmor-1.24.0/docs/release-notes.md 2026-04-13 04:06:04.000000000 +0200 +++ new/zizmor-1.24.1/docs/release-notes.md 2026-04-13 19:40:00.000000000 +0200 @@ -9,6 +9,13 @@ ## Next (UNRELEASED) +## 1.24.1 + +### Bug Fixes 🐛 + +* Fixed a bug where the [ref-version-mismatch] audit would incorrectly flag + some version comments as not containing an appropriate version (#1900) + ## 1.24.0 ### New Features 🌈 ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.czS3wU/_old 2026-04-18 21:36:49.818688151 +0200 +++ /var/tmp/diff_new_pack.czS3wU/_new 2026-04-18 21:36:49.862689973 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.24.0 -mtime: 1776045964 -commit: d5aba605f4267b96e34775de183955ff0a3197ad +version: 1.24.1 +mtime: 1776102000 +commit: 2eaf42bcccfed62978cee0905902acbc294d5123
