Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osv-scanner for openSUSE:Factory checked in at 2026-05-04 12:50:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osv-scanner (Old) and /work/SRC/openSUSE:Factory/.osv-scanner.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osv-scanner" Mon May 4 12:50:46 2026 rev:44 rq:1350339 version:2.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/osv-scanner/osv-scanner.changes 2026-03-27 06:46:33.750686100 +0100 +++ /work/SRC/openSUSE:Factory/.osv-scanner.new.30200/osv-scanner.changes 2026-05-04 12:53:30.077440484 +0200 @@ -1,0 +2,22 @@ +Fri May 01 07:47:25 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.3.6: + * Features: + - Feature #2658 Support regex matching for package name + overrides. + - Feature #2510 Scan Homebrew inventory using git repository + metadata. + * Fixes: + - Bug #2750 Sanitize \r/\n in default/table/vertical output to + prevent GitHub Actions workflow command injection. + - Bug #2641 Correctly output packages from osv-scanner.json + source in spdx format. + - Bug #2729 Increase color contrast of vulnerability stats. + - Bug #2664 Remove second newline at end of vertical output. + - Bug #2669 Sanitize \r in gh-annotations to prevent GitHub + Actions workflow command injection. + * Misc: + - Update osv-scalibr to v0.4.6-0.20260428235529-7791e288d6c1. + - Update Go version to 1.26.2 (#2706). + +------------------------------------------------------------------- Old: ---- osv-scanner-2.3.5.obscpio New: ---- osv-scanner-2.3.6.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osv-scanner.spec ++++++ --- /var/tmp/diff_new_pack.Km3FwV/_old 2026-05-04 12:53:31.513499588 +0200 +++ /var/tmp/diff_new_pack.Km3FwV/_new 2026-05-04 12:53:31.513499588 +0200 @@ -17,15 +17,14 @@ Name: osv-scanner -Version: 2.3.5 +Version: 2.3.6 Release: 0 Summary: Vulnerability scanner written in Go License: Apache-2.0 URL: https://github.com/google/osv-scanner Source: osv-scanner-%{version}.tar.gz Source1: vendor.tar.gz -# 16.0 fails with go.mod requires go >= 1.26.0 (running go 1.26rc3; GOTOOLCHAIN=local) -BuildRequires: go1.26 >= 1.26.1 +BuildRequires: go1.26 >= 1.26.2 %description Use OSV-Scanner to find existing vulnerabilities affecting your project's ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Km3FwV/_old 2026-05-04 12:53:31.565501729 +0200 +++ /var/tmp/diff_new_pack.Km3FwV/_new 2026-05-04 12:53:31.577502222 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/google/osv-scanner</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.3.5</param> + <param name="revision">v2.3.6</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Km3FwV/_old 2026-05-04 12:53:31.617503869 +0200 +++ /var/tmp/diff_new_pack.Km3FwV/_new 2026-05-04 12:53:31.621504033 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/google/osv-scanner</param> - <param name="changesrevision">30bcc134e23fbc35731021ee43ec433c483715d7</param></service></servicedata> + <param name="changesrevision">c48ab012a628e14d14375e72b0397e555d7120d5</param></service></servicedata> (No newline at EOF) ++++++ osv-scanner-2.3.5.obscpio -> osv-scanner-2.3.6.obscpio ++++++ ++++ 203552 lines of diff (skipped) ++++++ osv-scanner.obsinfo ++++++ --- /var/tmp/diff_new_pack.Km3FwV/_old 2026-05-04 12:53:33.705589809 +0200 +++ /var/tmp/diff_new_pack.Km3FwV/_new 2026-05-04 12:53:33.713590138 +0200 @@ -1,5 +1,5 @@ name: osv-scanner -version: 2.3.5 -mtime: 1774330619 -commit: 30bcc134e23fbc35731021ee43ec433c483715d7 +version: 2.3.6 +mtime: 1777593061 +commit: c48ab012a628e14d14375e72b0397e555d7120d5 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/osv-scanner/vendor.tar.gz /work/SRC/openSUSE:Factory/.osv-scanner.new.30200/vendor.tar.gz differ: char 13, line 1
