Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package copacetic for openSUSE:Factory checked in at 2026-05-07 15:44:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/copacetic (Old) and /work/SRC/openSUSE:Factory/.copacetic.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "copacetic" Thu May 7 15:44:14 2026 rev:7 rq:1351286 version:0.14.0 Changes: -------- --- /work/SRC/openSUSE:Factory/copacetic/copacetic.changes 2026-01-12 10:32:45.865754104 +0100 +++ /work/SRC/openSUSE:Factory/.copacetic.new.1966/copacetic.changes 2026-05-07 15:45:33.952570187 +0200 @@ -1,0 +2,92 @@ +Wed May 06 07:12:02 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.14.0: + * Features + - Go binary patching — patch vulnerable Go binaries by + rebuilding from source with updated stdlib/deps (#1388) + - Arch Linux support — pacman package manager (#1467) + - RPM chroot-based patching — patch RPM images that are missing + a package manager (#1473) + - Python virtual environment patching — support venv-based + site-packages via PkgPath (#1485) + - Bulk patching improvements — skip detection and + cross-registry support (#1475) + - Test environment utilities for BuildKit integration tests + (#1399) + - Demo recordings + asciinema player added to the website + (#1453) + - Patch summary output showing total/patched/skipped + vulnerabilities (#1517) + - Fallback source resolution for Go binary patching on + stripped/distroless images (#1546) + * Security hardening + - Bump otel/sdk to fix CVE-2026-24051 (#1483) + - Validate RPM package names before distroless shell execution + (#1541) + - Validate RPM package names in dnf chroot path (#1529) + - Validate Node.js npm tarballs before extraction (#1533) + - Prevent Node.js shell injection via untrusted package paths + (#1538) + - Validate .NET deps.json script inputs to prevent command + injection (#1537) + - Prevent Go module flag injection via leading-dash names + (#1526) + - Prevent tag-based command injection in release workflow + (#1535) + - Codebase audit hardening (#1507) + - Prevent apt option injection from distroless package names + (#1540) + - Cap buffered patch layer size to mitigate memory DoS (#1543) + - Block self-hosted build workflow jobs on forked PRs (#1539) + - Replace label-gated trusted-fork workflow with native fork PR + approval (#1582, supersedes #1572, #1573) + - Reject whitespace/control chars in Go binary path validation + (#1586) + * Bug fixes + - VEX: use installed version in PURLs and add distro qualifier + for BOM-VEX correlation (#1552) + - Avoid masking package manager failures as no-updates (#1530) + - Restore strict multi-platform failure behavior when + ignore-errors=false (#1532) + - Suppress NU1605 in generated patch.csproj for .NET (#1557) + - Filter App.Runtime images in .NET patching (#1501) + - Replace npm install with direct tarball replacement (#1479) + - Resolve TUI freeze and CLI deadlock on early build errors + (#1505) + - Close progress channel when no platforms need patching + (#1528) + - Migrate docker/docker to moby/moby/client (#1525) + - Go patching log levels (#1516) + - Keep frontend.Dockerfile Go version aligned with go.mod and + harden release pipeline (#1571) + * Dependency upgrades + - BuildKit 0.28.1 (#1512) + - Trivy v0.69.3 + OpenTelemetry-Go v1.43.0 (#1558) + - google.golang.org/grpc 1.78.0 → 1.79.3 (#1480, #1502) + - github.com/quay/claircore 1.5.45 → 1.5.52 (#1442, #1464, + #1518) + - github.com/google/go-containerregistry 0.20.7 → 0.21.3 + (#1520) + - k8s.io/apimachinery 0.35.0 → 0.35.2 (#1470, #1487) + - testcontainers-go 0.38.0 → 0.40.0 (#1438) + - Plus dependabot bumps for dependency groups across the + project + * Internal / CI + - Refactor: structured rebuildFailure replaces rebuildErrors + []string in langmgr (#1560) + - Stabilize CI — golangci-lint alignment, deterministic tests, + network retries (#1477) + - Pin BuildKit version and set explicit DNS for + podman/container env (#1563) + - Pin scanner-plugin-template dependency in build workflow + (#1544) + * Docs + - Improve buildkit-frontend examples (#1498) + - Generate v0.13.x docs (#1437) + - Remove Microsoft support policy section from SUPPORT.md + (#1455) + - Update website footer to LF Projects Series LLC trademark + disclaimer (#1566) + - add Verity to Copa CLI adopters (#1583) + +------------------------------------------------------------------- Old: ---- copacetic-0.13.0.obscpio New: ---- copacetic-0.14.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ copacetic.spec ++++++ --- /var/tmp/diff_new_pack.7JkZe6/_old 2026-05-07 15:45:34.988612696 +0200 +++ /var/tmp/diff_new_pack.7JkZe6/_new 2026-05-07 15:45:34.992612860 +0200 @@ -18,14 +18,14 @@ %define executable_name copa Name: copacetic -Version: 0.13.0 +Version: 0.14.0 Release: 0 Summary: CLI tool for directly patching container images using reports from vulnerability scanners License: Apache-2.0 URL: https://github.com/project-copacetic/copacetic Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: golang(API) >= 1.25 +BuildRequires: go1.25 >= 1.25.9 %description copa is a CLI tool written in Go and based on buildkit that can be used to ++++++ _service ++++++ --- /var/tmp/diff_new_pack.7JkZe6/_old 2026-05-07 15:45:35.052615322 +0200 +++ /var/tmp/diff_new_pack.7JkZe6/_new 2026-05-07 15:45:35.060615651 +0200 @@ -5,7 +5,7 @@ <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> - <param name="revision">v0.13.0</param> + <param name="revision">v0.14.0</param> <param name="changesgenerate">enable</param> </service> <service name="set_version" mode="manual"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.7JkZe6/_old 2026-05-07 15:45:35.104617456 +0200 +++ /var/tmp/diff_new_pack.7JkZe6/_new 2026-05-07 15:45:35.112617784 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/project-copacetic/copacetic</param> - <param name="changesrevision">28c466e5538f34bd86178704beb08b12ba9b662a</param></service></servicedata> + <param name="changesrevision">5017a8a0342a4492f5eb7dffacebc1b5d8324be6</param></service></servicedata> (No newline at EOF) ++++++ copacetic-0.13.0.obscpio -> copacetic-0.14.0.obscpio ++++++ ++++ 27937 lines of diff (skipped) ++++++ copacetic.obsinfo ++++++ --- /var/tmp/diff_new_pack.7JkZe6/_old 2026-05-07 15:45:36.384669977 +0200 +++ /var/tmp/diff_new_pack.7JkZe6/_new 2026-05-07 15:45:36.424671618 +0200 @@ -1,5 +1,5 @@ name: copacetic -version: 0.13.0 -mtime: 1767994578 -commit: 28c466e5538f34bd86178704beb08b12ba9b662a +version: 0.14.0 +mtime: 1777974011 +commit: 5017a8a0342a4492f5eb7dffacebc1b5d8324be6 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/copacetic/vendor.tar.gz /work/SRC/openSUSE:Factory/.copacetic.new.1966/vendor.tar.gz differ: char 13, line 1
