Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2026-05-15 23:55:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Fri May 15 23:55:05 2026 rev:33 rq:1353326 version:1.25.0 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2026-04-18 21:36:44.374462740 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.1966/zizmor.changes 2026-05-15 23:55:57.567158304 +0200 @@ -1,0 +2,74 @@ +Fri May 15 07:31:11 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.25.0: + * New Features + - zizmor's finding severities can now be remapped on a + per-audit basis. See the configuration for details (#1913) + - New audit: github-app detects dangerous usages of GitHub App + installation tokens (#1926) + - New audit: [unpinned-tools] detects actions that install + tools without pinning to a specific version (#1820) + - zizmor now accepts the --no-ignores flag to disable all + ignore comments and configurations when reporting findings + (#1935) + - zizmor's LSP now honors the --persona flag on the CLI (#1943) + - zizmor is now aware of Docker-based action definitions, in + addition to the pre-existing support for "composite" actions + (#1965) + * Enhancements + - Recommend gh issue edit --add-label / gh pr edit --add-label + as a replacement for actions-ecosystem/action-add-labels in + superfluous-actions + - Recommend gh issue edit --remove-label / gh pr edit + --remove-label as a replacement for + actions-ecosystem/action-remove-labels in superfluous-actions + - Recommend jq as a replacement for sergeysova/jq-action in + superfluous-actions + - Recommend git add, git commit, and git push as a replacement + for stefanzweifel/git-auto-commit-action in + superfluous-actions + - Recommend git add, git commit, and git push as a replacement + for EndBug/add-and-commit in superfluous-actions + - tibdex/github-app-token is now recognized as an archived + action by archived-uses (#1910) + - The [dangerous-triggers] audit now explicitly exempts + workflows that only invoke actions/labeler (#1956) + - The unpinned-images audit now detects unpinned image + references in Docker-based action definitions (#1965) + - zizmor's SARIF output now provides slightly more detailed + finding messages (#1972) + - The archived-uses audit now detects more archived actions + (#1978) + - deno is now recognized as a package-ecosystem in + dependabot.yml (#1991) + * Performance Improvements + - The impostor-commit audit is now significantly faster (in + addition to being more correct) when the user has pinned + their action to a tag SHA instead of a commit SHA (#1998) + * Bug Fixes + - Fixed a crash in the template-injection audit when a workflow + uses a parenthesized compound expression in context position + (#1904) + - Fixed a bug where local directory input collection could miss + workflows for relative-path invocations from within .github + subdirectories (#1909) + - Fixed a bug where the unpinned-images audit would miss images + defined in container: clauses (#1944) + - Fixed a bug where inline ignore comments could not be easily + applied to superfluous-actions findings (#1945) + - Fixed a bug where the cache-poisoning audit would fail to + detect some release trigger patterns (#1946) + - Fixed a bug where inline ignore comments could not be easily + applied to cache-poisoning findings (#1962) + - Fixed a class of imprecisions where the cache-poisoning audit + would incorrectly flag cache usage that doesn't actually + occur on release events (#1940) + - Fixed a bug where dependabot.yml files containing a private + cargo repository couldn't be parsed (#1976) + - Fixed a bug where zizmor's input validation warnings lacked a + mention of which files failed to validate (#1980) + - Fixed a bug where the impostor-commit audit would falsely + indicate impostor commits if an action was pinned to a tag + SHA instead of a commit SHA (#1998) + +------------------------------------------------------------------- Old: ---- zizmor-1.24.1.obscpio New: ---- zizmor-1.25.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.CLEIDs/_old 2026-05-15 23:55:59.939255950 +0200 +++ /var/tmp/diff_new_pack.CLEIDs/_new 2026-05-15 23:55:59.955256609 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.24.1 +Version: 1.25.0 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.CLEIDs/_old 2026-05-15 23:56:00.315271428 +0200 +++ /var/tmp/diff_new_pack.CLEIDs/_new 2026-05-15 23:56:00.355273075 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.24.1</param> + <param name="revision">v1.25.0</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.CLEIDs/_old 2026-05-15 23:56:00.547280979 +0200 +++ /var/tmp/diff_new_pack.CLEIDs/_new 2026-05-15 23:56:00.587282626 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">2eaf42bcccfed62978cee0905902acbc294d5123</param></service></servicedata> + <param name="changesrevision">ee075979c40cc6b8278bc0215477d03d65c80980</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.1966/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.24.1.obscpio -> zizmor-1.25.0.obscpio ++++++ ++++ 8229 lines of diff (skipped) ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.CLEIDs/_old 2026-05-15 23:56:03.079385212 +0200 +++ /var/tmp/diff_new_pack.CLEIDs/_new 2026-05-15 23:56:03.131387352 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.24.1 -mtime: 1776102000 -commit: 2eaf42bcccfed62978cee0905902acbc294d5123 +version: 1.25.0 +mtime: 1778791090 +commit: ee075979c40cc6b8278bc0215477d03d65c80980
