Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2026-06-02 19:47:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Tue Jun 2 19:47:19 2026 rev:91 rq:1356738 version:0.71.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2026-05-28 17:28:37.295897461 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.1937/trivy.changes 2026-06-02 19:47:55.946653611 +0200 @@ -1,0 +2,70 @@ +Mon Jun 01 14:59:00 UTC 2026 - Dirk Müller <[email protected]> + +- Update to version 0.71.0 (bsc#1267268, CVE-2026-44740): + * release: v0.71.0 [main] (#10638) + * ci: use only the first line of commit message in release-please workflow (#10766) + * feat: add WithDriver and WithProvider options to ospkg detector (#10740) + * chore(deps): bump github.com/google/go-containerregistry to v0.21.6 (#10741) + * refactor(secret): normalize configPath once in Init (#10702) + * feat(secret): add Maven rules to detect passwords and passphrases in settings.xml and settings-security.xml files (#10704) + * chore(deps): bump the common group across 1 directory with 25 updates (#10758) + * chore: migrate from gomodguard to gomodguard_v2 (#10739) + * chore(deps): bump the docker group across 1 directory with 2 updates (#10709) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.302.0 to 1.303.0 in the aws group (#10752) + * ci: scope GitHub App tokens to minimum required permissions (#10755) + * chore(deps): upgrade go-redis from v8 to v9 (#10736) + * fix(misconf): fix rendering of nested values in terraform plan lists (#10746) + * fix(misconf): skip resources with no after changes (#10352) + * fix(misconf): reject nil plays during playbook parsing (#10273) + * fix(nodejs): silently skip subdirectory package.json files with invalid names (#10609) + * fix(misconf): skip null cty values in AsMapValue to prevent panic (#10723) + * refactor(misconf): replace custom Helm archive parsing with Helm SDK loaders (#10718) + * chore(deps): bump github.com/containerd/containerd/v2 to v2.3.1 (#10738) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#10686) + * fix(report): don't produce trailing comma in gitlab.tpl links array (#10728) + * fix(cloudformation): propagate AWS::EC2::Instance MetadataOptions (#10731) + * chore(deps): upgrade github.com/cenkalti/backoff dependency to v5 (#10705) + * chore: bump golangci-lint to v2.12 (#10726) + * feat(spdx): add SHA-512 hash algorithm support to SPDX serializer (#10719) + * feat(sbom): support for CycloneDX 1.7 (#10715) + * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.300.0 to 1.302.0 in the aws group (#10708) + * chore: migrate from helm.sh/helm/v3 to helm.sh/helm/v4 (#10678) + * fix(image): correctly reconstruct RUN instructions built without BuildKit (#10714) + * feat(java): support <mirrors> from settings.xml (#10692) + * fix(java): surface 429 from a remote Maven repository as a fatal error when scanning pom.xml files (#10693) + * chore: bump go to 1.26.3 (#10683) + * fix(nodejs): handle legacy license formats in npm lockfile parser (#10684) + * fix(secret): correctly skip secret-scanner config file from scanning (#10666) + * feat(ubuntu): detect Ubuntu 26.04 LTS (#10592) + * refactor(nodejs): deduplicate license traversal across package managers (#10681) + * fix: overwrite OS packages PURLs after overwrite OS (#10298) + * feat(secret): add Azure secret detection rules (#10562) + * fix(misconf): prevent path traversal in Terraform filesystem functions (#10664) + * feat(secret): add a way to customize skipped folders, files and exts (#10550) + * ci: migrate PAT tokens to GitHub App (#10628) + * chore(deps): bump the aws group across 1 directory with 6 updates (#10598) + * chore(deps): bump the docker group across 1 directory with 3 updates (#10596) + * chore(deps): bump the github-actions group across 2 directories with 9 updates (#10608) + * chore(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (#10641) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (#10648) + * ci: migrate PAT tokens to GITHUB_TOKEN for reusable-release workflow (#10655) + * feat(seal): add vendor support for language file detection. (#10297) + * fix(misconf): make identifiers in ignore rules case-insensitive (#10375) + * fix: pull instead of clone when test repo already exists (#10636) + * docs: document how to disable check.trivy.dev connections (#10623) + * docs(misconf): fix typo in misconfiguration config (#10619) + * ci: remove secrets from run block (#10590) + * docs: fix typos (#10605) + * refactor(deps): replace archived go-homedir with os.UserHomeDir (#10484) + * chore(deps): Bump `go-ini` and fix the import path. (#10489) + * chore(deps): bump the github-actions group across 2 directories with 9 updates (#10495) + * chore(deps): bump github.com/aquasecurity/testdocker (#10543) + * docs: convert README demonstration videos to mp4 (#10419) + * chore(deps): upgrade vm scan dependency for bug fix (#10575) + * docs(nodejs): clarify package.json behavior in image scanning (#10572) + * chore(deps): replace xeipuuv/gojsonschema and invopop/jsonschema with google/jsonschema-go (#10528) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 (#10554) + * chore(deps): bump alpine to 3.23.4 (#10552) + * ci(helm): bump Trivy version to 0.70.0 for Trivy Helm Chart 0.22.0 (#10547) + +------------------------------------------------------------------- @@ -4 +74,7 @@ -- update x/net to v0.55.0 (bsc#1266495, CVE-2026-39821) +- update x/net to v0.55.0 ( + bsc#1266495, CVE-2026-39821 + bsc#1267047, CVE-2026-25680, + CVE-2026-42502, + CVE-2026-27136, + CVE-2026-25681, + CVE-2026-42506) Old: ---- trivy-0.70.0.tar.zst New: ---- trivy-0.71.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.Jn10XL/_old 2026-06-02 19:48:01.338876955 +0200 +++ /var/tmp/diff_new_pack.Jn10XL/_new 2026-06-02 19:48:01.358877783 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.70.0 +Version: 0.71.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.Jn10XL/_old 2026-06-02 19:48:01.602887890 +0200 +++ /var/tmp/diff_new_pack.Jn10XL/_new 2026-06-02 19:48:01.650889878 +0200 @@ -1,5 +1,5 @@ -mtime: 1779918540 -commit: d1ac36c171c9c89e5f5f539c667e12ee5ae8786bee71adfd28acc1c57cd00b73 +mtime: 1780406044 +commit: 47caa4902260e30dc6ae15250f5a0df86bf2f1c33272c02fd73837b308a2653d url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Jn10XL/_old 2026-06-02 19:48:01.862898659 +0200 +++ /var/tmp/diff_new_pack.Jn10XL/_new 2026-06-02 19:48:01.906900482 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.70.0</param> + <param name="revision">v0.71.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> @@ -16,8 +16,6 @@ </service> <service name="go_modules" mode="manual"> <param name="compression">zst</param> - <param name="replace">github.com/go-git/go-git/v5=github.com/go-git/go-git/[email protected]</param> - <param name="replace">golang.org/x/crypto=golang.org/x/[email protected]</param> <param name="replace">golang.org/x/net=golang.org/x/[email protected]</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Jn10XL/_old 2026-06-02 19:48:02.154910754 +0200 +++ /var/tmp/diff_new_pack.Jn10XL/_new 2026-06-02 19:48:02.182911914 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">8a3177aedf7ee0864920eb1852eef031cd3742b8</param></service></servicedata> + <param name="changesrevision">9b49920eebb2bf648ba54211617d6078f6105594</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-02 15:14:04.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ trivy-0.70.0.tar.zst -> trivy-0.71.0.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.70.0.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1937/trivy-0.71.0.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1937/vendor.tar.zst differ: char 7, line 1
