Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2026-07-06 12:29:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.1982 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Mon Jul 6 12:29:02 2026 rev:96 rq:1363713 version:0.72.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2026-06-30 15:12:02.537216227 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.1982/trivy.changes 2026-07-06 12:30:40.343932658 +0200 @@ -1,0 +2,50 @@ +Fri Jul 03 15:12:16 UTC 2026 - Dirk Müller <[email protected]> + +- Update to version 0.72.0: + * release: v0.72.0 [main] (#10782) + * test: close plugin manager in tests cleanup (#10904) + * Merge commit from fork + * feat(bottlerocket): add vulnerability matching for Bottlerocket OS (#10893) + * fix(misconf): support github_repository_vulnerability_alerts resource (#10680) + * feat(java): detect JAR licenses from packaged LICENSE files (#10856) + * fix(nodejs): parse project dependencies from multi-document pnpm-lock.yaml (#10861) + * fix(server): propagate package repository class in client/server mode (#10874) + * chore(deps): bump github.com/containerd/containerd/v2 from 2.3.1 to 2.3.2 (#10888) + * fix(vuln): fall back to UNKNOWN severity when vulnerability details are missing (#10795) + * feat(java): detect JAR licenses from the embedded pom.xml (#10851) + * chore(deps): Upgrade github.com/cenkalti/backoff to v6 (#10863) + * ci(helm): bump Trivy version to 0.71.2 for Trivy Helm Chart 0.23.2 (#10873) + * chore(deps): bump alpine to 3.24.1 (#10868) + * docs: fix article typo in plugin developer guide (#10860) + * feat(misconf): Adds CloudFront standard logging v2 support to AVD-AWS-0010 (#10848) + * docs: fix typos (#10857) + * fix(terraform): avoid data race on global getter.Getters in remote module resolver (#10843) + * feat(secret): support new stateless format for GitHub App installation tokens (#10826) + * fix: correct format verbs in diagnostic messages (#10805) + * ci(helm): bump Trivy version to 0.71.1 for Trivy Helm Chart 0.23.1 (#10845) + * refactor: use ParseErrorsAllowlist instead of ParseErrorsWhitelist (#10830) + * docs: fix repository scan heading typo (#10828) + * Merge commit from fork + * fix: forward ospkg detector options through ospkg.NewScanner (#10811) + * chore(deps): bump github.com/bufbuild/buf to v1.70.0 (#10801) + * fix(vex): load VEX documents from within the repository directory (#10820) + * ci!: migrate docker config to dockers_v2 (#10783) + * feat(dotnet): detect bundled runtime in self-contained deployments (#10786) + * feat(secret): add OpenAI secret detection rules (#10798) + * ci: expect GitHub App bot as backport PR author (#10813) + * fix: surface the original analysis error instead of context cancellation (#10793) + * chore(deps): bump the github-actions group across 1 directory with 11 updates (#10803) + * chore(deps): bump the common group with 4 updates (#10797) + * chore(deps): bump the aws group with 4 updates (#10796) + * fix: use random suffix for process temp directory instead of PID (#10431) + * docs: update signature verification for deb and rpm packages (#10784) + * fix(image): lookup origin layer for custom resources in merged layers (#10788) + * test: fix flaky containerd integration test (#10760) + * ci: bump GoReleaser to v2.16.0 (#10774) + * docs: fix broken nixpkgs reference link in installation guide (#10776) + * test(java): force offline-scan for client/server integration tests (#10721) + * fix(image): deterministic OS package deduplication for images with embedded SBOMs (#10777) + * fix(spdx): guard against nil root component in SPDX marshaler (#10771) + * ci(helm): bump Trivy version to 0.71.0 for Trivy Helm Chart 0.23.0 (#10768) + +------------------------------------------------------------------- Old: ---- trivy-0.71.2.tar.zst New: ---- trivy-0.72.0.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.fW9Ib2/_old 2026-07-06 12:30:41.855985135 +0200 +++ /var/tmp/diff_new_pack.fW9Ib2/_new 2026-07-06 12:30:41.859985274 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.71.2 +Version: 0.72.0 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.fW9Ib2/_old 2026-07-06 12:30:41.911987079 +0200 +++ /var/tmp/diff_new_pack.fW9Ib2/_new 2026-07-06 12:30:41.915987218 +0200 @@ -1,5 +1,5 @@ -mtime: 1782681094 -commit: 662df950767b4edf03c2c1b137e1565aee87cb2b29c480062b998d72975eedc0 +mtime: 1783092272 +commit: 5a953208a3ef381606b133be161da5eef075018a696318cf37ece0cacf3c0217 url: https://src.opensuse.org/dirkmueller/trivy.git revision: factory ++++++ _service ++++++ --- /var/tmp/diff_new_pack.fW9Ib2/_old 2026-07-06 12:30:41.939988051 +0200 +++ /var/tmp/diff_new_pack.fW9Ib2/_new 2026-07-06 12:30:41.943988189 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.71.2</param> + <param name="revision">v0.72.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> @@ -16,7 +16,6 @@ </service> <service name="go_modules" mode="manual"> <param name="compression">zst</param> - <param name="replace">github.com/containerd/containerd/v2=github.com/containerd/containerd/[email protected]</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.fW9Ib2/_old 2026-07-06 12:30:41.967989022 +0200 +++ /var/tmp/diff_new_pack.fW9Ib2/_new 2026-07-06 12:30:41.971989161 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">055a5c8a53bfd61f7a8e276a5b2f0c3fc1673420</param></service></servicedata> + <param name="changesrevision">8a32853686209a428179bb3a1688802b25691564</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-07-03 17:24:32.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ trivy-0.71.2.tar.zst -> trivy-0.72.0.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.71.2.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1982/trivy-0.72.0.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.1982/vendor.tar.zst differ: char 7, line 1
