Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2022-06-23 10:25:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Thu Jun 23 10:25:11 2022 rev:26 rq:984654 version:0.29.1 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2022-05-23 15:52:03.182663764 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.1548/trivy.changes 2022-06-23 10:25:49.279841105 +0200 @@ -1,0 +2,94 @@ +Wed Jun 22 11:15:35 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.29.1: + * fix(report): add required fields to the SARIF template (#2341) + * chore: fix spelling errors (#2352) + * Omit Remediation if PrimaryURL is empty (#2006) + * docs(repo): Link to installation documentation in readme shows 404 (#2348) + * feat(alma): support for scanning of modular packages for AlmaLinux (#2347) + +------------------------------------------------------------------- +Wed Jun 22 08:31:01 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.29.0: + * fix(lang): fix dependency graph in client server mode (#2336) + * feat: allow expiration date for .trivyignore entries (#2332) + * feat(lang): add dependency origin graph (#1970) + * docs: update nix installation info (#2331) + * feat: add rbac scanning support (#2328) + * refactor: move WordPress module to another repository (#2329) + * ci: add support for ppc64le (#2281) + * feat: add support for WASM modules (#2195) + * feat(secret): show recommendation for slow scanning (#2051) + * fix(flag): remove --clear-cache flag client mode (#2301) + * fix(java): added check for looping for variable evaluation in pom file (#2322) + * BREAKING(k8s): change CLI API (#2186) + * feat(alpine): add Alpine Linux 3.16 (#2319) + * docs: bump trivy-operator to v0.0.7 (#2320) + * ci: add `go mod tidy` check (#2314) + * chore: run `go mod tidy` (#2313) + * fix: do not exit if one resource is not found (#2311) + * feat(cli): use stderr for all log messages (resolve #381) (#2289) + * test: replace deprecated subcommand client in integration tests (#2308) + * feat: add support for containerd (#2305) + * fix(kubernetes): Support floats in manifest yaml (#2297) + * docs(kubernetes): dead links (#2307) + * chore: add license label (#2304) + * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293) + * feat(helm): add pod annotations (#2272) + * refactor: do not import defsec in fanal types package (#2292) + * feat(report): Add misconfiguration support to ASFF report template (#2285) + * test: use images in GHCR (#2275) + * feat(helm): support pod annotations (#2265) + * feat(misconf): Helm chart scanning (#2269) + * docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267) + * fix: mask redis credentials when logging (#2264) + * refactor: extract commands Runner interface (#2147) + * chore(deps): bump alpine from 3.15.4 to 3.16.0 (#2234) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.2 to 0.6.0 (#2245) + * docs: update operator release (#2263) + * chore(deps): bump github.com/urfave/cli/v2 from 2.6.0 to 2.8.1 (#2243) + * feat(redhat): added architecture check (#2172) + * docs: updating links in the docs to work again (#2256) + * docs: fix readme (#2251) + * fix: fixed incorrect CycloneDX output format (#2255) + * chore(deps): bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.3 (#2241) + * chore(deps): bump github.com/samber/lo from 1.19.0 to 1.21.0 (#2242) + * chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#2240) + * chore(deps): bump docker/setup-buildx-action from 1 to 2 (#2238) + * chore(deps): bump docker/setup-qemu-action from 1 to 2 (#2236) + * chore(deps): bump golang from 1.18.1 to 1.18.2 (#2235) + * chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#2237) + * chore(deps): bump docker/login-action from 1 to 2 (#2239) + * chore(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.1 (#2246) + * refactor(deps): move dependencies to package (#2189) + * fix(report): change github format version to required (#2229) + * docs: update readme (#2110) + * docs: added information about choosing advisory database (#2212) + * chore: update trivy-kubernetes (#2224) + * docs: clarifying parts of the k8s docs and updating links (#2222) + * fix(k8s): timeout error logging (#2179) + * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214) + * feat(k8s): add --context flag (#2171) + * fix(k8s): properly instantiate TableWriter (#2175) + * test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) + * chore: update labels (#2197) + * fix(report): fixed panic if all misconf reports were removed in filter (#2188) + * feat(k8s): scan secrets (#2178) + * feat(report): GitHub Dependency Snapshots support (#1522) + * feat(db): added insecure skip tls verify to download trivy db (#2140) + * fix(redhat): always use vulns with fixed version if there is one (#2165) + * chore(redhat): Add support for Red Hat UBI 9. (#2183) + * fix(k8s): update trivy-kubernetes (#2163) + * fix misconfig start line for code quality tpl (#2181) + * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176) + * docs(vuln): Include GitLab 15.0 integration (#2153) + * docs: fix the operator version (#2167) + * fix(k8s): summary report when when only vulns exit (#2146) + * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156) + * perf(misconf): Improve performance when scanning very large files (#2152) + * docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150) + * chore(deps): Update fanal (for less verbose code in misconf results) (#2151) + * docs: fixed installation instruction for rhel/centos (#2143) + +------------------------------------------------------------------- Old: ---- trivy-0.28.0.tar.gz New: ---- trivy-0.29.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.DQ70gX/_old 2022-06-23 10:25:50.315842231 +0200 +++ /var/tmp/diff_new_pack.DQ70gX/_new 2022-06-23 10:25:50.319842235 +0200 @@ -19,7 +19,7 @@ %global goipath github.com/aquasecurity/trivy Name: trivy -Version: 0.28.0 +Version: 0.29.1 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.DQ70gX/_old 2022-06-23 10:25:50.351842270 +0200 +++ /var/tmp/diff_new_pack.DQ70gX/_new 2022-06-23 10:25:50.355842274 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.28.0</param> + <param name="revision">v0.29.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.DQ70gX/_old 2022-06-23 10:25:50.371842292 +0200 +++ /var/tmp/diff_new_pack.DQ70gX/_new 2022-06-23 10:25:50.375842296 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">afe32928436231e6c05602fd15359c7432520167</param></service></servicedata> + <param name="changesrevision">6ce9404c167963e3a1581df96b889995994cfdac</param></service></servicedata> (No newline at EOF) ++++++ trivy-0.28.0.tar.gz -> trivy-0.29.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.28.0.tar.gz /work/SRC/openSUSE:Factory/.trivy.new.1548/trivy-0.29.1.tar.gz differ: char 12, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.gz /work/SRC/openSUSE:Factory/.trivy.new.1548/vendor.tar.gz differ: char 4, line 1