Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package syft for openSUSE:Factory checked in
at 2023-03-03 22:28:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/syft (Old)
and /work/SRC/openSUSE:Factory/.syft.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft"
Fri Mar 3 22:28:17 2023 rev:30 rq:1069102 version:0.74.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/syft/syft.changes 2023-02-23
16:54:10.305402134 +0100
+++ /work/SRC/openSUSE:Factory/.syft.new.31432/syft.changes 2023-03-03
22:31:17.552001903 +0100
@@ -1,0 +2,34 @@
+Fri Mar 03 05:40:08 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.74.0:
+ * fix: possible race condition (#1639)
+ * fix: remove APK OriginPackage cpe candidates (#1637)
+ * fix: rebar lock file decoding panic (#1628)
+ * fix: handle individual cataloger panics (#1636)
+ * fix: apk product/vendor generation for old metadata (#1635)
+ * feat: rust toolchain binary cataloger (#1601)
+ * feat: retain go package info when no module declared (#1632)
+ * fix: improved CPE-generation for several more APK packages
+ (#1631)
+ * chore: update deprecated release flag (#1629)
+ * chore(deps): bump actions/upload-artifact from 2 to 3 (#1627)
+ * feat: add support for SUPPORT_END in /etc/os-release (#1612)
+ * fix: further improvements to CPE generation for apk packages
+ (#1623)
+ * chore(deps): bump github.com/stretchr/testify from 1.8.1 to
+ 1.8.2 (#1625)
+ * chore(deps): bump actions/checkout from 2 to 3 (#1626)
+ * feat: set cosign attest predicate type based on Syft output
+ type (#1598)
+ * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4
+ (#1609)
+ * fix: correct apk purls for other distros (#1620)
+ * refactor: move apk upstream logic to apk metadata (#1619)
+ * fix: decoding null apk metadata pullDependencies (#1614)
+ * feat: haproxy binary matcher (#1591)
+ * fix: determine upstream for apk version streams (#1610)
+ * fix: improve CPE generation for curl APK (#1608)
+ * Revert "add workaround for macos github actions cache issue
+ (#1584)" (#1605)
+
+-------------------------------------------------------------------
Old:
----
syft-0.73.0.tar.gz
New:
----
syft-0.74.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ syft.spec ++++++
--- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.532010347 +0100
+++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.540010381 +0100
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: syft
-Version: 0.73.0
+Version: 0.74.0
Release: 0
Summary: CLI tool and library for generating a Software Bill of
Materials
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.604010654 +0100
+++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.608010671 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/anchore/syft</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.73.0</param>
+ <param name="revision">v0.74.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -16,7 +16,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">syft-0.73.0.tar.gz</param>
+ <param name="archive">syft-0.74.0.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.644010824 +0100
+++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.648010842 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/syft</param>
- <param
name="changesrevision">aa151da5fe2a1b11502c852fd2d3ad462c1d245f</param></service></servicedata>
+ <param
name="changesrevision">5f90d0371873faf5eb8f2e748909b32294be6263</param></service></servicedata>
(No newline at EOF)
++++++ syft-0.73.0.tar.gz -> syft-0.74.0.tar.gz ++++++
++++ 4511 lines of diff (skipped)
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/syft/vendor.tar.gz
/work/SRC/openSUSE:Factory/.syft.new.31432/vendor.tar.gz differ: char 5, line 1
