Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package trivy for openSUSE:Factory checked
in at 2023-04-03 18:11:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trivy (Old)
and /work/SRC/openSUSE:Factory/.trivy.new.9019 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy"
Mon Apr 3 18:11:13 2023 rev:49 rq:1077009 version:0.39.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2023-03-14
18:17:35.116033465 +0100
+++ /work/SRC/openSUSE:Factory/.trivy.new.9019/trivy.changes 2023-04-03
18:11:15.061613956 +0200
@@ -1,0 +2,53 @@
+Mon Apr 03 08:36:44 UTC 2023 - dmuel...@suse.com
+
+- Update to version 0.39.0:
+ * docs(cli): added makefile and go file to create docs (#3930)
+ * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
+ * chore: ignore gpg key (#3943)
+ * feat(cyclonedx): support dependency graph (#3177)
+ * chore(deps): Bump defsec to v0.85.0 (#3940)
+ * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
+ * feat(server): redis with public TLS certs support (#3783)
+ * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866)
+ * chore: replace make with mage (#3932)
+ * fix(sbom): add checksum to files (#3888)
+ * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5
(#3928)
+ * chore: remove unused mount volumes (#3927)
+ * feat: add auth support for downloading OCI artifacts (#3915)
+ * refactor(purl): use epoch in qualifier (#3913)
+ * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0
(#3727)
+ * feat(image): add registry options (#3906)
+ * feat(rust): dependency tree and line numbers support for cargo lock file
(#3746)
+ * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
+ * feat(php): add support for location, licenses and graph for composer.lock
files (#3873)
+ * chore(deps): updates wazero to 1.0.0 (#3904)
+ * feat(image): discover SBOM in OCI referrers (#3768)
+ * docs: change cache-dir key in config file (#3897)
+ * fix(sbom): use release and epoch for SPDX package version (#3896)
+ * ci: add gpg signing for RPM packages (#3612)
+ * docs: Update incorrect comment for skip-update flag (#3878)
+ * refactor(misconf): simplify policy filesystem (#3875)
+ * feat(nodejs): parse package.json alongside yarn.lock (#3757)
+ * fix(spdx): add PkgDownloadLocation field (#3879)
+ * fix(report): try to guess direct deps for dependency tree (#3852)
+ * chore(amazon): update EOL (#3876)
+ * fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
+ * feat(amazon): add al2023 support (#3854)
+ * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
+ * docs(misconf): Add information about selectors (#3703)
+ * docs(cli): update CLI docs with cobra (#3815)
+ * feat: k8s parallel processing (#3693)
+ * docs: add DefectDojo in the Security Management section (#3871)
+ * chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
+ * refactor: add pipeline (#3868)
+ * feat(cli): add javadb metadata to version info (#3835)
+ * chore(deps): Move compliance types to defsec (#3842)
+ * feat(sbom): add support for CycloneDX JSON Attestation of the correct
specification (#3849)
+ * feat: add node toleration option (#3823)
+ * fix: allow mapfs to open dirs (#3867)
+ * fix(report): update uri only for os class targets (#3846)
+ * feat(nodejs): Add v3 npm lock file support (#3826)
+ * feat(nodejs): parse package.json files alongside package-lock.json (#2916)
+ * docs(misconf): Fix links to built in policies (#3841)
+
+-------------------------------------------------------------------
@@ -5,3 +58,5 @@
- * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to
1.89.1 (#3827)
- * fix(java): skip empty files for jar post analyzer (#3832)
- * fix(docker): build healthcheck command for line without /bin/sh prefix
(#3831)
+ * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
+ from 1.86.1 to 1.89.1
+ * fix(java): skip empty files for jar post analyzer
+ * fix(docker): build healthcheck command for line without
+ /bin/sh prefix
@@ -9,2 +64,3 @@
- * chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible
to 23.0.1+incompatible (#3586)
- * fix: populate timeout context to node-collector (#3766)
+ * chore(deps): bump github.com/docker/docker from
+ 23.0.0-rc.1+incompatible to 23.0.1+incompatible
+ * fix: populate timeout context to node-collector
@@ -12 +68,2 @@
- * fix: display correct flag in error message when skipping java db update
#3808
+ * fix: display correct flag in error message when skipping
+ java db update #3808
@@ -15 +72,2 @@
- * fix(java): the project props take precedence over the parent's props
(#3320)
+ * fix(java): the project props take precedence over the
+ parent's props (#3320)
Old:
----
trivy-0.38.3.tar.zst
New:
----
trivy-0.39.0.tar.zst
vendor.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trivy.spec ++++++
--- /var/tmp/diff_new_pack.sNuupK/_old 2023-04-03 18:11:23.141713723 +0200
+++ /var/tmp/diff_new_pack.sNuupK/_new 2023-04-03 18:11:23.149713822 +0200
@@ -19,7 +19,7 @@
%global goipath github.com/aquasecurity/trivy
Name: trivy
-Version: 0.38.3
+Version: 0.39.0
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.sNuupK/_old 2023-04-03 18:11:23.217714662 +0200
+++ /var/tmp/diff_new_pack.sNuupK/_new 2023-04-03 18:11:23.221714711 +0200
@@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param>
- <param name="revision">v0.38.3</param>
+ <param name="revision">v0.39.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.sNuupK/_old 2023-04-03 18:11:23.245714919 +0200
+++ /var/tmp/diff_new_pack.sNuupK/_new 2023-04-03 18:11:23.249714937 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param>
- <param
name="changesrevision">a12f58be57931c13b5ba9016bc8afd52bd63d3ae</param></service></servicedata>
+ <param
name="changesrevision">ed590966a3efdaf6cbb48e34bfb36ea0884e45d8</param></service></servicedata>
(No newline at EOF)
++++++ vendor.tar.zst ++++++
Binary files /var/tmp/diff_new_pack.sNuupK/_old and
/var/tmp/diff_new_pack.sNuupK/_new differ
