Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-09-06 18:58:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft" Wed Sep 6 18:58:03 2023 rev:47 rq:1109094 version:0.89.0 Changes: -------- --- /work/SRC/openSUSE:Factory/syft/syft.changes 2023-08-01 15:38:35.353842361 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1766/syft.changes 2023-09-06 19:01:49.343320930 +0200 @@ -1,0 +2,90 @@ +Tue Sep 05 14:57:48 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.89.0: + * tidy gomod and gitignore (#2082) + * fix quiet flag (#2081) + * fix: in some cases, try to use pom info to guess name and + version to top level jar (#2080) + * fix: don't panic on universal go binaries (#2078) + * chore: update CLI to CLIO (#2001) + * Add registry certificate verification support (#1734) + * fix: CPE generation for django (#2068) + +------------------------------------------------------------------- +Tue Sep 05 14:54:29 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.88.0: + * chore: update quill to the latest version (#2065) + * fix: duplicate entries in cyclonedx dependency list (#2063) + * Fix panic in pom parsing (#2064) + * Fix: don't validate pom declared group (#2054) + * chore: trace log pom property reflect usage (#2059) + * fix: do not double-prefix symlink paths that already contain + volume names (#2051) + * feat: add bash classifier (#2055) + * Detect golang boring crypto and fipsonly modules (#2021) + * fix: properly parse conan ref and include user and channel + (#2034) + * chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 + to 0.8.0 (#2053) + * Enable reading non-utf-8 encodings for java pom.xml files + (#2047) + * feat: 1944 - update purl generation to use a consistent groupID + (#2033) + * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 + (#2049) + * chore(deps): update bootstrap tools to latest versions (#2048) + * chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 + (#2045) + * chore(deps): update CPE dictionary index (#2043) + * fill out new version notice (#2042) + +------------------------------------------------------------------- +Tue Sep 05 14:49:59 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.87.1: + * feat: use java package names to determine known groupids + (#2032) + * fix: inconsistent removal of binaries by overlap (#2036) + * fix: CycloneDX relationships not output or decoded properly + (#1974) + * chore: restore cataloger.DefaultConfig (#2028) + +------------------------------------------------------------------- +Tue Sep 05 14:31:00 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.87.0: + * fix: read direct package files when decoding SPDX tag-value + (#2014) + * chore(deps): update bootstrap tools to latest versions (#2022) + * chore(deps): update CPE dictionary index (#2025) + * chore(deps): update bootstrap tools to latest versions (#2012) + * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 + (#2008) + * 1948-filter-pkg-by-type (#2011) + * chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 + (#2009) + * fix: SPDX license values and download location (#2007) + * 931: binary cataloger exclusion defaults for ownership by + overlap (#1948) + * chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 + (#2004) + * chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 + (#1998) + * test: add coverage for new rpmdb paths (#1999) + * chore: improve spdx purl decoding (#1996) + * fix: gradle lockfile parser groupId handling (#1995) + * fix: update glob to use newer usr/lib/sysimage path (#1997) + * fix: opkg search glob (#1994) + * feat: nginx binary classifier (#1988) + * Expand deb cataloger to include opkg (#1985) + * chore(deps): update bootstrap tools to latest versions (#1991) + * chore(deps): bump github.com/google/go-containerregistry + (#1993) + * chore: update bubbly to fix hanging (#1990) + * chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 + (#1989) + * feat: use originator logic to fill supplier (#1980) + * add metadata types to all cpe test fixtures (#1982) + +------------------------------------------------------------------- Old: ---- syft-0.86.1.obscpio New: ---- syft-0.89.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syft.spec ++++++ --- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.811480210 +0200 +++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.815480353 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version: 0.86.1 +Version: 0.89.0 Release: 0 Summary: CLI tool and library for generating a Software Bill of Materials License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.855481779 +0200 +++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.859481922 +0200 @@ -1,14 +1,14 @@ <services> - <service name="obs_scm" mode="disabled"> + <service name="obs_scm" mode="manual"> <param name="url">https://github.com/anchore/syft</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.86.1</param> + <param name="revision">v0.89.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> </service> - <service name="set_version" mode="disabled"> + <service name="set_version" mode="manual"> <param name="basename">syft</param> </service> <service name="tar" mode="buildtime"/> @@ -16,7 +16,7 @@ <param name="file">*.tar</param> <param name="compression">gz</param> </service> - <service name="go_modules" mode="disabled"> + <service name="go_modules" mode="manual"> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.879482635 +0200 +++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.883482777 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/anchore/syft</param> - <param name="changesrevision">e2f7befbfbf88053dfb2007c6499a4bb2d232c3c</param></service></servicedata> + <param name="changesrevision">b454160549bbd199e0a5693750856f30b41767f7</param></service></servicedata> (No newline at EOF) ++++++ syft-0.86.1.obscpio -> syft-0.89.0.obscpio ++++++ /work/SRC/openSUSE:Factory/syft/syft-0.86.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.1766/syft-0.89.0.obscpio differ: char 49, line 1 ++++++ syft.obsinfo ++++++ --- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.923484203 +0200 +++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.923484203 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.86.1 -mtime: 1690824558 -commit: e2f7befbfbf88053dfb2007c6499a4bb2d232c3c +version: 0.89.0 +mtime: 1693493432 +commit: b454160549bbd199e0a5693750856f30b41767f7 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1766/vendor.tar.gz differ: char 5, line 1