Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package syft for openSUSE:Factory checked in
at 2023-09-06 18:58:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/syft (Old)
and /work/SRC/openSUSE:Factory/.syft.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft"
Wed Sep 6 18:58:03 2023 rev:47 rq:1109094 version:0.89.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/syft/syft.changes 2023-08-01
15:38:35.353842361 +0200
+++ /work/SRC/openSUSE:Factory/.syft.new.1766/syft.changes 2023-09-06
19:01:49.343320930 +0200
@@ -1,0 +2,90 @@
+Tue Sep 05 14:57:48 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.89.0:
+ * tidy gomod and gitignore (#2082)
+ * fix quiet flag (#2081)
+ * fix: in some cases, try to use pom info to guess name and
+ version to top level jar (#2080)
+ * fix: don't panic on universal go binaries (#2078)
+ * chore: update CLI to CLIO (#2001)
+ * Add registry certificate verification support (#1734)
+ * fix: CPE generation for django (#2068)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:54:29 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.88.0:
+ * chore: update quill to the latest version (#2065)
+ * fix: duplicate entries in cyclonedx dependency list (#2063)
+ * Fix panic in pom parsing (#2064)
+ * Fix: don't validate pom declared group (#2054)
+ * chore: trace log pom property reflect usage (#2059)
+ * fix: do not double-prefix symlink paths that already contain
+ volume names (#2051)
+ * feat: add bash classifier (#2055)
+ * Detect golang boring crypto and fipsonly modules (#2021)
+ * fix: properly parse conan ref and include user and channel
+ (#2034)
+ * chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1
+ to 0.8.0 (#2053)
+ * Enable reading non-utf-8 encodings for java pom.xml files
+ (#2047)
+ * feat: 1944 - update purl generation to use a consistent groupID
+ (#2033)
+ * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
+ (#2049)
+ * chore(deps): update bootstrap tools to latest versions (#2048)
+ * chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0
+ (#2045)
+ * chore(deps): update CPE dictionary index (#2043)
+ * fill out new version notice (#2042)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:49:59 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.87.1:
+ * feat: use java package names to determine known groupids
+ (#2032)
+ * fix: inconsistent removal of binaries by overlap (#2036)
+ * fix: CycloneDX relationships not output or decoded properly
+ (#1974)
+ * chore: restore cataloger.DefaultConfig (#2028)
+
+-------------------------------------------------------------------
+Tue Sep 05 14:31:00 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.87.0:
+ * fix: read direct package files when decoding SPDX tag-value
+ (#2014)
+ * chore(deps): update bootstrap tools to latest versions (#2022)
+ * chore(deps): update CPE dictionary index (#2025)
+ * chore(deps): update bootstrap tools to latest versions (#2012)
+ * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0
+ (#2008)
+ * 1948-filter-pkg-by-type (#2011)
+ * chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0
+ (#2009)
+ * fix: SPDX license values and download location (#2007)
+ * 931: binary cataloger exclusion defaults for ownership by
+ overlap (#1948)
+ * chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
+ (#2004)
+ * chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0
+ (#1998)
+ * test: add coverage for new rpmdb paths (#1999)
+ * chore: improve spdx purl decoding (#1996)
+ * fix: gradle lockfile parser groupId handling (#1995)
+ * fix: update glob to use newer usr/lib/sysimage path (#1997)
+ * fix: opkg search glob (#1994)
+ * feat: nginx binary classifier (#1988)
+ * Expand deb cataloger to include opkg (#1985)
+ * chore(deps): update bootstrap tools to latest versions (#1991)
+ * chore(deps): bump github.com/google/go-containerregistry
+ (#1993)
+ * chore: update bubbly to fix hanging (#1990)
+ * chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
+ (#1989)
+ * feat: use originator logic to fill supplier (#1980)
+ * add metadata types to all cpe test fixtures (#1982)
+
+-------------------------------------------------------------------
Old:
----
syft-0.86.1.obscpio
New:
----
syft-0.89.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ syft.spec ++++++
--- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.811480210 +0200
+++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.815480353 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: syft
-Version: 0.86.1
+Version: 0.89.0
Release: 0
Summary: CLI tool and library for generating a Software Bill of
Materials
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.855481779 +0200
+++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.859481922 +0200
@@ -1,14 +1,14 @@
<services>
- <service name="obs_scm" mode="disabled">
+ <service name="obs_scm" mode="manual">
<param name="url">https://github.com/anchore/syft</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.86.1</param>
+ <param name="revision">v0.89.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
</service>
- <service name="set_version" mode="disabled">
+ <service name="set_version" mode="manual">
<param name="basename">syft</param>
</service>
<service name="tar" mode="buildtime"/>
@@ -16,7 +16,7 @@
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
- <service name="go_modules" mode="disabled">
+ <service name="go_modules" mode="manual">
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.879482635 +0200
+++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.883482777 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/syft</param>
- <param
name="changesrevision">e2f7befbfbf88053dfb2007c6499a4bb2d232c3c</param></service></servicedata>
+ <param
name="changesrevision">b454160549bbd199e0a5693750856f30b41767f7</param></service></servicedata>
(No newline at EOF)
++++++ syft-0.86.1.obscpio -> syft-0.89.0.obscpio ++++++
/work/SRC/openSUSE:Factory/syft/syft-0.86.1.obscpio
/work/SRC/openSUSE:Factory/.syft.new.1766/syft-0.89.0.obscpio differ: char 49,
line 1
++++++ syft.obsinfo ++++++
--- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.923484203 +0200
+++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.923484203 +0200
@@ -1,5 +1,5 @@
name: syft
-version: 0.86.1
-mtime: 1690824558
-commit: e2f7befbfbf88053dfb2007c6499a4bb2d232c3c
+version: 0.89.0
+mtime: 1693493432
+commit: b454160549bbd199e0a5693750856f30b41767f7
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/syft/vendor.tar.gz
/work/SRC/openSUSE:Factory/.syft.new.1766/vendor.tar.gz differ: char 5, line 1
