commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2024-05-29 19:36:04 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.24587 (New) Package is "cargo-audit" Wed May 29 19:36:04 2024 rev:19 rq:1177429 version:0.20.0~git66.972ac93 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2024-02-07 18:51:33.569532707 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.24587/cargo-audit.changes 2024-05-29 19:36:50.874652359 +0200 @@ -1,0 +2,122 @@ +Tue May 28 05:14:03 UTC 2024 - william.br...@suse.com + +- Update to version 0.20.0~git66.972ac93: + * build(deps): bump comrak from 0.21.0 to 0.24.1 (#1193) + * build(deps): bump softprops/action-gh-release (#1192) + * build(deps): bump atom_syndication from 0.12.2 to 0.12.3 (#1191) + * build(deps): bump rust-embed from 8.3.0 to 8.4.0 (#1190) + * build(deps): bump petgraph from 0.6.4 to 0.6.5 (#1189) + * update `gix` to v0.63 for security fixes + * Upgrade to auditable-info 0.7.2 + * build(deps): bump rust-embed from 8.2.0 to 8.3.0 + * build(deps): bump semver from 1.0.21 to 1.0.23 + * Fix typo `then` -> `them` in index.html + * Drop unused import + * Fix typos + * Use clap to properly parse --color argument + * Remove duplicated arguments from bin subcommand + * Support specifying multiple target arches and oses in cargo-audit + * Make Query's target arch & os a Vec instead of Option + * build(deps): bump tame-index from 0.11.0 to 0.11.1 + * Apply clippy suggestions + * Adjust binary type filter for WASM + * WIP WASM auditing support + * Fix warnings added in Rust 1.78 + * Regenerate Cargo.lock + * Bump rustsec version + * Drop is-terminal line from rustsec changelog; it's a cargo-audit only change + * Update changelog + * build(deps): bump chrono from 0.4.34 to 0.4.38 + * build(deps): bump time from 0.3.34 to 0.3.36 + * fix after gix update + * update gix and tame-index + * fix cargo clippy warning and error + * cargo-audit: remove is-terminal dep + * build(deps): bump regex from 1.10.3 to 1.10.4 + * Regenerate Cargo.lock + * Bump tame-index and gix versions + * chore: regenerate platform support and bump to platforms@3.4.0 + * Document to use cargo install with --locked (fixes #1152) + * Release `rustsec` 0.29.1 + * Revert rustsec-admin Cargo.toml entirely + * Bump required tame-index version in admin as well + * Upgrade to gix 0.60 to fix build + * build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#1135) + * build(deps): bump auditable-serde from 0.6.0 to 0.6.1 + * build(deps): bump toml_edit from 0.22.5 to 0.22.6 + * build(deps): bump time from 0.3.32 to 0.3.34 + +--- +Tue May 28 04:57:40 UTC 2024 - william.br...@suse.com + +- Update to version 0.20.0~git0.6f4ca87: + * Bump version numbers + * Mention enterprise firewall issue in cargo-audit changelog too + * Fill in cargo-audit changelog + * Expand upon the rewrite description in rustsec changelog + * Fill in rustsec changelog + * Fix link + * build(deps): bump softprops/action-gh-release (#1114) + * build(deps): bump toml_edit from 0.21.1 to 0.22.5 (#1123) + * Bump askama to 0.12 + * Update yanked package + * Drop libgit2 advisory from ignore list now that we got rid of libgit2 + * build(deps): bump toml_edit from 0.19.15 to 0.21.1 + * build(deps): bump chrono from 0.4.33 to 0.4.34 + * build(deps): bump is-terminal from 0.4.11 to 0.4.12 + * Improve fixer documentation + * Move Cargo path detection out of rustsec and into cargo-audit, to make rustsec more flexible + * Remove rustsec `fix` feature and always enable the fixer, now that it doesn't pull in additional dependencies + * Fix syntax + * Apply review suggestion (style) + * Update cargo-audit/src/commands/audit/fix.rs + * Run `cargo update` in the same dir as Cargo.lock + * Revert 'fix' being a default feature + * Placate clippy + * Print a nice summary at the end + * Better wording + * Remove extraneous newline + * prettier printing + * More detailed reporting + * Set the correct(ish) exit status in dry run mode + * Keep track of unpatchable vulns and failures + * Warn about vulnerabilities without patched versions and do not attempt to upgrade those crates + * Only attempt to upgrade vulnerable versions of a given package + * Fix: run `cargo update`, not just `cargo` + * Add a note that `fix` is experimental + * Update cargo.lock in the wake of cargo-edit removal + * Drop the now-unused dependency cargo-edit + * Drop obsolete Cargo.toml locating logic that breaks in presence of workspaces + * Do not require passing manifest path + * Drop unused imports + * Adapt
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2024-02-07 18:49:24 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.1815 (New) Package is "cargo-audit" Wed Feb 7 18:49:24 2024 rev:18 rq:1144778 version:0.19.0~git0.c9d1fbe Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2024-01-04 16:01:12.980889210 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.1815/cargo-audit.changes 2024-02-07 18:51:33.569532707 +0100 @@ -1,0 +2,43 @@ +Wed Feb 07 01:23:27 UTC 2024 - william.br...@suse.com + +- Update to version 0.19.0~git0.c9d1fbe: + * Bump version to 0.19.0 + * Update changelog to 0.19 + * Fill in link URLs + * Bump version + * populate changelog + * bump version + * Update changelog + * Bump gix to 0.58 + * Revert "Merge pull request #1094 from rustsec/revert-1081-gix-upgrade" + * build(deps): bump comrak from 0.18.0 to 0.21.0 (#1090) + * build(deps): bump rust-embed from 6.8.1 to 8.2.0 (#1080) + * Cargo.toml: use `resolver = "2"` (#1095) + * Update abscissa_core and clap; MSRV 1.70 (#1092) + * Revert "gix upgrade to v0.56" + * Fix "error: the borrowed expression implements the required traits" lint + * build(deps): bump actions/cache from 3.0.11 to 4.0.0 (#1088) + * thanks clippy + * upgrade `gix` to v0.56 and `tame-index` to v0.9 to match it + * Bump platforms version to 3.3.0 + * Regenerate platforms crate + * build(deps): bump url from 2.4.1 to 2.5.0 (#1071) + * Add a `source` field to `rustsec::Error`, and use it in simple cases. (#1067) + * build(deps): bump fs-err from 2.10.0 to 2.11.0 (#1069) + * Bump rustsec version + * Update changelog + * Turn link into an automatic link + * Display the chain of sources for errors in `cargo audit` + * bump cargo-lock msrv in another place too + * bump cargo-lock msrv again from 1.66 to 1.67 + * bump cargo-lock msrv from 1.65 to 1.66 + * cargo update + * Update to tame-index 0.8.x and gix 0.55.x + * build(deps): bump rustix from 0.37.21 to 0.37.27 + * fix typo html in advisory scores (#1059) + * https://github.com/rustsec/rustsec/pull/1057#pullrequestreview-1714037690 + * fix https://github.com/rustsec/rustsec/issues/503 + * bump version + * regenerate platforms crate + +--- Old: rustsec-0.18.3~git0.3544515.tar.zst New: rustsec-0.19.0~git0.c9d1fbe.tar.zst Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.bViu3L/_old 2024-02-07 18:51:35.793614071 +0100 +++ /var/tmp/diff_new_pack.bViu3L/_new 2024-02-07 18:51:35.813614802 +0100 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.18.3~git0.3544515 +Version:0.19.0~git0.c9d1fbe Release:0 Summary:Audit rust sources for known security vulnerabilities License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.bViu3L/_old 2024-02-07 18:51:36.089624900 +0100 +++ /var/tmp/diff_new_pack.bViu3L/_new 2024-02-07 18:51:36.105625485 +0100 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.18.3 +cargo-audit/v0.19.0 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ _servicedata ++ --- /var/tmp/diff_new_pack.bViu3L/_old 2024-02-07 18:51:36.265631338 +0100 +++ /var/tmp/diff_new_pack.bViu3L/_new 2024-02-07 18:51:36.289632216 +0100 @@ -1,6 +1,6 @@ https://github.com/RustSec/rustsec.git - 3544515990b09441ecc12df8d0291bc6f23d3d30 + c9d1fbe0637c98e33177124f2934dc7e4dd24451 (No newline at EOF) ++ vendor.tar.zst ++ Binary files /var/tmp/diff_new_pack.bViu3L/_old and /var/tmp/diff_new_pack.bViu3L/_new differ
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2024-01-04 15:59:01 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.28375 (New) Package is "cargo-audit" Thu Jan 4 15:59:01 2024 rev:17 rq:1136673 version:0.18.3~git0.3544515 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2023-10-27 22:28:59.297264124 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.28375/cargo-audit.changes 2024-01-04 16:01:12.980889210 +0100 @@ -1,0 +2,5 @@ +Thu Jan 4 02:03:56 UTC 2024 - William Brown + +- bsc#1218227 - update vendored dependencies for ssh terrapin attack + +--- Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.iU5Jcp/_old 2024-01-04 16:01:14.092929834 +0100 +++ /var/tmp/diff_new_pack.iU5Jcp/_new 2024-01-04 16:01:14.092929834 +0100 @@ -1,7 +1,7 @@ # # spec file for package cargo-audit # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ vendor.tar.zst ++ Binary files /var/tmp/diff_new_pack.iU5Jcp/_old and /var/tmp/diff_new_pack.iU5Jcp/_new differ
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2023-10-27 22:28:28 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.17445 (New) Package is "cargo-audit" Fri Oct 27 22:28:28 2023 rev:16 rq:1120659 version:0.18.3~git0.3544515 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2023-03-27 18:16:51.939291945 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.17445/cargo-audit.changes 2023-10-27 22:28:59.297264124 +0200 @@ -1,0 +2,274 @@ +Fri Oct 27 03:17:26 UTC 2023 - william.br...@suse.com + +- Update to version 0.18.3~git0.3544515: + * Bump version + * Populate changelog + * Update the `fix` subcommand to the new API + * Fix deadlock on missing lockfile + * build(deps): bump regex from 1.9.5 to 1.10.2 + * Update rustsec changelog + * Configure `gix` with `max-performance-safe` feature + * feat: let `Severity` implement `Hash` + * Bump rustsec version to 0.28.3 + * Bump date + * Changelog for 0.28.3 + * fix typo + * fix typo + * Update rustsec/src/repository/git/repository.rs + * Expand documentation on locking + * build(deps): bump webpki from 0.22.1 to 0.22.2 + * Correctly classify only lock timeout errors as LockTimeout, not all lock-related errors + * cargo fmt + * Use Result instead of an unwrap() + * Fix DB directory locking + * Regenerate Cargo.lock + * Add comment + * Migrade rustsec-admin to tame-index 0.7 + * bump gix version in admin too + * cargo fmt + * Switch from Git-compatible locks to OS locks in database checkout + * Purge gix lock to rustsec error conversion; I am removing gix locks + * Only create LockTimeout error variant from tame-index locks + * cargo fmt + * Update docs + * regenerate Cargo.lock + * Initial conversion to tame-index 0.7.1. Compiles but untested. + * Bump admin version + * Populate changelog for admin + * Update Clippy to fix useless warnings + * admin: use `gix` max-performance-safe instead of max-performance + * configure `gix` for best performance + * Bump version to 0.18.2 + * thanks clippy + * Populate changelog for cargo-audit + * Require rustsec 0.28.2 in cargo-audit to fix RUSTSEC-2023-0064 + * change edition to 2021 + * Use tame-index which switches `rustsec-admin` to `gix`. + * Bump version to 0.28.2 + * Populate changelog + * Drop hyperlinks to gix in documentation because we don't have the necessary features enabled. Temporary hack to unblock a release with a security fix + * Fix up code to deal with API changes + * Bump tame-index, explicitly depend on `gix` to enable the necessary features + * Fix error reporting on stale lockfile + * build(deps): bump termcolor from 1.2.0 to 1.3.0 (#1009) + * build(deps): bump chrono from 0.4.30 to 0.4.31 + * build(deps): bump xml-rs from 0.8.17 to 0.8.18 + * Fix `deny = ["warnings"]` being ignored (#995) + * rustsec-admin 0.8.7 (#998) + * Additional information in advisory content (#997) + * build(deps): bump chrono from 0.4.29 to 0.4.30 + * commit Cargo.lock + * bump rustsec crate to 0.28.1 + * bump tame-index version requirement to 0.5.5, it contains the HTTP/2 change + * Populate changelog + * cargo fmt + * Do not require http2 when establishing the connection + * build(deps): bump chrono from 0.4.27 to 0.4.29 + * Appease clippy + * Do not re-lookup packages that are already cached + * build(deps): bump regex from 1.9.4 to 1.9.5 + * build(deps): bump xml-rs from 0.8.16 to 0.8.17 + * build(deps): bump actions/checkout from 3 to 4 + * review feedback: reduce boilerplate + * replace feature default, with v3 and std + * make 'cargo test --no-default-features' run without errors + * Add manual trigger mechanism to release workflow + * Drop remaining 'fix' features + * cargo-audit v0.18.1 (#981) + * Release workflow: don't enable `fix` and `vendored-openssl` features + * Bump versions + * Fill in release date in changelogs + * commit Cargo.lock + * bump rustsec requirement in admin + * Commit Cargo.lock + * bump cargo-audit version to 0.18.0-rc.1 + * Bump rustsec to 0.28.0-rc.1 + * Mention `fix` feature not being converted in changelog + * Fill in cargo-audit changelog + * build(deps): bump time from 0.3.27 to 0.3.28 + * build(deps): bump chrono from 0.4.26 to 0.4.27 + * build(deps): bump url from 2.4.0 to 2.4.1 + * build(deps): bump regex from 1.9.3 to 1.9.4 + * Exclude auto-generation scripts from the published package + * Ignore the file downloaded by the regeneration script + * Bump `platforms` version + * Add myself to authors, I've built out the whole autogeneration infrastructure + * Re-run the generation script + * Bring back the hyperlinks in README.md + * Automatically
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2023-03-27 18:16:33 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.31432 (New) Package is "cargo-audit" Mon Mar 27 18:16:33 2023 rev:15 rq:1074530 version:0.17.5~git0.dc8ec71 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-11-10 14:19:07.817287436 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.31432/cargo-audit.changes 2023-03-27 18:16:51.939291945 +0200 @@ -1,0 +2,73 @@ +Mon Mar 27 02:52:07 UTC 2023 - william.br...@suse.com + +- Update to version 0.17.5~git0.dc8ec71: + * Set the release date in changelog + * Bump `cargo-audit` version + * Bump `rustsec` crate requirement to 0.26.5, to mandate the version with the fixed libgit2 + * Fill in the CHANGELOG + * Do not run all tests from the default feature set twice + * cargo fmt + * Fix version reporting + * Update openssl in Cargo.lock files + * More changelog entries + * cargo fmt + * Fix type inference error + * Fill in changelog + * Bump version to 0.26.5 + * build(deps): bump regex from 1.7.1 to 1.7.2 + * build(deps): bump rust-embed from 6.4.2 to 6.6.0 + * build(deps): bump chrono from 0.4.23 to 0.4.24 + * Bump crates-index to 0.19 + * rustsec: Fix git2 via cargo-edit-9 fork + * fix(cargo-audit): set clap bin_name to cargo (#824) + * fix(cargo-audit): Better the formatting of severity output + * Add vulnerability severity to the cargo-audit report presenter + * test(cargo-audit): Ensure informational warnings are shown by default + * fix(cargo-audit): Add unsound and notice to default informational warnings + * Resolves #622 + * fix(cargo-audit): Remove latest commit signature check + * Re-enable MacOS CI with `--all-features` + * Bump `platforms` version + * Regenerate the `platforms` crate for rustc 1.69.0-nightly (8996ea93b 2023-02-09) + * build(deps): bump toml from 0.7.1 to 0.7.2 (#811) + * build(deps): bump petgraph from 0.6.2 to 0.6.3 (#810) + * Use new feature/dependency syntax (#809) + * build(deps): bump toml from 0.7.0 to 0.7.1 (#806) + * build(deps): bump toml from 0.6.0 to 0.7.0 (#805) + * admin: bump `chrono` to v0.4.23 (#803) + * build(deps): bump atom_syndication from 0.11.0 to 0.12.0 (#777) + * build(deps): bump comrak from 0.15.0 to 0.16.0 (#802) + * build(deps): bump toml from 0.5.9 to 0.6.0 (#797) + * Bump `toml` crate dependency to v0.6 (#800) + * Cargo.lock: bump dependencies (#799) + * build(deps): bump regex from 1.6.0 to 1.7.1 (#785) + * cvss: bump MSRV to 1.60 (#798) + * build(deps): bump fs-err from 2.8.1 to 2.9.0 (#744) + * build(deps): bump termcolor from 1.1.3 to 1.2.0 (#791) + * cargo-audit: refactor OS-specific CI configuration (#796) + * cargo-lock: use `Display` for `io::ErrorKind`; MSRV 1.60 (#794) + * cargo-lock: mark `SourceKind` as `#[non_exhaustive]` (#793) + * cargo-lock: support sparse registry references in Lockfiles (#780) + * release rustsec-admin 0.8.5 (#789) + * release rustsec-admin 0.8.5 (#788) + * Escape search term to prevent reflected XSS (#787) + * Add top-level severity field to OSV advisories + * cargo-lock: implement From for String (#776) + * build(deps): bump comrak from 0.14.0 to 0.15.0 (#760) + * Bump rust-embed from 6.4.2 to 6.5.0 (#766) + * Bump semver from 1.0.14 to 1.0.16 (#772) + * Bump softprops/action-gh-release (#770) + * cargo-lock v8.0.3 (#768) + * Fixed inconsistency in encoding lockfiles where there's only one registry for all packages (#767) + * Prepare rustsec-admin release 0.8.4 (#765) + * release rustsec 0.26.4 + * Make URL a hyperlink + * Add CHANGELOG.md entry + * Store crates.io index versions as strings instead of semver + * Revert "Skip invalid semver in crates.io index" + * Skip invalid semver in crates.io index + * Appease clippy + * Appease clippy + * Add publication date + +--- Old: rustsec-0.17.4~git0.0b05e18.tar.xz vendor.tar.xz New: rustsec-0.17.5~git0.dc8ec71.tar.zst vendor.tar.zst Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.CIxIkG/_old 2023-03-27 18:16:54.599305981 +0200 +++ /var/tmp/diff_new_pack.CIxIkG/_new 2023-03-27 18:16:54.603306002 +0200 @@ -1,7 +1,7 @@ # # spec file for package cargo-audit # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,14 @@ %global workspace_name rustsec Name:
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-11-10 14:19:05 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.1597 (New) Package is "cargo-audit" Thu Nov 10 14:19:05 2022 rev:14 rq:1034648 version:0.17.4~git0.0b05e18 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-11-02 12:48:00.485831961 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.1597/cargo-audit.changes 2022-11-10 14:19:07.817287436 +0100 @@ -1,0 +2,25 @@ +Wed Nov 09 00:01:18 UTC 2022 - william.br...@suse.com + +- Update to version 0.17.4~git0.0b05e18: + * Set 0.17.4 date in changelog + * Bump `cargo-audit` to 0.17.4 + * Update documentation for 0.17.4; `cargo audit bin` is now officially enabled by default + * Fix homepage style on mobile (#755) + * Add comment + * Only attempt to check for yanked crates for crates coming from crates.io + * Remove an unused inport + * placate Clippy + * cargo fmt + * Fix #747 in `cargo-audit instead, and don't silence errors that occur during checking for yanked crates` + * Revert "Only check if a package is yanked if it comes from crates.io; fixes #747" This is a significant behavioral change that should only come with a semver bump + * Add tests validating yank behavior so that #747 can't regress again + * Only check if a package is yanked if it comes from crates.io; fixes #747 + * Add a test fixture depending on a yanked crate + * Consolidate CODE_OF_CONDUCT.d files into one; switch to Rust code of conduct (#751) + * Release rustsec-admit 0.8.3 + * fix links in admin/CHANGELOG.md + * bump `platforms` to 3.0.2 + * regenerate `platforms` crate + * Prepare rustsec-admin release + +--- Old: rustsec-0.17.3~git0.fdb9752.tar.xz New: rustsec-0.17.4~git0.0b05e18.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.vRCkXO/_old 2022-11-10 14:19:09.005293983 +0100 +++ /var/tmp/diff_new_pack.vRCkXO/_new 2022-11-10 14:19:09.009294005 +0100 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.17.3~git0.fdb9752 +Version:0.17.4~git0.0b05e18 Release:0 Summary:Audit rust sources for known security vulnerabilities License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.vRCkXO/_old 2022-11-10 14:19:09.073294358 +0100 +++ /var/tmp/diff_new_pack.vRCkXO/_new 2022-11-10 14:19:09.077294380 +0100 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.17.3 +cargo-audit/v0.17.4 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ _servicedata ++ --- /var/tmp/diff_new_pack.vRCkXO/_old 2022-11-10 14:19:09.093294468 +0100 +++ /var/tmp/diff_new_pack.vRCkXO/_new 2022-11-10 14:19:09.101294512 +0100 @@ -1,6 +1,6 @@ https://github.com/RustSec/rustsec.git - fdb97522db786819262b1ddb030c2ae5d8c47cd8 + 0b05e18c0f719076d56942e6b0e1e13dec11a428 (No newline at EOF) ++ rustsec-0.17.3~git0.fdb9752.tar.xz -> rustsec-0.17.4~git0.0b05e18.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.17.3~git0.fdb9752/CODE_OF_CONDUCT.md new/rustsec-0.17.4~git0.0b05e18/CODE_OF_CONDUCT.md --- old/rustsec-0.17.3~git0.fdb9752/CODE_OF_CONDUCT.md 1970-01-01 01:00:00.0 +0100 +++ new/rustsec-0.17.4~git0.0b05e18/CODE_OF_CONDUCT.md 2022-11-08 22:14:30.0 +0100 @@ -0,0 +1,5 @@ +# Code of Conduct + +People participating in the project are expected to abide by the [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct). + +If you feel you have been or are being harassed or made uncomfortable by a community member, please contact any of the [Rust Moderation Team](rust-m...@rust-lang.org) immediately. Whether you are a regular contributor or a newcomer, we care about making the community a safe space for you. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.17.3~git0.fdb9752/Cargo.lock new/rustsec-0.17.4~git0.0b05e18/Cargo.lock --- old/rustsec-0.17.3~git0.fdb9752/Cargo.lock 2022-11-01 19:18:25.0 +0100 +++
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-11-02 12:47:13 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2275 (New) Package is "cargo-audit" Wed Nov 2 12:47:13 2022 rev:13 rq:1032759 version:0.17.3~git0.fdb9752 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-10-11 18:05:34.630087461 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2275/cargo-audit.changes 2022-11-02 12:48:00.485831961 +0100 @@ -1,0 +2,13 @@ +Tue Nov 01 22:30:54 UTC 2022 - william.br...@suse.com + +- Update to version 0.17.3~git0.fdb9752: + * Set release date in CHANGELOG.md + * Clarify changelog + * Depend on rustsec 0.26.3 which added the CachedIndex used in `cargo audit bin` + * bump cargo-audit to 0.17.3 + * bump rustsec to 0.26.3 + * More complete changelog for rustsec crate + * Drop obsolete comment - html_root_url no longer exists + * Add cargo-auditable to home page + +--- Old: rustsec-0.17.2~git0.bccf8a5.tar.xz New: _servicedata rustsec-0.17.3~git0.fdb9752.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.mZQLy7/_old 2022-11-02 12:48:02.105840184 +0100 +++ /var/tmp/diff_new_pack.mZQLy7/_new 2022-11-02 12:48:02.109840204 +0100 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.17.2~git0.bccf8a5 +Version:0.17.3~git0.fdb9752 Release:0 Summary:Audit rust sources for known security vulnerabilities License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.mZQLy7/_old 2022-11-02 12:48:02.153840428 +0100 +++ /var/tmp/diff_new_pack.mZQLy7/_new 2022-11-02 12:48:02.157840448 +0100 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.17.2 +cargo-audit/v0.17.3 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ _servicedata ++ https://github.com/RustSec/rustsec.git fdb97522db786819262b1ddb030c2ae5d8c47cd8 (No newline at EOF) ++ rustsec-0.17.2~git0.bccf8a5.tar.xz -> rustsec-0.17.3~git0.fdb9752.tar.xz ++ 3823 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.2275/vendor.tar.xz differ: char 27, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-10-11 18:03:05 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2275 (New) Package is "cargo-audit" Tue Oct 11 18:03:05 2022 rev:12 rq:1009636 version:0.17.2~git0.bccf8a5 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-10-04 20:37:51.744927950 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2275/cargo-audit.changes 2022-10-11 18:05:34.630087461 +0200 @@ -1,0 +2,13 @@ +Thu Oct 06 23:44:44 UTC 2022 - william.br...@suse.com + +- Update to version 0.17.2~git0.bccf8a5: + * Don't use --locked in release workflow to allow publishing again + * cargo-audit: Update CHANGELOG + * Fix `bin` screenshot URL in the README + * Skip dotfiles in advisory-db checkout + * Set the release date in CHANGELOG.md + * Add the `cargo audit bin` screenshot to README + * cargo fmt + * Migrate to the released version of auditable-info + +--- Old: rustsec-0.17.0~git0.5214457.tar.xz New: rustsec-0.17.2~git0.bccf8a5.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.mevAJt/_old 2022-10-11 18:05:37.918092776 +0200 +++ /var/tmp/diff_new_pack.mevAJt/_new 2022-10-11 18:05:37.926092789 +0200 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.17.0~git0.5214457 +Version:0.17.2~git0.bccf8a5 Release:0 Summary:Audit rust sources for known security vulnerabilities License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.mevAJt/_old 2022-10-11 18:05:37.970092860 +0200 +++ /var/tmp/diff_new_pack.mevAJt/_new 2022-10-11 18:05:37.974092866 +0200 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.17.0 +cargo-audit/v0.17.2 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ rustsec-0.17.0~git0.5214457.tar.xz -> rustsec-0.17.2~git0.bccf8a5.tar.xz ++ 6590 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.2275/vendor.tar.xz differ: char 27, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-10-04 20:37:46 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2275 (New) Package is "cargo-audit" Tue Oct 4 20:37:46 2022 rev:11 rq:1007769 version:0.17.0~git0.5214457 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-05-25 20:35:15.608286075 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2275/cargo-audit.changes 2022-10-04 20:37:51.744927950 +0200 @@ -1,0 +2,6 @@ +Mon Oct 3 23:32:29 UTC 2022 - William Brown + +- Add _constraints to prevent random failures due to OBS resource + issues. + +--- New: _constraints Other differences: -- ++ _constraints ++ 25
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-05-25 20:34:45 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2254 (New) Package is "cargo-audit" Wed May 25 20:34:45 2022 rev:10 rq:979093 version:0.17.0~git0.5214457 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-04-20 16:57:31.438633918 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2254/cargo-audit.changes 2022-05-25 20:35:15.608286075 +0200 @@ -1,0 +2,20 @@ +Wed May 25 00:48:01 UTC 2022 - william.br...@suse.com + +- Update to version 0.17.0~git0.5214457: + * cargo-audit v0.17.0 (#576) + * rustsec-admin v0.7.0 (#575) + * rustsec v0.26.0 (#574) + * rustsec: flatten `advisory::id` module; rename `IdKind` (#573) + * rustsec: flatten `warnings` module; rename `WarningKind` (#572) + * rustsec: add `doc_cfg` annotations when building on docs.rs (#571) + * cargo-audit: terminal output fixups (#570) + * cargo-lock v8.0.1 (#569) + * cargo-lock: fix dependency source extraction for V2 lockfiles (#568) + * build(deps): bump cargo-edit from 0.9.0 to 0.9.1 (#566) + +--- +Tue May 24 04:57:51 UTC 2022 - William Brown + +- Automatic update of vendored dependencies + +--- Old: rustsec-0.16.0~git0.625c965.tar.xz New: rustsec-0.17.0~git0.5214457.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.hILS6g/_old 2022-05-25 20:35:16.744287661 +0200 +++ /var/tmp/diff_new_pack.hILS6g/_new 2022-05-25 20:35:16.744287661 +0200 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.16.0~git0.625c965 +Version:0.17.0~git0.5214457 Release:0 Summary:Audit rust sources for known security vulnerabilities License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.hILS6g/_old 2022-05-25 20:35:16.780287711 +0200 +++ /var/tmp/diff_new_pack.hILS6g/_new 2022-05-25 20:35:16.784287717 +0200 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.16.0 +cargo-audit/v0.17.0 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ rustsec-0.16.0~git0.625c965.tar.xz -> rustsec-0.17.0~git0.5214457.tar.xz ++ 27987 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.2254/vendor.tar.xz differ: char 26, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-04-20 16:57:00 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.1941 (New) Package is "cargo-audit" Wed Apr 20 16:57:00 2022 rev:9 rq:970926 version:0.16.0~git0.625c965 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-03-20 20:55:32.938526495 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.1941/cargo-audit.changes 2022-04-20 16:57:31.438633918 +0200 @@ -1,0 +2,5 @@ +Tue Apr 5 05:25:07 UTC 2022 - William Brown + +- Automatic update of vendored dependencies + +--- Other differences: -- ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.1941/vendor.tar.xz differ: char 27, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-03-20 20:55:21 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.25692 (New) Package is "cargo-audit" Sun Mar 20 20:55:21 2022 rev:8 rq:963116 version:0.16.0~git0.625c965 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-03-15 19:05:22.352966527 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.25692/cargo-audit.changes 2022-03-20 20:55:32.938526495 +0100 @@ -1,0 +2,5 @@ +Fri Mar 18 04:46:08 UTC 2022 - William Brown + +- Update to use cargo-packaging + +--- Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.kIvyd5/_old 2022-03-20 20:55:33.586527427 +0100 +++ /var/tmp/diff_new_pack.kIvyd5/_new 2022-03-20 20:55:33.610527461 +0100 @@ -30,10 +30,9 @@ Source1:vendor.tar.xz Source2:cargo_config -BuildRequires: cargo -BuildRequires: pkgconfig(libgit2) +BuildRequires: cargo-packaging BuildRequires: pkgconfig(openssl) -ExcludeArch:s390 s390x ppc ppc64 ppc64le %ix86 +ExclusiveArch: %{rust_tier1_arches} %description Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database. @@ -43,12 +42,9 @@ %setup -qa1 -n %{workspace_name}-%{version} mkdir -p .cargo cp %{SOURCE2} .cargo/config -# Remove exec bits to prevent an issue in fedora shebang checking -find vendor -type f -name \*.rs -exec chmod -x '{}' \; %build -export RUSTFLAGS="%{rustflags}" -cargo build --offline --release +%{cargo_build} %install install -D -d -m 0755 %{buildroot}%{_bindir}
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-03-15 19:04:39 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.25692 (New) Package is "cargo-audit" Tue Mar 15 19:04:39 2022 rev:7 rq:961763 version:0.16.0~git0.625c965 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2022-03-04 00:17:36.844284881 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.25692/cargo-audit.changes 2022-03-15 19:05:22.352966527 +0100 @@ -1,0 +2,5 @@ +Mon Mar 14 02:50:27 UTC 2022 - william.br...@suse.com + +- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS + +--- Other differences: -- ++ rustsec-0.16.0~git0.625c965.tar.xz ++ 2451 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.25692/vendor.tar.xz differ: char 27, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2022-03-04 00:17:14 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.1958 (New) Package is "cargo-audit" Fri Mar 4 00:17:14 2022 rev:6 rq:958542 version:0.16.0~git0.625c965 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2021-12-03 20:35:55.484107748 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.1958/cargo-audit.changes 2022-03-04 00:17:36.844284881 +0100 @@ -1,0 +2,5 @@ +Wed Mar 02 03:46:39 UTC 2022 - wbr...@suse.de + +- Update to vendored libraries to resolve security issues + +--- Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.ZpQUsC/_old 2022-03-04 00:17:38.896285314 +0100 +++ /var/tmp/diff_new_pack.ZpQUsC/_new 2022-03-04 00:17:38.900285315 +0100 @@ -1,7 +1,7 @@ # # spec file for package cargo-audit # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ _service ++ --- /var/tmp/diff_new_pack.ZpQUsC/_old 2022-03-04 00:17:38.948285325 +0100 +++ /var/tmp/diff_new_pack.ZpQUsC/_new 2022-03-04 00:17:38.952285326 +0100 @@ -8,7 +8,7 @@ .*v(\d+\.\d+\.\d+) \1 enable -wbr...@suse.de +william.br...@suse.com @@ -19,7 +19,7 @@ rustsec xz - + true rustsec ++ rustsec-0.16.0~git0.625c965.tar.xz ++ 2451 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.1958/vendor.tar.xz differ: char 27, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2021-12-03 20:35:32 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.31177 (New) Package is "cargo-audit" Fri Dec 3 20:35:32 2021 rev:5 rq:935313 version:0.16.0~git0.625c965 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2021-10-06 19:49:58.544058230 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.31177/cargo-audit.changes 2021-12-03 20:35:55.484107748 +0100 @@ -1,0 +2,20 @@ +Fri Dec 3 01:09:15 UTC 2021 - William Brown + +- Fix incorrect license string + +--- +Mon Nov 15 23:19:01 UTC 2021 - wbr...@suse.de + +- Update to version 0.16.0~git0.625c965: + * cargo-audit v0.16.0 (#487) + * rustsec v0.25.1 (#486) + * platforms v2.0.0 (#485) + * platforms: make `Platform::ALL` an inherent constant (#484) + * platforms: make tier modules non-`pub` (#483) + * rustsec-admin v0.6.0 (#482) + * Update atom_syndication to 0.11 (#481) + * rustsec v0.25.0 (#480) + * Cargo.lock: bump dependencies (#479) + * rustsec: flatten API (#478) + +--- Old: rustsec-0.15.2~git0.fe0b327.tar.xz New: rustsec-0.16.0~git0.625c965.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.6TTDiS/_old 2021-12-03 20:35:56.568103787 +0100 +++ /var/tmp/diff_new_pack.6TTDiS/_new 2021-12-03 20:35:56.572103773 +0100 @@ -20,10 +20,10 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.15.2~git0.fe0b327 +Version:0.16.0~git0.625c965 Release:0 Summary:Audit rust sources for known security vulnerabilities -License:License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ +License:( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ Group: Development/Languages/Rust URL:https://github.com/RustSec/cargo-audit Source0:%{workspace_name}-%{version}.tar.xz ++ _service ++ --- /var/tmp/diff_new_pack.6TTDiS/_old 2021-12-03 20:35:56.600103670 +0100 +++ /var/tmp/diff_new_pack.6TTDiS/_new 2021-12-03 20:35:56.600103670 +0100 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.15.2 +cargo-audit/v0.16.0 cargo-audit* .*v(\d+\.\d+\.\d+) \1 @@ -19,6 +19,7 @@ rustsec xz + rustsec ++ rustsec-0.15.2~git0.fe0b327.tar.xz -> rustsec-0.16.0~git0.625c965.tar.xz ++ 6503 lines of diff (skipped) ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.31177/vendor.tar.xz differ: char 26, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2021-10-06 19:49:52 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2443 (New) Package is "cargo-audit" Wed Oct 6 19:49:52 2021 rev:4 rq:923371 version:0.15.2~git0.fe0b327 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2021-07-07 18:31:26.450538403 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2443/cargo-audit.changes 2021-10-06 19:49:58.544058230 +0200 @@ -1,0 +2,14 @@ +Wed Oct 06 01:20:31 UTC 2021 - wbr...@suse.de + +- Update to version 0.15.2~git0.fe0b327: + * cargo-audit v0.15.2 (#435) + * rustsec v0.24.3 (#433) + * Don't label OSV feature as unstable, since OSV 1.0 has shipped + * cargo-audit+rustsec: add `vendored-libgit2` feature (#432) + * cargo-audit v0.15.1 (#430) + * Bump comrak from 0.12.0 to 0.12.1 (#428) + * Bump git2 from 0.13.21 to 0.13.22 (#427) + * Bump comrak from 0.11.0 to 0.12.0 (#426) + * silence Clippy - I want to be explicit here + +--- Old: rustsec-0.15.0~git0.16c8aa4.tar.xz New: rustsec-0.15.2~git0.fe0b327.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.XISV7E/_old 2021-10-06 19:49:59.776058698 +0200 +++ /var/tmp/diff_new_pack.XISV7E/_new 2021-10-06 19:49:59.780058699 +0200 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version:0.15.0~git0.16c8aa4 +Version:0.15.2~git0.fe0b327 Release:0 Summary:Audit rust sources for known security vulnerabilities License:License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++ _service ++ --- /var/tmp/diff_new_pack.XISV7E/_old 2021-10-06 19:49:59.824058716 +0200 +++ /var/tmp/diff_new_pack.XISV7E/_new 2021-10-06 19:49:59.828058718 +0200 @@ -3,7 +3,7 @@ https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -cargo-audit/v0.15.0 +cargo-audit/v0.15.2 cargo-audit* .*v(\d+\.\d+\.\d+) \1 ++ rustsec-0.15.0~git0.16c8aa4.tar.xz -> rustsec-0.15.2~git0.fe0b327.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/rustsec-0.15.0~git0.16c8aa4.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.2443/rustsec-0.15.2~git0.fe0b327.tar.xz differ: char 15, line 1 ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.2443/vendor.tar.xz differ: char 26, line 1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2021-07-07 18:30:19 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.2625 (New) Package is "cargo-audit" Wed Jul 7 18:30:19 2021 rev:3 rq:904295 version:0.15.0~git0.16c8aa4 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2021-06-04 00:33:45.984906371 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.2625/cargo-audit.changes 2021-07-07 18:31:26.450538403 +0200 @@ -1,0 +2,584 @@ +Mon Jul 05 05:01:17 UTC 2021 - wbr...@suse.de + +- Update to version 0.15.0~git0.16c8aa4: + * cargo-audit v0.15.0 (#392) + * rustsec-admin v0.5.0 (#389) + * README.md: ??? + * rustsec v0.24.0 (#388) + * OSV export (#366) + * Bump semver from 1.0.1 to 1.0.3 + * Bump semver from 1.0.0 to 1.0.1 (#381) + * Bump git2 from 0.13.19 to 0.13.20 (#375) + * Bump crates-index from 0.16.6 to 0.16.7 (#380) + * cargo-lock v7.0.0 (#379) + * Bump to semver 1.0.0 (#378) + * rustsec-admin v0.4.3 (#374) + * list-affected-versions: Also print the crate in question + * Bump crates-index from 0.16.5 to 0.16.6 + * Fix doc comments + * Added docs + * Clean up the code and commit stuff I forgot to add to git + * Implement list-affected-versions subcommand, works fine with current DB + * Add list-affected-versions subcommand stub + * Clarify error message + * Update the crates.io index if not up to date + * Drop ureq dependency + * cargo fmt + * Better error reporting + * Initial untested attempt to get rid of crates.io API querying completely + * Comment, thanks Alex + * cargo fmt + * Fix crates.io API interaction + * Ditched crates_io_api crate, did the same thing with ureq. Gets rid of tokio and a whole lot of other deps. Fixes breakage due to the recent crates.io API breakage, and prevents similar breakage in the future + * Add new exit status for errors (#368) + * Bump git2 from 0.13.18 to 0.13.19 (#365) + * cargo-lock: add support for V3 format (#363) + * cvss v1.0.3 (#362) + * CI: gate workflow execution for PRs on changed files + * cvss: fixups + * Update CI badges + * Add some tier 3 targets + * Workspace CI configuration + * Update repo urls in Cargo.toml files + * README.md: add new toplevel one for workspace + * platforms: sync with Rust platform support documentation + * CI configuration + * Wire up Cargo workspace + * cargo-audit: prepare for merge into RustSec monorepo + * rustsec: prepare for merge into RustSec monorepo + * platforms: prepare for merge into RustSec monorepo + * cvss: prepare for merge into RustSec monorepo + * rustsec-admin: prepare for merge into RustSec monorepo + * rustsec-admin: prepare for merge into RustSec monorepo + * Web: Add pages per package (#143) + * v0.4.2 (#142) + * web: Add back an Atom feed for advisories (#140) + * Cargo.lock: bump dependencies (#136) + * Upgrade to GitHub-native Dependabot (#134) + * v0.4.1 (#135) + * Display more information on the website (#133) + * Upgrade to GitHub-native Dependabot (#344) + * Vendor OpenSSL for arm and musl builds (#343) + * Bump git2 from 0.13.17 to 0.13.18 (#314) + * Bump crates-index from 0.16.3 to 0.16.5 (#313) + * Bump comrak from 0.9.1 to 0.10.0 (#129) + * Fix typo in comments about mips64. (#36) + * Bump rustsec from 0.23.2 to 0.23.3 (#128) + * v0.23.3 (#310) + * Workaround for stale git refs (#309) + * Bump rustsec from 0.23.0 to 0.23.2 (#127) + * v0.23.2 (#308) + * Rename advisory-db `master` branch to `main` (#307) + * CI: use actions-rs/audit-check for self-audit (#306) + * Cargo.lock: bump dependencies (#305) + * v0.4.0 (#126) + * v0.3.5 (#124) + * Use rust-embed for static assets (#122) + * Add argument to change where website is outputted (#123) + * v0.23.1 (#301) + * Bump url from 2.2.0 to 2.2.1 (#98) + * Fix parsing error on windows (#295) + * Cargo.lock: bump deps (#296) + * Bump comrak from 0.9.0 to 0.9.1 (#116) + * Use a fully Rust based solution for rendering web page (#115) + * v0.3.4 (#113) + * Bump `rustsec` crate to v0.23 (#112) + * v0.23.0 (#292) + * Cargo.toml: dependency cleanups (#291) + * Add `thread-safety` category (#290) + * Rename default branch to `main` (#289) + * v1.0.1 (#15) + * Rename default branch to `main` (#14) + * Cargo.lock: bump deps (#288) + * v6.0.1 (#96) + * Rename CI workflow (#95) + * Rename default branch to `main` (#94) + * Cargo.lock: bump deps (#93) + * Bump semver-parser from 0.10.0 to 0.10.2 (#280) + * v0.3.3 (#106) + * Cargo.lock: bump dependencies (#105) + * Rename `master` branch to `main` (#104) + * CI config improvements (#103) + * assigner: fix "new year's" bug (#102) + * Bump handlebars from 3.5.1
commit cargo-audit for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2021-06-04 00:33:34 Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.1898 (New) Package is "cargo-audit" Fri Jun 4 00:33:34 2021 rev:2 rq:897045 version:0.14.1~git0.e46dce8 Changes: --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2021-03-30 21:44:03.330593000 +0200 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.1898/cargo-audit.changes 2021-06-04 00:33:45.984906371 +0200 @@ -1,0 +2,16 @@ +Wed Jun 02 06:01:51 UTC 2021 - wbr...@suse.de + +- Update _service to use upstream monorepo and cargo-audit +- Update to version 0.14.1~git0.e46dce8: + * v0.14.1 (#342) + * Cargo.lock: update several dependencies (#341) + * Generate release builds with github actions (#337) + * Cargo.lock: bump various dependencies (#335) + * Bump rustsec from 0.23.2 to 0.23.3 (#333) + * v0.14.0 (#330) + * Cargo.lock: bump `rustsec` to v0.23.2 (#329) + * README.md: fix "Report Vulnerability" button (#328) + * Rename 'master' branch to 'main' + * Bump `rustsec` dependency to v0.23; MSRV 1.46+ (#327) + +--- Old: cargo-audit-0.14.0~git0.08c9f3e.tar.xz New: rustsec-0.14.1~git0.e46dce8.tar.xz Other differences: -- ++ cargo-audit.spec ++ --- /var/tmp/diff_new_pack.3Ec0tj/_old 2021-06-04 00:33:47.136909688 +0200 +++ /var/tmp/diff_new_pack.3Ec0tj/_new 2021-06-04 00:33:47.140909699 +0200 @@ -1,5 +1,5 @@ # -# spec file for package cargo-audit-advisory-db +# spec file for package cargo-audit # # Copyright (c) 2021 SUSE LLC # @@ -15,20 +15,22 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 +%global workspace_name rustsec Name: cargo-audit -Version:0.14.0~git0.08c9f3e +Version:0.14.1~git0.e46dce8 Release:0 Summary:Audit rust sources for known security vulnerabilities License:License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ Group: Development/Languages/Rust -Url:https://github.com/RustSec/cargo-audit -Source0:%{name}-%{version}.tar.xz +URL:https://github.com/RustSec/cargo-audit +Source0:%{workspace_name}-%{version}.tar.xz Source1:vendor.tar.xz Source2:cargo_config -BuildRequires: rust-packaging +BuildRequires: cargo BuildRequires: pkgconfig(openssl) ExcludeArch:s390 s390x ppc ppc64 ppc64le %ix86 @@ -36,8 +38,8 @@ Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database. %prep -%setup -q -%setup -qa1 +%setup -q -n %{workspace_name}-%{version} +%setup -qa1 -n %{workspace_name}-%{version} mkdir -p .cargo cp %{SOURCE2} .cargo/config # Remove exec bits to prevent an issue in fedora shebang checking @@ -50,7 +52,7 @@ %install install -D -d -m 0755 %{buildroot}%{_bindir} -install -m 0755 %{_builddir}/%{name}-%{version}/target/release/cargo-audit %{buildroot}%{_bindir}/cargo-audit +install -m 0755 %{_builddir}/%{workspace_name}-%{version}/target/release/cargo-audit %{buildroot}%{_bindir}/cargo-audit %files %{_bindir}/cargo-audit ++ _service ++ --- /var/tmp/diff_new_pack.3Ec0tj/_old 2021-06-04 00:33:47.168909780 +0200 +++ /var/tmp/diff_new_pack.3Ec0tj/_new 2021-06-04 00:33:47.168909780 +0200 @@ -1,11 +1,11 @@ -https://github.com/RustSec/cargo-audit.git +https://github.com/RustSec/rustsec.git @PARENT_TAG@~git@TAG_OFFSET@.%h git -v0.14.0 -* -v(\d+\.\d+\.\d+) +cargo-audit/v0.14.1 +cargo-audit* +.*v(\d+\.\d+\.\d+) \1 enable wbr...@suse.de @@ -17,7 +17,11 @@ xz - cargo-audit + rustsec xz + + rustsec + + ++ vendor.tar.xz ++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.xz /work/SRC/openSUSE:Factory/.cargo-audit.new.1898/vendor.tar.xz differ: char 26, line 1