commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-08-03 20:04:35 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.7232 (New) Package is "syft" Sat Aug 3 20:04:35 2024 rev:79 rq:1191217 version:1.10.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-07-16 22:03:18.811816612 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.7232/syft.changes 2024-08-03 20:04:40.495390789 +0200 @@ -1,0 +2,62 @@ +Thu Aug 01 07:20:34 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.10.0: + * fix: improve determinism in java archive identification (#3085) + * chore(deps): update stereoscope to +50ce3be7aa1fb8829234ae648215e7907196bfa5 (#3075) + * chore(deps): update CPE dictionary index (#3079) + * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.5 to +0.5.6 (#3082) + * chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 +(#3083) + * fix: traefik classifier (#3077) + * python-cataloger: fix normalization test (#3073) + * Only match ldflag version if it matches the main module or +targets main.version (#3062) + * python cataloger: allow dots in python package names (#3070) + * python-cataloger: normalize package names (#3069) + * chore(deps): bump github.com/docker/docker (#3066) + * chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 +(#3072) + * fix: SPDX output performance with many relationships (#3053) + * better go mod detection from partial package builds (#3060) + * chore(deps): update tools to latest versions (#3061) + * chore(deps): bump github.com/charmbracelet/lipgloss from 0.11.1 +to 0.12.1 (#3040) + * chore: add debug logging for errors reading RPM files (#3051) + * chore(deps): update CPE dictionary index (#3035) + * chore(deps): bump github.com/docker/docker (#3055) + * chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.4 to +0.5.5 (#3056) + * chore(deps): bump modernc.org/sqlite from 1.30.2 to 1.31.1 +(#3057) + * chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 +(#3058) + * chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 +(#3059) + * chore(deps): update stereoscope to +487b11e5ba2622d976acda10c605da63b4fbbb0a (#3032) + * chore(deps): update tools to latest versions (#3050) + * docs: CODE_OF_CONDUCT.md (#3046) + * fix: include CPEs with Maven groupId as vendor (#3045) + * chore(deps): bump github.com/google/go-containerregistry +(#3047) + * chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to +0.7.2 (#3048) + * chore(deps): bump modernc.org/sqlite from 1.30.1 to 1.30.2 +(#3039) + * docs: link to contrib/dev docs in readme (#3029) + * chore: Fix apache shield in readme (#3021) + * chore(deps): update tools to latest versions (#3031) + * chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 +(#3034) + * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 +(#3044) + * fix: stop panicking on "devel" version go stdlib (#3043) + * chore: pin fedora image for elf binary test (#3041) + * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 +(#3023) + * chore(deps): update stereoscope to +27b66b76fc6686fcf6bde656aa09e1f0e047fec1 (#3026) + +--- Old: syft-1.9.0.obscpio New: syft-1.10.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.r1lybF/_old 2024-08-03 20:04:42.215461455 +0200 +++ /var/tmp/diff_new_pack.r1lybF/_new 2024-08-03 20:04:42.215461455 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.9.0 +Version:1.10.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.r1lybF/_old 2024-08-03 20:04:42.259463262 +0200 +++ /var/tmp/diff_new_pack.r1lybF/_new 2024-08-03 20:04:42.263463427 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.9.0 +v1.10.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.r1lybF/_old 2024-08-03 20:04:42.283464249 +0200 +++ /var/tmp/diff_new_pack.r1lybF/_new 2024-08-03 20:04:42.287464412 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 4e09908ba124dca7e6f1f6e7dc4f4663fae658ca + a4b5dcd0df80f6a58c8610e25104647710c1da5d (No newline at EOF) ++ syft-1.9.0.obscpio -> syft-1.10.0.obscpio ++
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-07-16 22:03:09 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.17339 (New) Package is "syft" Tue Jul 16 22:03:09 2024 rev:78 rq:1187670 version:1.9.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-06-25 23:08:55.989489531 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.17339/syft.changes 2024-07-16 22:03:18.811816612 +0200 @@ -1,0 +2,41 @@ +Thu Jul 11 18:41:11 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.9.0: + * chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3027) + * chore(deps): bump github.com/charmbracelet/lipgloss (#3028) + * fix: stabilize cpe sorting during collection sort (#3009) + * Map the downloadLocation field for PHP Composer packages +(#3011) + * chore(deps): update stereoscope to +e46739e217969fa67cbe8834b64bb165a10a1548 (#3013) + * chore(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 +(#3015) + * chore(deps): bump golang.org/x/mod from 0.18.0 to 0.19.0 +(#3014) + * chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 +(#3017) + * chore(deps): bump github.com/google/go-containerregistry +(#3019) + * chore(deps): bump github.com/adrg/xdg from 0.4.0 to 0.5.0 +(#3020) + * chore(deps): update CPE dictionary index (#3016) + * Infer the package type from ELF package notes (#3008) + * chore(deps): update tools to latest versions (#3003) + * chore(deps): update CPE dictionary index (#3002) + * chore(deps): bump github.com/docker/docker (#3006) + * chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 +(#3004) + * chore(deps): bump github.com/saferwall/pe from 1.5.3 to 1.5.4 +(#3005) + * feat: version 3 support for swift package manager of the +resolved files (#3001) + * chore(deps): bump github.com/spdx/tools-golang from 0.5.4 to +0.5.5 (#2999) + * chore(deps): bump github.com/docker/docker (#2994) + * Add detection of Erlang in Alpine linux (#2996) + * chore(deps): update tools to latest versions (#2991) + * chore(deps): update stereoscope to +753b5576fe42bc007b22108ad7911d1729957a46 (#2992) + * chore(deps): bump github.com/charmbracelet/bubbletea (#2995) + +--- Old: syft-1.8.0.obscpio New: syft-1.9.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.WnUymN/_old 2024-07-16 22:03:20.959894952 +0200 +++ /var/tmp/diff_new_pack.WnUymN/_new 2024-07-16 22:03:20.959894952 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.8.0 +Version:1.9.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.WnUymN/_old 2024-07-16 22:03:20.995896265 +0200 +++ /var/tmp/diff_new_pack.WnUymN/_new 2024-07-16 22:03:20.999896411 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.8.0 +v1.9.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.WnUymN/_old 2024-07-16 22:03:21.019897140 +0200 +++ /var/tmp/diff_new_pack.WnUymN/_new 2024-07-16 22:03:21.023897286 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 1eae9333a9450c135ff929578597c79b01c9f5ff + 4e09908ba124dca7e6f1f6e7dc4f4663fae658ca (No newline at EOF) ++ syft-1.8.0.obscpio -> syft-1.9.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.8.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.17339/syft-1.9.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.WnUymN/_old 2024-07-16 22:03:21.063898745 +0200 +++ /var/tmp/diff_new_pack.WnUymN/_new 2024-07-16 22:03:21.067898891 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.8.0 -mtime: 1719242849 -commit: 1eae9333a9450c135ff929578597c79b01c9f5ff +version: 1.9.0 +mtime: 1720718388 +commit: 4e09908ba124dca7e6f1f6e7dc4f4663fae658ca ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.17339/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-06-25 23:07:46 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.18349 (New) Package is "syft" Tue Jun 25 23:07:46 2024 rev:77 rq:1183103 version:1.8.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-06-17 19:30:31.368511238 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.18349/syft.changes 2024-06-25 23:08:55.989489531 +0200 @@ -1,0 +2,23 @@ +Tue Jun 25 04:58:18 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.8.0: + * chore(deps): update CPE dictionary index (#2986) + * chore(deps): bump github.com/go-test/deep from 1.1.0 to 1.1.1 +(#2988) + * fix: handle errors reading go licenses (#2985) + * docs: update cyclone-dx documentation (#2983) + * feat: update syft to generate cyclone-dx 1.6 by default (#2978) + * chore(deps): bump github.com/charmbracelet/bubbletea (#2982) + * chore(deps): bump peter-evans/create-pull-request from 6.0.5 to +6.1.0 (#2975) + * fix: detection of arangodb 3.12 (#2979) + * chore: enable dependabot to keep boostrap action updated +(#2976) + * chore(deps): bump github.com/github/go-spdx/v2 from 2.2.0 to +2.3.1 (#2973) + * chore(deps): bump github.com/google/go-containerregistry +(#2971) + * chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 +(#2972) + +--- Old: syft-1.7.0.obscpio New: syft-1.8.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.xYTUAe/_old 2024-06-25 23:09:00.365649053 +0200 +++ /var/tmp/diff_new_pack.xYTUAe/_new 2024-06-25 23:09:00.369649199 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.7.0 +Version:1.8.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.xYTUAe/_old 2024-06-25 23:09:00.397650220 +0200 +++ /var/tmp/diff_new_pack.xYTUAe/_new 2024-06-25 23:09:00.401650365 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.7.0 +v1.8.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.xYTUAe/_old 2024-06-25 23:09:00.417650949 +0200 +++ /var/tmp/diff_new_pack.xYTUAe/_new 2024-06-25 23:09:00.421651094 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 22d57314826fce1bff469d8173884489f8212925 + 1eae9333a9450c135ff929578597c79b01c9f5ff (No newline at EOF) ++ syft-1.7.0.obscpio -> syft-1.8.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.7.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.18349/syft-1.8.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.xYTUAe/_old 2024-06-25 23:09:00.457652407 +0200 +++ /var/tmp/diff_new_pack.xYTUAe/_new 2024-06-25 23:09:00.461652552 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.7.0 -mtime: 1718393537 -commit: 22d57314826fce1bff469d8173884489f8212925 +version: 1.8.0 +mtime: 1719242849 +commit: 1eae9333a9450c135ff929578597c79b01c9f5ff ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.18349/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-06-17 19:30:08 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.19518 (New) Package is "syft" Mon Jun 17 19:30:08 2024 rev:76 rq:1181213 version:1.7.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-06-12 15:39:35.224912614 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.19518/syft.changes 2024-06-17 19:30:31.368511238 +0200 @@ -1,0 +2,20 @@ +Sat Jun 15 16:14:00 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.7.0: + * Added Features +- index known CPEs for wordpress plugins and themes [#2963 + @westonsteimel] +- Consider Author field for wordpress plugins when generating + CPEs [#2946 @wagoodman] + * Bug Fixes +- improve version extraction from ldflags for pingcap TiDB + [#2962 @westonsteimel] +- Trim whitespace from wordpress values [#2945 @wagoodman] +- Issue scanning Poetry Project with Syft 1.6 and + cataloger=python-package-cataloger [#2954 #2965 @spiffcs] +- Poetry's multiple constraints seems to break the parser + [#2947 #2965 @spiffcs] +- Golang: Search remote licenses not working in a CI pipeline + when scanning Docker image [#2798 #2852 @kzantow] + +--- Old: syft-1.6.0.obscpio New: syft-1.7.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.CBtfGV/_old 2024-06-17 19:30:33.344583559 +0200 +++ /var/tmp/diff_new_pack.CBtfGV/_new 2024-06-17 19:30:33.348583706 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.6.0 +Version:1.7.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.CBtfGV/_old 2024-06-17 19:30:33.392585316 +0200 +++ /var/tmp/diff_new_pack.CBtfGV/_new 2024-06-17 19:30:33.396585462 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.6.0 +v1.7.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.CBtfGV/_old 2024-06-17 19:30:33.424586487 +0200 +++ /var/tmp/diff_new_pack.CBtfGV/_new 2024-06-17 19:30:33.428586633 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - c43f4fb416c34c1c4b3997373689d8d4c0fb9b36 + 22d57314826fce1bff469d8173884489f8212925 (No newline at EOF) ++ syft-1.6.0.obscpio -> syft-1.7.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.6.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.19518/syft-1.7.0.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.CBtfGV/_old 2024-06-17 19:30:33.480588536 +0200 +++ /var/tmp/diff_new_pack.CBtfGV/_new 2024-06-17 19:30:33.484588683 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.6.0 -mtime: 1718033393 -commit: c43f4fb416c34c1c4b3997373689d8d4c0fb9b36 +version: 1.7.0 +mtime: 1718393537 +commit: 22d57314826fce1bff469d8173884489f8212925 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.19518/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-06-12 15:38:11 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.19518 (New) Package is "syft" Wed Jun 12 15:38:11 2024 rev:75 rq:1180067 version:1.6.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-06-03 17:44:02.492306753 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.19518/syft.changes 2024-06-12 15:39:35.224912614 +0200 @@ -1,0 +2,28 @@ +Mon Jun 10 19:52:37 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.6.0: + * Added Features +- Add relationships for go binary packages [#2912 @wagoodman] +- Add classifier for util-linux [#2933 @LaurentGoderre] +- Lua: Add support for more advanced syntax [#2908 + @LaurentGoderre] +- add license field to ELF binary package metadata [#2890 + @brian-ebarb] +- install.sh: check checksums file's signature [#2884 #2941 + @wagoodman] +- Detect ELF package notes from fedora binaries [#2713 #2939 + @wagoodman] + * Bug Fixes +- Use redhat as namespace for redhat rpms [#2914 @ralphbean] +- Close sqlite driver after testing sqlite availability [#2922 + @ttc0419] +- syft does not find anything in archives if /tmp is a tmpfs + [#2894 #2918 @willmurphyscode] +- Scanning a git repository folder present in /tmp produce an + empty sbom [#2847 #2918 @willmurphyscode] + * Additional Changes +- update unit tests to use pinned patch version [#2932 + @spiffcs] +- fix comments and spelling [#2920 @dufucun] + +--- Old: syft-1.5.0.obscpio syft-1.5.0.tar.gz New: syft-1.6.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.48HNz2/_old 2024-06-12 15:39:37.649001330 +0200 +++ /var/tmp/diff_new_pack.48HNz2/_new 2024-06-12 15:39:37.653001476 +0200 @@ -19,14 +19,14 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.5.0 +Version:1.6.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 URL:https://github.com/anchore/syft Source: syft-%{version}.tar.gz Source1:vendor.tar.gz -BuildRequires: go >= 1.21 +BuildRequires: go >= 1.22 %description A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. ++ _service ++ --- /var/tmp/diff_new_pack.48HNz2/_old 2024-06-12 15:39:37.685002647 +0200 +++ /var/tmp/diff_new_pack.48HNz2/_new 2024-06-12 15:39:37.689002794 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.5.0 +v1.6.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.48HNz2/_old 2024-06-12 15:39:37.709003526 +0200 +++ /var/tmp/diff_new_pack.48HNz2/_new 2024-06-12 15:39:37.713003672 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - ac34808b9c55bb274b1205f9b5d9cf495239577d + c43f4fb416c34c1c4b3997373689d8d4c0fb9b36 (No newline at EOF) ++ syft-1.5.0.obscpio -> syft-1.6.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.5.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.19518/syft-1.6.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.48HNz2/_old 2024-06-12 15:39:37.753005136 +0200 +++ /var/tmp/diff_new_pack.48HNz2/_new 2024-06-12 15:39:37.753005136 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.5.0 -mtime: 1716905586 -commit: ac34808b9c55bb274b1205f9b5d9cf495239577d +version: 1.6.0 +mtime: 1718033393 +commit: c43f4fb416c34c1c4b3997373689d8d4c0fb9b36 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.19518/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-06-03 17:43:52 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.24587 (New) Package is "syft" Mon Jun 3 17:43:52 2024 rev:74 rq:1178160 version:1.5.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-05-15 21:28:53.874589532 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.24587/syft.changes 2024-06-03 17:44:02.492306753 +0200 @@ -1,0 +2,20 @@ +Fri May 31 14:28:58 UTC 2024 - andrea.manz...@suse.com + +- Update to version 1.5.0: + * feat: detect fluent-bit binaries (#2905) + * bump dependencies + * Add python wheel egg relationships (#2903) + * feat: Add Lua cataloger (#2613) + * feat: add config command (#2892) + * feat: Added functionality to convert major, minor, patch to version for binary classifier (#2864) + * Go Mod Cataloger: Remove Replaced Packages (#2891) + * chore: Reduce length of readme, moving lengthy content to the wiki (#2882) + * fix: DecoderCollection discarding input from non-seekable Readers (#2878) + * Fix outdated spdx links (#2865) + * Use values in relationship To/From fields (#2871) + * add support for RPM DB package relationships (#2872) + * fix: capture dependencies when parsing SPDX SBOMs (#2869) + * Add abstraction for adding relationships from package cataloger results (#2853) + * chore: fix small tooling error for go.mod (#2868) + +--- Old: syft-1.4.1.obscpio New: syft-1.5.0.obscpio syft-1.5.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.GGuEOT/_old 2024-06-03 17:44:04.612384595 +0200 +++ /var/tmp/diff_new_pack.GGuEOT/_new 2024-06-03 17:44:04.612384595 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.4.1 +Version:1.5.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.GGuEOT/_old 2024-06-03 17:44:04.648385917 +0200 +++ /var/tmp/diff_new_pack.GGuEOT/_new 2024-06-03 17:44:04.652386064 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.4.1 +v1.5.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.GGuEOT/_old 2024-06-03 17:44:04.672386798 +0200 +++ /var/tmp/diff_new_pack.GGuEOT/_new 2024-06-03 17:44:04.676386945 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - c200896a9644f9b6bd4bc3785c848276c33bb53c + ac34808b9c55bb274b1205f9b5d9cf495239577d (No newline at EOF) ++ syft-1.4.1.obscpio -> syft-1.5.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.4.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.24587/syft-1.5.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.GGuEOT/_old 2024-06-03 17:44:04.724388707 +0200 +++ /var/tmp/diff_new_pack.GGuEOT/_new 2024-06-03 17:44:04.728388854 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.4.1 -mtime: 1715283322 -commit: c200896a9644f9b6bd4bc3785c848276c33bb53c +version: 1.5.0 +mtime: 1716905586 +commit: ac34808b9c55bb274b1205f9b5d9cf495239577d ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.24587/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-05-15 21:28:26 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1880 (New) Package is "syft" Wed May 15 21:28:26 2024 rev:73 rq:1174120 version:1.4.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-05-11 18:24:44.461955289 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1880/syft.changes 2024-05-15 21:28:53.874589532 +0200 @@ -1,0 +2,6 @@ +Sun May 12 07:42:00 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- add completion subpackages +- fix version output + +--- Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.LUJfVe/_old 2024-05-15 21:28:54.606616027 +0200 +++ /var/tmp/diff_new_pack.LUJfVe/_new 2024-05-15 21:28:54.610616172 +0200 @@ -31,24 +31,88 @@ %description A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. +%package -n %{name}-bash-completion +Summary:Bash Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Requires: bash-completion +Supplements:(%{name} and bash-completion) +BuildArch: noarch + +%description -n %{name}-bash-completion +Bash command line completion support for %{name}. + +%package -n %{name}-fish-completion +Summary:Fish Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements:(%{name} and fish) +BuildArch: noarch + +%description -n %{name}-fish-completion +Fish command line completion support for %{name}. + +%package -n %{name}-zsh-completion +Summary:Zsh Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements:(%{name} and zsh) +BuildArch: noarch + +%description -n %{name}-zsh-completion +zsh command line completion support for %{name}. + %prep %autosetup -p 1 -a 1 %build +COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)" + DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}") + go build \ -mod=vendor \ -buildmode=pie \ - -ldflags="-X github.com/anchore/syft/internal/version.version=%{version} -X github.com/anchore/syft/internal/version.buildDate=$BUILD_DATE" \ + -ldflags=" \ + -X main.version=%{version} \ + -X main.gitCommit=${COMMIT_HASH} \ + -X main.gitDescription=v%{version} \ + -X main.buildDate=$BUILD_DATE" \ -o bin/syft ./cmd/syft %install # Install the binary. install -D -m 0755 bin/%{name} "%{buildroot}/%{_bindir}/%{name}" +# create the bash completion file +mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/ +%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name} + +# create the fish completion file +mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/ +%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +# create the zsh completion file +mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/ +%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name} + %files %doc README.md %license LICENSE %{_bindir}/%{name} +%files -n %{name}-bash-completion +%dir %{_datarootdir}/bash-completion/completions/ +%{_datarootdir}/bash-completion/completions/%{name} + +%files -n %{name}-fish-completion +%dir %{_datarootdir}/fish +%dir %{_datarootdir}/fish/vendor_completions.d +%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +%files -n %{name}-zsh-completion +%defattr(-,root,root) +%dir %{_datarootdir}/zsh_completion.d/ +%{_datarootdir}/zsh_completion.d/_%{name} +
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-05-11 18:20:48 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1880 (New) Package is "syft" Sat May 11 18:20:48 2024 rev:72 rq:1173100 version:1.4.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-05-10 12:06:37.992748728 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1880/syft.changes 2024-05-11 18:24:44.461955289 +0200 @@ -1,0 +2,7 @@ +Fri May 10 04:54:24 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.4.1: + * fix pruning binary packages when considering ELF packages +(#2862) + +--- Old: syft-1.4.0.obscpio New: syft-1.4.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.Ssfn2s/_old 2024-05-11 18:24:45.657998842 +0200 +++ /var/tmp/diff_new_pack.Ssfn2s/_new 2024-05-11 18:24:45.657998842 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.4.0 +Version:1.4.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.Ssfn2s/_old 2024-05-11 18:24:45.694000153 +0200 +++ /var/tmp/diff_new_pack.Ssfn2s/_new 2024-05-11 18:24:45.698000299 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.4.0 +v1.4.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.Ssfn2s/_old 2024-05-11 18:24:45.722001173 +0200 +++ /var/tmp/diff_new_pack.Ssfn2s/_new 2024-05-11 18:24:45.726001319 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 4194a2cd34d2f15dd9a96774ba2fbc5463db4c58 + c200896a9644f9b6bd4bc3785c848276c33bb53c (No newline at EOF) ++ syft-1.4.0.obscpio -> syft-1.4.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.4.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1880/syft-1.4.1.obscpio differ: char 51, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.Ssfn2s/_old 2024-05-11 18:24:45.770002921 +0200 +++ /var/tmp/diff_new_pack.Ssfn2s/_new 2024-05-11 18:24:45.774003067 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.4.0 -mtime: 1715277239 -commit: 4194a2cd34d2f15dd9a96774ba2fbc5463db4c58 +version: 1.4.1 +mtime: 1715283322 +commit: c200896a9644f9b6bd4bc3785c848276c33bb53c ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1880/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-04-07 22:10:43 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1905 (New) Package is "syft" Sun Apr 7 22:10:43 2024 rev:68 rq:1165688 version:1.1.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-03-26 19:32:02.687483130 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1905/syft.changes 2024-04-07 22:13:06.230198612 +0200 @@ -1,0 +2,29 @@ +Thu Apr 04 16:55:06 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.1.1: + * chore(deps): update tools to latest versions (#2744) + * chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 +(#2747) + * chore: update anchore/packageurl-go to use latest commits +(#2746) + * feat: cataloger for PHP Pecl and PEAR packages (#2604) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to +5.12.0 (#2743) + * chore(deps): update tools to latest versions (#2741) + * fix: conan poco project cpe (#2740) + * chore(deps): bump github.com/distribution/reference from 0.5.0 +to 0.6.0 (#2738) + * chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 +(#2737) + * fix: panic scanning binaries without symtab (#2739) + * chore: remove useless code (#2716) + * chore(deps): bump google.golang.org/protobuf from 1.31.0 to +1.33.0 (#2731) + * chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 +(#2732) + * chore(deps): update tools to latest versions (#2733) + * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.5 to +6.5.6 (#2734) + * update release token from readonly to write token (#2735) + +--- Old: syft-1.1.0.obscpio New: syft-1.1.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.6valC4/_old 2024-04-07 22:13:07.350239630 +0200 +++ /var/tmp/diff_new_pack.6valC4/_new 2024-04-07 22:13:07.350239630 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.1.0 +Version:1.1.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.6valC4/_old 2024-04-07 22:13:07.382240802 +0200 +++ /var/tmp/diff_new_pack.6valC4/_new 2024-04-07 22:13:07.386240948 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.1.0 +v1.1.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.6valC4/_old 2024-04-07 22:13:07.402241534 +0200 +++ /var/tmp/diff_new_pack.6valC4/_new 2024-04-07 22:13:07.406241680 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - f4e18961b979f5e6d0cc3b1e4fce608c8ceb29d8 + 1e31356c49bf2c30fd80c833482e1fbe4133ff83 (No newline at EOF) ++ syft-1.1.0.obscpio -> syft-1.1.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.1.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1905/syft-1.1.1.obscpio differ: char 48, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.6valC4/_old 2024-04-07 22:13:07.442242999 +0200 +++ /var/tmp/diff_new_pack.6valC4/_new 2024-04-07 22:13:07.446243145 +0200 @@ -1,5 +1,5 @@ name: syft -version: 1.1.0 -mtime: 1711041604 -commit: f4e18961b979f5e6d0cc3b1e4fce608c8ceb29d8 +version: 1.1.1 +mtime: 1712241259 +commit: 1e31356c49bf2c30fd80c833482e1fbe4133ff83 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1905/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-03-26 19:27:24 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1905 (New) Package is "syft" Tue Mar 26 19:27:24 2024 rev:67 rq:1161640 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-03-10 20:24:16.417238094 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1905/syft.changes 2024-03-26 19:32:02.687483130 +0100 @@ -1,0 +2,38 @@ +Tue Mar 26 07:19:30 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 1.1.0: + * Adding the ability to retrieve remote licenses from +package.lock (#2708) + * dont include labels for dependabot ecosystems (#2720) + * chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 +to 1.2.0 (#2717) + * chore(deps): update tools to latest versions (#2726) + * chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8 +(#2725) + * chore(deps): bump actions/cache from 4.0.1 to 4.0.2 (#2728) + * chore(deps): bump github.com/docker/docker (#2730) + * updating credentials to scoped permissions (#2722) + * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to +6.5.5 (#2718) + * chore(deps): bump github.com/google/go-containerregistry +(#2719) + * Add detection for Oracle GraalVM (#2705) + * chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 +(#2714) + * Add ELF binary package cataloger (#2396) + * chore(deps): bump modernc.org/sqlite from 1.29.3 to 1.29.5 +(#2710) + * chore(deps): bump github/codeql-action from 3.24.6 to 3.24.7 +(#2711) + * chore(deps): bump peter-evans/create-pull-request from 6.0.1 to +6.0.2 (#2712) + * Show binary exports, entrypoint, and imports (#2626) + * chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2703) + * chore(deps): bump github.com/knqyf263/go-rpmdb (#2701) + * chore: reduce duplicate case SwiftPkg (#2696) + * chore: remove deprecated os.SEEK_SET os.SEEK_CUR (#2693) + * chore(deps): bump github.com/docker/docker (#2698) + * chore(deps): bump modernc.org/sqlite from 1.29.2 to 1.29.3 +(#2699) + +--- @@ -7 +45,2 @@ - * fix: Unable to scan OCI images with syft v0.105.1 [#2678 #2683 @spiffcs] + * fix: Unable to scan OCI images with syft v0.105.1 [#2678 #2683 +@spiffcs] @@ -19 +58,2 @@ - * Consider filesystem types for mount points when ignoring system paths (#2675) + * Consider filesystem types for mount points when ignoring system +paths (#2675) @@ -21 +61,2 @@ - * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#2676) + * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to +6.0.1 (#2676) Old: syft-1.0.1.obscpio New: syft-1.1.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.BssfHH/_old 2024-03-26 19:32:04.479548623 +0100 +++ /var/tmp/diff_new_pack.BssfHH/_new 2024-03-26 19:32:04.479548623 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:1.0.1 +Version:1.1.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.BssfHH/_old 2024-03-26 19:32:04.507549646 +0100 +++ /var/tmp/diff_new_pack.BssfHH/_new 2024-03-26 19:32:04.511549792 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v1.0.1 +v1.1.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.BssfHH/_old 2024-03-26 19:32:04.527550377 +0100 +++ /var/tmp/diff_new_pack.BssfHH/_new 2024-03-26 19:32:04.531550523 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 1b121ac3f4d589060ddf1fac0bcd6871ea4731e3 + f4e18961b979f5e6d0cc3b1e4fce608c8ceb29d8 (No newline at EOF) ++ syft-1.0.1.obscpio -> syft-1.1.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-1.0.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.1905/syft-1.1.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.BssfHH/_old 2024-03-26 19:32:04.567551838 +0100 +++ /var/tmp/diff_new_pack.BssfHH/_new 2024-03-26 19:32:04.571551985 +0100 @@ -1,5 +1,5 @@ name: syft -version: 1.0.1 -mtime: 1709753156 -commit: 1b121ac3f4d589060ddf1fac0bcd6871ea4731e3 +version: 1.1.0 +mtime: 1711041604 +commit: f4e18961b979f5e6d0cc3b1e4fce608c8ceb29d8 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-03-03 20:19:48 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1770 (New) Package is "syft" Sun Mar 3 20:19:48 2024 rev:65 rq:1154437 version:1.0.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-02-28 19:47:26.330506193 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1770/syft.changes 2024-03-03 20:20:11.407716320 +0100 @@ -1,0 +2,15 @@ +Fri Mar 01 13:59:28 UTC 2024 - andrea.manz...@suse.com + +- Update to version 1.0.0: + * fix: match OpenSSL letter releases (#2682) + * Mark duplicated rows in table output (#2679) + * fix: trim path from deps.json in portable way (#2674) + * chore(deps): update tools to latest versions (#2680) + * enforce breaking change bump major version (#2635) + * docs: fix incorrect flag name in readme (#2677) + * Consider filesystem types for mount points when ignoring system paths (#2675) + * fix: stop emitting bus events on go mod events (#2673) + * chore(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 (#2676) + * feat: add `--from` flag, refactor source providers (#2610) + +--- Old: syft-0.105.1.obscpio New: syft-1.0.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.6HXdtR/_old 2024-03-03 20:20:13.483791427 +0100 +++ /var/tmp/diff_new_pack.6HXdtR/_new 2024-03-03 20:20:13.483791427 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.105.1 +Version:1.0.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.6HXdtR/_old 2024-03-03 20:20:13.515792585 +0100 +++ /var/tmp/diff_new_pack.6HXdtR/_new 2024-03-03 20:20:13.519792729 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.105.1 +v1.0.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.6HXdtR/_old 2024-03-03 20:20:13.539793453 +0100 +++ /var/tmp/diff_new_pack.6HXdtR/_new 2024-03-03 20:20:13.543793597 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 928511ea0f1449e057e8057e38743d258b22476b + 356f7c92b464b69be3a2a898cd98a63037eeadcc (No newline at EOF) ++ syft-0.105.1.obscpio -> syft-1.0.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.105.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.1770/syft-1.0.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.6HXdtR/_old 2024-03-03 20:20:13.579794900 +0100 +++ /var/tmp/diff_new_pack.6HXdtR/_new 2024-03-03 20:20:13.579794900 +0100 @@ -1,5 +1,5 @@ name: syft -version: 0.105.1 -mtime: 1708963026 -commit: 928511ea0f1449e057e8057e38743d258b22476b +version: 1.0.0 +mtime: 1709217563 +commit: 356f7c92b464b69be3a2a898cd98a63037eeadcc ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1770/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-02-28 19:47:08 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1770 (New) Package is "syft" Wed Feb 28 19:47:08 2024 rev:64 rq:1152847 version:0.105.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-02-15 21:02:23.644197285 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1770/syft.changes 2024-02-28 19:47:26.330506193 +0100 @@ -1,0 +2,12 @@ +Tue Feb 27 12:40:20 UTC 2024 - andrea.manz...@suse.com + +- Update to version 0.105.1: + * bump deps and build tools + * fix: SPDX tag value version selector (#2665) + * fix(install): return appropriate error codes (#2664) + * chore: update busybox image for acceptance tests (#2663) + * rename binary classifier cataloger name (#2643) + * add cataloger selection example (#2646) + * add syft version used to SBOM tool info by default (#2647) + +--- Old: syft-0.105.0.obscpio New: syft-0.105.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.hNSkRq/_old 2024-02-28 19:47:28.070569495 +0100 +++ /var/tmp/diff_new_pack.hNSkRq/_new 2024-02-28 19:47:28.070569495 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.105.0 +Version:0.105.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.hNSkRq/_old 2024-02-28 19:47:28.094570368 +0100 +++ /var/tmp/diff_new_pack.hNSkRq/_new 2024-02-28 19:47:28.098570514 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.105.0 +v0.105.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.hNSkRq/_old 2024-02-28 19:47:28.114571096 +0100 +++ /var/tmp/diff_new_pack.hNSkRq/_new 2024-02-28 19:47:28.118571241 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 65cadda48653d2452a7e41a47a60d2934e8fcb07 + 928511ea0f1449e057e8057e38743d258b22476b (No newline at EOF) ++ syft-0.105.0.obscpio -> syft-0.105.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.105.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1770/syft-0.105.1.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.hNSkRq/_old 2024-02-28 19:47:28.150572406 +0100 +++ /var/tmp/diff_new_pack.hNSkRq/_new 2024-02-28 19:47:28.154572551 +0100 @@ -1,5 +1,5 @@ name: syft -version: 0.105.0 -mtime: 1707944782 -commit: 65cadda48653d2452a7e41a47a60d2934e8fcb07 +version: 0.105.1 +mtime: 1708963026 +commit: 928511ea0f1449e057e8057e38743d258b22476b ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1770/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-02-15 21:01:11 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1815 (New) Package is "syft" Thu Feb 15 21:01:11 2024 rev:63 rq:1146739 version:0.105.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-02-08 19:02:51.880615166 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1815/syft.changes 2024-02-15 21:02:23.644197285 +0100 @@ -1,0 +2,36 @@ +Thu Feb 15 06:10:35 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 0.105.0: + * Survive indexing dead symlinks (#2645) + * fix considering base path when ignoring known bad unix paths +(#2644) + * test for field conventions in json schema (#2642) + * feat: Add Wordpress cataloger (#2218) + * rename binary cataloger to be more unique (#2633) + * fix: update runner size to use larger HD for codeql (#2641) + * chore(deps): update tools to latest versions (#2616) + * chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 +(#2638) + * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2639) + * chore(deps): bump modernc.org/sqlite from 1.29.0 to 1.29.1 +(#2640) + * fix: add BOMRef to CycloneDX OS Component (#2634) + * chore(deps): bump github.com/saferwall/pe from 1.5.0 to 1.5.2 +(#2629) + * chore(deps): bump modernc.org/sqlite from 1.28.0 to 1.29.0 +(#2630) + * fix getting union reader for sif images (#2631) + * chore(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 +(#2607) + * chore(deps): bump github.com/saferwall/pe from 1.4.8 to 1.5.0 +(#2625) + * fix: ensure version output to stdout (#2621) + * Guess go main module version based on binary contents (#2608) + * chore(deps): update stereoscope to +681f6715b0e35686d6e6f40bce109176de1ee274 (#2617) + * fix readme around templating options (#2612) + * suppress executable parsing issues (#2614) + * chore: update license list, cpe dictionary (#2620) + * chore(deps): update tools to latest versions (#2606) + +--- Old: syft-0.104.0.obscpio New: syft-0.105.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.tDyWDC/_old 2024-02-15 21:02:25.324256334 +0100 +++ /var/tmp/diff_new_pack.tDyWDC/_new 2024-02-15 21:02:25.324256334 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.104.0 +Version:0.105.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.tDyWDC/_old 2024-02-15 21:02:25.352257318 +0100 +++ /var/tmp/diff_new_pack.tDyWDC/_new 2024-02-15 21:02:25.356257458 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.104.0 +v0.105.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.tDyWDC/_old 2024-02-15 21:02:25.372258021 +0100 +++ /var/tmp/diff_new_pack.tDyWDC/_new 2024-02-15 21:02:25.376258161 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - bd0cb916df4376a06e56ef7f3cc0da6659d7c2c6 + 65cadda48653d2452a7e41a47a60d2934e8fcb07 (No newline at EOF) ++ syft-0.104.0.obscpio -> syft-0.105.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.104.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1815/syft-0.105.0.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.tDyWDC/_old 2024-02-15 21:02:25.416259568 +0100 +++ /var/tmp/diff_new_pack.tDyWDC/_new 2024-02-15 21:02:25.416259568 +0100 @@ -1,5 +1,5 @@ name: syft -version: 0.104.0 -mtime: 1707338460 -commit: bd0cb916df4376a06e56ef7f3cc0da6659d7c2c6 +version: 0.105.0 +mtime: 1707944782 +commit: 65cadda48653d2452a7e41a47a60d2934e8fcb07 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1815/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-01-22 20:33:38 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.16006 (New) Package is "syft" Mon Jan 22 20:33:38 2024 rev:59 rq:1140249 version:0.101.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2024-01-07 21:40:28.540397487 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.16006/syft.changes 2024-01-22 20:33:53.844501530 +0100 @@ -1,0 +2,62 @@ +Sat Jan 20 17:00:30 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 0.101.1: + * Deduplicate digests from user configuration (#2522) + * update readme and help output to be accurate to syft api +(#2520) + * fix: remove second call to finalize as the task handles it +(#2516) + * chore(deps): update stereoscope to +eb656fc717935ad5abeb8e1379a5c4e11c957120 (#2510) + * chore(deps): bump github.com/docker/docker (#2512) + * chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 +(#2513) + * chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 +(#2514) + * chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 +(#2506) + * chore(deps): bump github.com/google/go-containerregistry +(#2507) + * chore: enable automatic approval of dependabot PRs (#2505) + +--- +Thu Jan 18 08:10:11 UTC 2024 - opensuse_buildserv...@ojkastl.de + +- Update to version 0.101.0: + * include binary cataloger configuration defaults (#2504) + * feat: classifier for wordpress cli binary (#2473) + * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to +6.5.3 (#2502) + * chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#2503) + * chore(deps): update tools to latest versions (#2500) + * chore(deps): bump github.com/cloudflare/circl from 1.3.3 to +1.3.7 (#2501) + * Add cataloger list command (#2366) + * condense binary cataloger config in JSON output (#2499) + * chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 +(#2495) + * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.2 to +6.5.3 (#2494) + * chore(deps): update CPE dictionary index (#2491) + * Replace core SBOM-creation API with builder pattern (#1383) + * chore(deps): update tools to latest versions (#2488) + * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#2489) + * chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 +(#2481) + * chore(deps): bump github.com/charmbracelet/bubbles from 0.16.1 +to 0.17.1 (#2475) + * feat: binary classifiers for Percona Software For MySQL (#2478) + * feat: binary classifier for pypy (#2474) + * chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to +6.5.2 (#2476) + * fix: support traefik binary from the official Docker image +(#2484) + * feat: binary classifier for GCC (#2479) + * chore(deps): update tools to latest versions (#2480) + * chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 +(#2482) + * chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0 +(#2477) + * Upgrade binary test fixtures management (#2444) + +--- Old: syft-0.100.0.obscpio New: syft-0.101.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.LLxS2U/_old 2024-01-22 20:33:55.396558213 +0100 +++ /var/tmp/diff_new_pack.LLxS2U/_new 2024-01-22 20:33:55.396558213 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.100.0 +Version:0.101.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.LLxS2U/_old 2024-01-22 20:33:55.432559528 +0100 +++ /var/tmp/diff_new_pack.LLxS2U/_new 2024-01-22 20:33:55.436559674 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.100.0 +v0.101.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.LLxS2U/_old 2024-01-22 20:33:55.456560405 +0100 +++ /var/tmp/diff_new_pack.LLxS2U/_new 2024-01-22 20:33:55.460560551 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - a16a4ad6c9931ec502667c215b0e8c8e51ff + 3eab5932e5271eea5506ab9710239b1415c827f8 (No newline at EOF) ++ syft-0.100.0.obscpio -> syft-0.101.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.100.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.16006/syft-0.101.1.obscpio
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2024-01-07 21:40:16 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.28375 (New) Package is "syft" Sun Jan 7 21:40:16 2024 rev:58 rq:1137361 version:0.100.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-12-22 22:42:02.565560669 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.28375/syft.changes 2024-01-07 21:40:28.540397487 +0100 @@ -1,0 +2,22 @@ +Sat Jan 06 15:26:12 UTC 2024 - andrea.manz...@suse.com + +- Update to version 0.100.0: + * Add ability to extend the binaries cataloguers (#2469) + * chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 +(#2464) + * fix: add missing purl for busybox (#2457) + * Fix diff error obfuscating binary test failures message (#2468) + * Replace `packages` command with `scan` (#2446) + * fix: PURLs with "nuget" type are dotnet packages (#2466) + * chore(deps): update tools to latest versions (#2459) + * chore(deps): update CPE dictionary index (#2458) + * chore: update binary to -x (#2456) + * Add more functionality to the ErLang parser (#2390) + * Added OpenSSL binary matcher (#2416) + * chore(deps): update stereoscope to +590920dabc5479216e755983d41367b6be3544f3 (#2452) + * chore(deps): update tools to latest versions (#2451) + * chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 +(#2455) + +--- @@ -7 +29,2 @@ - * fix: don't panic when hackage missing in haskell stack yaml lock (#2448) + * fix: don't panic when hackage missing in haskell stack yaml +lock (#2448) @@ -11 +34,2 @@ - * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2433) + * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 +(#2433) @@ -13,2 +37,4 @@ - * chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440) - * fix syft-json test to use pretty json for snapshot testing (#2441) + * chore(deps): update stereoscope to +4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440) + * fix syft-json test to use pretty json for snapshot testing +(#2441) @@ -16 +42,2 @@ - * refactor javascript cataloger to use configuration options when creating packages (#2438) + * refactor javascript cataloger to use configuration options when +creating packages (#2438) @@ -19,5 +46,10 @@ - * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413) - * Look for a maven version in a pom from a parent dependency management section (#2423) - * Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431) - * chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (#2430) - * chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 +to 0.8.0 (#2413) + * Look for a maven version in a pom from a parent dependency +management section (#2423) + * Parse Python licenses from LicenseExpression entry in the Wheel + Metadata (#2431) + * chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 +(#2430) + * chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 +(#2429) @@ -25,2 +57,4 @@ - * Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331) - * fix: use filepath instead of path for file source exclusions (#2411) + * Parse Python licenses from LicenseFile entry in the Wheel +Metadata (#2331) + * fix: use filepath instead of path for file source exclusions +(#2411) @@ -28,2 +62,4 @@ - * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425) - * chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (#2426) + * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 +(#2425) + * chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 +(#2426) @@ -31,4 +67,8 @@ - * feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409) - * chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (#2400) - * chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415) - * chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414) + * feat: add the option to retrieve remote licenses for projects +defined in a maven pom (#2409) + * chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 +(#2400) + * chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 +(#2415) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to +5.11.0 (#2414) @@ -38,4 +78,8 @@ - * fix(java): improve identification for org.codehaus.groovy artifacts (#2404) - * fix(java): improve
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-12-22 22:41:45 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.28375 (New) Package is "syft" Fri Dec 22 22:41:45 2023 rev:57 rq:1134594 version:0.99.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-11-30 22:02:10.414943700 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.28375/syft.changes 2023-12-22 22:42:02.565560669 +0100 @@ -1,0 +2,62 @@ +Thu Dec 21 16:26:53 UTC 2023 - opensuse_buildserv...@ojkastl.de + +- Update to version 0.99.0: + * chore: remove execute from test fixtures (#2450) + * chore(deps): update tools to latest versions (#2447) + * fix: don't panic when hackage missing in haskell stack yaml lock (#2448) + * Add binary classifier for the ERLang interpretter (#2417) + * Add binary classifier for Julia lang (#2427) + * Add binary detection for PHP composer (#2432) + * chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2433) + * chore(deps): update CPE dictionary index (#2442) + * chore(deps): update stereoscope to 4b999b76ca8901d15bb97aef445dc94c38d11d5c (#2440) + * fix syft-json test to use pretty json for snapshot testing (#2441) + * refactor pkg.Collection (#2439) + * refactor javascript cataloger to use configuration options when creating packages (#2438) + * use single source of truth for archive options (#2437) + * fix file digest cataloger when passed coordinates (#2436) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#2413) + * Look for a maven version in a pom from a parent dependency management section (#2423) + * Parse Python licenses from LicenseExpression entry in the Wheel Metadata (#2431) + * chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (#2430) + * chore(deps): bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2429) + * chore(deps): update tools to latest versions (#2428) + * Parse Python licenses from LicenseFile entry in the Wheel Metadata (#2331) + * fix: use filepath instead of path for file source exclusions (#2411) + * chore(deps): bump github.com/charmbracelet/bubbletea (#2424) + * chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2425) + * chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (#2426) + * chore(deps): bump dawidd6/action-homebrew-bump-formula (#2420) + * feat: add the option to retrieve remote licenses for projects defined in a maven pom (#2409) + * chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (#2400) + * chore(deps): bump github.com/saferwall/pe from 1.4.7 to 1.4.8 (#2415) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#2414) + * chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#2401) + * chore(deps): update tools to latest versions (#2408) + * chore(deps): update CPE dictionary index (#2412) + * fix(java): improve identification for org.codehaus.groovy artifacts (#2404) + * fix(java): improve identification for commons-jelly artifacts (#2399) + * fix(java): improve identification for io.minio artifacts (#2398) + * fix(java): improve identification for com.graphql-java artifacts (#2397) + * chore(deps): update tools to latest versions (#2395) + * chore: enhance java purl generation integration test (#2393) + * feat: add ability to retrieve remote licenses for yarn.lock (#2338) + * chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#2392) + * Retrieve remote licenses using pom.properties when there is no pom.xml (#2315) + * fix(java): improve identification for org.apache.tapestry artifacts (#2384) + * fix(java): improve identification for io.ratpack artifacts (#2379) + * fix(java): improve identification for org.apache.cassandra artifacts (#2386) + * fix(java): improve identification for org.neo4j.procedure artifacts (#2388) + * fix: bump fangs for ptr summarize fix (#2387) + * fix(java): improve identification for org.elasticsearch artifacts (#2383) + * fix(java): improve identification for org.apache.geode artifacts (#2382) + * fix(java): improve identification for org.apache.tomcat.embed artifacts (#2381) + * fix(java): improve identification for io.projectreactor.netty artifacts (#2378) + * fix(java): improve identification for org.eclipse.platform artifacts (#2349) + * Generalize UI events for cataloging tasks (#2369) + * chore(deps): update tools to latest versions (#2376) + * chore(deps): bump github.com/google/go-containerregistry (#2377) + * chore: fix tests failing due to Mac Rosetta cache (#2374) + * fix: improve dotnet portable executable identification (#2133) + +--- Old: syft-0.98.0.obscpio New:
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-11-30 22:01:36 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.25432 (New) Package is "syft" Thu Nov 30 22:01:36 2023 rev:56 rq:1129932 version:0.98.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-11-20 21:21:06.902270684 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.25432/syft.changes 2023-11-30 22:02:10.414943700 +0100 @@ -1,0 +2,24 @@ +Thu Nov 30 08:14:13 UTC 2023 - andrea.manz...@suse.com + +- Update to version 0.98.0: + * fix file metadata cataloger to use resolved locations (#2370) + * fix: logging level for parsing potential PE files (#2367) + * only remove breaking-change label when there are schema changes (#2371) + * fix: capture root command stdout (#2364) + * fix: hardcode xalan group ID (#2368) + * Normalize cataloger configuration patterns (#2365) + * normalize enums to lowercase with hyphens (#2363) + * bump deps version + * fix: index file itself when file scan path has symlink (#2359) + * use read lock in pkg collection (#2341) + * Fix the `attest` command (#2337) + * fix: add manual namespace mapping for org.springframework jars (#2345) + * Add binary classifiers for MySQL and MariaDB (#2316) + * Enhance redis binary classifier (#2329) + * fix: add manual namespace mapping for org.springframework.security jars (#2343) + * fix: add manual namespace mapping for org.bouncycastle jars (#2342) + * Update developer docs to represent the current package layout (#2340) + * Remove the power-user command and related catalogers (#2306) + * Add "pretty" json configuration and change default behavior to be space-efficient (#2275) + +--- Old: syft-0.97.1.obscpio New: syft-0.98.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.nMaAS3/_old 2023-11-30 22:02:11.922999254 +0100 +++ /var/tmp/diff_new_pack.nMaAS3/_new 2023-11-30 22:02:11.926999402 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.97.1 +Version:0.98.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.nMaAS3/_old 2023-11-30 22:02:11.951000286 +0100 +++ /var/tmp/diff_new_pack.nMaAS3/_new 2023-11-30 22:02:11.955000433 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.97.1 +v0.98.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.nMaAS3/_old 2023-11-30 22:02:11.971001023 +0100 +++ /var/tmp/diff_new_pack.nMaAS3/_new 2023-11-30 22:02:11.975001170 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 7cfb5f630a7a2105d49d65e2e2c06e4eda73 + 5c8dd4c3a7632dcfd999bab7a5b73c3180f1b628 (No newline at EOF) ++ syft-0.97.1.obscpio -> syft-0.98.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.97.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.25432/syft-0.98.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.nMaAS3/_old 2023-11-30 22:02:12.011002496 +0100 +++ /var/tmp/diff_new_pack.nMaAS3/_new 2023-11-30 22:02:12.015002643 +0100 @@ -1,5 +1,5 @@ name: syft -version: 0.97.1 -mtime: 1700254381 -commit: 7cfb5f630a7a2105d49d65e2e2c06e4eda73 +version: 0.98.0 +mtime: 1701268954 +commit: 5c8dd4c3a7632dcfd999bab7a5b73c3180f1b628 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.25432/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-11-10 12:33:25 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.17445 (New) Package is "syft" Fri Nov 10 12:33:25 2023 rev:53 rq:1124793 version:0.96.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-11-08 22:19:56.272044361 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.17445/syft.changes 2023-11-10 12:37:19.585378627 +0100 @@ -1,0 +2,14 @@ +Thu Nov 09 14:48:04 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.96.0: + * include image labels in cycloneDX SBOM (#2294) + * Add accessPath on Location objects to syft-json output (#2287) + * SPDX file has duplicate sha256 tag in versionInfo (#2300) + * Check maven central as well for licenses in parents poms for +nested jars (#2302) + * chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 +(#2293) + * chore(deps): update tools to latest versions (#2301) + * fix: identify cyclone-json without $schema (#2303) + +--- Old: syft-0.95.0.obscpio New: syft-0.96.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.zZY5hf/_old 2023-11-10 12:37:21.197438291 +0100 +++ /var/tmp/diff_new_pack.zZY5hf/_new 2023-11-10 12:37:21.197438291 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.95.0 +Version:0.96.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.zZY5hf/_old 2023-11-10 12:37:21.229439476 +0100 +++ /var/tmp/diff_new_pack.zZY5hf/_new 2023-11-10 12:37:21.233439623 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.95.0 +v0.96.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.zZY5hf/_old 2023-11-10 12:37:21.253440364 +0100 +++ /var/tmp/diff_new_pack.zZY5hf/_new 2023-11-10 12:37:21.253440364 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 9b98785aab9346999a0b5e9f5e4b4e63a1b1916c + 0891d35e0774f175e3a3f170edcce9ad2f4f015b (No newline at EOF) ++ syft-0.95.0.obscpio -> syft-0.96.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.95.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.17445/syft-0.96.0.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.zZY5hf/_old 2023-11-10 12:37:21.293441844 +0100 +++ /var/tmp/diff_new_pack.zZY5hf/_new 2023-11-10 12:37:21.297441992 +0100 @@ -1,5 +1,5 @@ name: syft -version: 0.95.0 -mtime: 1699374786 -commit: 9b98785aab9346999a0b5e9f5e4b4e63a1b1916c +version: 0.96.0 +mtime: 1699485184 +commit: 0891d35e0774f175e3a3f170edcce9ad2f4f015b ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.17445/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-11-08 22:18:35 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.17445 (New) Package is "syft" Wed Nov 8 22:18:35 2023 rev:52 rq:1124178 version:0.95.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-11-03 22:21:41.939479529 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.17445/syft.changes 2023-11-08 22:19:56.272044361 +0100 @@ -1,0 +2,63 @@ +Tue Nov 07 20:40:41 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.95.0: + * chore: setup release task before calling go releaser (#2297) + * chore(deps): update tools to latest versions (#2296) + * chore(deps): update tools to latest versions (#2289) + * chore(deps): update CPE dictionary index (#2290) + * chore(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 +(#2292) + * Wire though maven-url to java config (#2291) + * Use case-insensitive matching for Go license files (#2286) + * Add a new Java configuration option to recursively search +parent poms… (#2274) + * chore(deps): update tools to latest versions (#2280) + * Follow convention for naming catalogers (#2277) + * change dir resolver to include virtual path (#2259) + * fix: syft does not handle the case of parsing a jar with +multiple poms (#2231) + * add PURLs when scanning Gradle lock files (#2278) + * chore(deps): bump modernc.org/sqlite from 1.26.0 to 1.27.0 +(#2279) + * test: remove dll files and updates tests to use +versionResources (#2276) + * fix: update dot net binary parsing logic to remove empty space +(#2273) + * Read a license from a parent pom stored in Maven Central +(#2228) + * Update README.md to use canonical output format names (fixes +#2269) (#2272) + * Remove MetadataType from core package object and normalize JSON +metadataType values (#1983) + * chore(deps): bump github.com/docker/docker (#2263) + * chore(deps): update stereoscope to +5909e353ee88d7809f0e646c79f110a0e6b1d80d (#2265) + * chore(deps): update CPE dictionary index (#2271) + * chore: fix cpe generation task (#2270) + * chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 +(#2262) + * chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 +(#2261) + * chore(deps): update tools to latest versions (#2258) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to +5.10.0 (#2256) + * feat: Perform case insensitive matching on Java license files +(#2235) + * Split the sbom.Format interface by encode and decode use cases +(#2186) + * Upgrade tool management (#2188) + * fix: 2179 jar chokes empty lines (#2254) + * chore(deps): update CPE dictionary index (#2253) + * fix CPE workflow (#2252) + * feat: add conaninfo.txt parser to detect conan packages in +docker images (#2234) + * chore(deps): update bootstrap tools to latest versions (#2245) + * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.6.0 +to 4.6.1 (#2248) + * chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 +(#2249) + * fill version info from release and git directly (#2244) + * Add ruby.NewGemSpecCataloger to DirectoryCatalogers. (#1971) + * change homebrew release trigger (#2242) + +--- Old: syft-0.94.0.obscpio New: syft-0.95.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.hgRfWh/_old 2023-11-08 22:19:59.660168829 +0100 +++ /var/tmp/diff_new_pack.hgRfWh/_new 2023-11-08 22:19:59.660168829 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.94.0 +Version:0.95.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.hgRfWh/_old 2023-11-08 22:19:59.688169858 +0100 +++ /var/tmp/diff_new_pack.hgRfWh/_new 2023-11-08 22:19:59.692170005 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.94.0 +v0.95.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.hgRfWh/_old 2023-11-08 22:19:59.712170739 +0100 +++ /var/tmp/diff_new_pack.hgRfWh/_new 2023-11-08 22:19:59.712170739 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 8f6bdde6662aa8050a71eadbdb7bd5a3b079a56d + 9b98785aab9346999a0b5e9f5e4b4e63a1b1916c (No newline at EOF) ++ syft-0.94.0.obscpio -> syft-0.95.0.obscpio ++
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-11-03 22:20:52 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.17445 (New) Package is "syft" Fri Nov 3 22:20:52 2023 rev:51 rq:1123165 version:0.94.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-10-23 23:40:53.551371369 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.17445/syft.changes 2023-11-03 22:21:41.939479529 +0100 @@ -1,0 +2,5 @@ +Fri Nov 3 09:12:53 UTC 2023 - Johannes Kastl + +- BuildRequire go1.21 + +--- Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.Jkii4i/_old 2023-11-03 22:21:43.039519995 +0100 +++ /var/tmp/diff_new_pack.Jkii4i/_new 2023-11-03 22:21:43.039519995 +0100 @@ -26,7 +26,7 @@ URL:https://github.com/anchore/syft Source: syft-%{version}.tar.gz Source1:vendor.tar.gz -BuildRequires: go >= 1.18 +BuildRequires: go >= 1.21 %description A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-10-23 23:40:41 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1945 (New) Package is "syft" Mon Oct 23 23:40:41 2023 rev:50 rq:1119525 version:0.94.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-10-12 11:58:47.401150527 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1945/syft.changes 2023-10-23 23:40:53.551371369 +0200 @@ -1,0 +2,33 @@ +Sat Oct 21 18:16:53 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.94.0: + * Label PRs when the json schema changes (#2240) + * Add download location when cataloging directory npm package +lock (#2238) + * fix: allow packages to be captured from DIST/EGG case (#2239) + * Account for maven bundle plugin and fix filename matching +(#2220) + * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2236) + * Remove internal string set (#2219) + * bump clio to get stderr reporting fix (#2232) + * Fix panic for empty input to Swift cataloger (#2226) + * Add additional license filenames (#2227) + * chore(deps): bump github/codeql-action from 2.22.2 to 2.22.3 +(#2229) + * chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 +to 0.9.1 (#) + * chore(deps): bump github/codeql-action from 2.22.1 to 2.22.2 +(#2224) + * Detect a license file in the root directory or META-INF of a +jar (#2213) + * Parse donet dependency trees (#2143) + * chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 +(#2214) + * chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 +(#2215) + * chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 +to 0.9.0 (#2216) + * chore: add automated homebrew action (#2164) + * Add relationships for dpkg packages (#2212) + +--- Old: syft-0.93.0.obscpio New: syft-0.94.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.AqOBOH/_old 2023-10-23 23:40:55.027424951 +0200 +++ /var/tmp/diff_new_pack.AqOBOH/_new 2023-10-23 23:40:55.031425097 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.93.0 +Version:0.94.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 @@ -32,8 +32,7 @@ A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. %prep -%setup -q -%setup -q -T -D -a 1 +%autosetup -p 1 -a 1 %build DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" ++ _service ++ --- /var/tmp/diff_new_pack.AqOBOH/_old 2023-10-23 23:40:55.055425968 +0200 +++ /var/tmp/diff_new_pack.AqOBOH/_new 2023-10-23 23:40:55.055425968 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.93.0 +v0.94.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.AqOBOH/_old 2023-10-23 23:40:55.075426694 +0200 +++ /var/tmp/diff_new_pack.AqOBOH/_new 2023-10-23 23:40:55.075426694 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 0748945c8341a06415ac80e624b84e8d3f548d39 + 8f6bdde6662aa8050a71eadbdb7bd5a3b079a56d (No newline at EOF) ++ syft-0.93.0.obscpio -> syft-0.94.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.93.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1945/syft-0.94.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.AqOBOH/_old 2023-10-23 23:40:55.107427856 +0200 +++ /var/tmp/diff_new_pack.AqOBOH/_new 2023-10-23 23:40:55.111428001 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.93.0 -mtime: 1696957784 -commit: 0748945c8341a06415ac80e624b84e8d3f548d39 +version: 0.94.0 +mtime: 1697821215 +commit: 8f6bdde6662aa8050a71eadbdb7bd5a3b079a56d ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1945/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-10-11 23:54:42 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1807 (New) Package is "syft" Wed Oct 11 23:54:42 2023 rev:49 rq:1116799 version:0.93.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-10-06 21:17:30.958525595 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1807/syft.changes 2023-10-12 11:58:47.401150527 +0200 @@ -1,0 +2,36 @@ +Wed Oct 11 04:22:21 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.93.0: + * Parse the Maven license from the pom.xml if not contained in +the mani… (#2115) + * Refine the docs for building a cataloger (#2175) + * Fix algo lookup by converting key to lower case (#2207) + * chore(deps): bump github/codeql-action from 2.22.0 to 2.22.1 +(#2208) + * feat: add package for go compiler given binary detection +(#2195) + * chore(deps): bump github.com/docker/distribution from +2.8.2+incompatible to 2.8.3+incompatible (#2193) + * chore(deps): bump github/codeql-action from 2.21.9 to 2.22.0 +(#2202) + * chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 +(#2204) + * chore: update license list to 3.22 (#2201) + * Add exact syntax of the conversion formats (#2196) + * chore(deps): bump github.com/saferwall/pe from 1.4.6 to 1.4.7 +(#2198) + * chore(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 +(#2199) + * chore: removes unnecessary conditional (#2194) + * chore: improve --output help text and deprecate --file (#2187) + * chore(deps): bump modernc.org/sqlite from 1.25.0 to 1.26.0 +(#2189) + * chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 +to 0.4.11 (#2191) + * chore(deps): bump github/codeql-action from 2.21.8 to 2.21.9 +(#2182) + * chore(deps): update bootstrap tools to latest versions (#2178) + * chore(deps): bump github.com/saferwall/pe from 1.4.5 to 1.4.6 +(#2180) + +--- Old: syft-0.92.0.obscpio New: syft-0.93.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.g3XRtA/_old 2023-10-12 11:58:48.805201125 +0200 +++ /var/tmp/diff_new_pack.g3XRtA/_new 2023-10-12 11:58:48.809201269 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.92.0 +Version:0.93.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.g3XRtA/_old 2023-10-12 11:58:48.857202999 +0200 +++ /var/tmp/diff_new_pack.g3XRtA/_new 2023-10-12 11:58:48.861203143 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.92.0 +v0.93.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.g3XRtA/_old 2023-10-12 11:58:48.909204873 +0200 +++ /var/tmp/diff_new_pack.g3XRtA/_new 2023-10-12 11:58:48.909204873 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 8f57d22f639e132cbd87324abacd864232c611ce + 0748945c8341a06415ac80e624b84e8d3f548d39 (No newline at EOF) ++ syft-0.92.0.obscpio -> syft-0.93.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.92.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1807/syft-0.93.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.g3XRtA/_old 2023-10-12 11:58:48.961206747 +0200 +++ /var/tmp/diff_new_pack.g3XRtA/_new 2023-10-12 11:58:48.973207179 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.92.0 -mtime: 1695741265 -commit: 8f57d22f639e132cbd87324abacd864232c611ce +version: 0.93.0 +mtime: 1696957784 +commit: 0748945c8341a06415ac80e624b84e8d3f548d39 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1807/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-10-06 21:14:35 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.28202 (New) Package is "syft" Fri Oct 6 21:14:35 2023 rev:48 rq:1116063 version:0.92.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-09-06 19:01:49.343320930 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.28202/syft.changes 2023-10-06 21:17:30.958525595 +0200 @@ -1,0 +2,24 @@ +Thu Oct 05 06:32:34 UTC 2023 - andrea.manz...@suse.com + +- Update to version 0.92.0: + * bump deps to latest version + * fix: deterministic java purls (#2170) + +- Update to version 0.91.0: + * fix: prevent errors from clobbering terminal (#2161) + * Require ordering of relationships when comparing parser output (#2160) + * Add containerd support (#1793) + * feat: add dependency information to conan lockfile parser (#2131) + * fix: encode and decode FileLicenses and FileContents in Syft JSON (#2083) + * feat: add cyclonedx schema version selection (#2123) + * fix: allow cyclonedx json input with no components (#2127) + * fix source-version typo in flag description (#2126) + +- Update to version 0.90.0: + * fix(help): power-user help text to indicate it supports file-system (#2113) + * fix: update codeql-analysis for go 1.21 (#2108) + * feat(cmd/update): add UA header with current ver when check for update (#2100) + * fix(cdx): validate external refs before encoding (#2091) + * fix: correct group IDs for commons-codec, okhttp, okio, and add integration tests for Java PURL generation (#2075) + +--- Old: syft-0.89.0.obscpio New: syft-0.92.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.ulTCVC/_old 2023-10-06 21:17:33.114606809 +0200 +++ /var/tmp/diff_new_pack.ulTCVC/_new 2023-10-06 21:17:33.114606809 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.89.0 +Version:0.92.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.ulTCVC/_old 2023-10-06 21:17:33.146608015 +0200 +++ /var/tmp/diff_new_pack.ulTCVC/_new 2023-10-06 21:17:33.150608165 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.89.0 +v0.92.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.ulTCVC/_old 2023-10-06 21:17:33.166608768 +0200 +++ /var/tmp/diff_new_pack.ulTCVC/_new 2023-10-06 21:17:33.170608919 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - b454160549bbd199e0a5693750856f30b41767f7 + 8f57d22f639e132cbd87324abacd864232c611ce (No newline at EOF) ++ syft-0.89.0.obscpio -> syft-0.92.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.89.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.28202/syft-0.92.0.obscpio differ: char 48, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.ulTCVC/_old 2023-10-06 21:17:33.202610124 +0200 +++ /var/tmp/diff_new_pack.ulTCVC/_new 2023-10-06 21:17:33.206610274 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.89.0 -mtime: 1693493432 -commit: b454160549bbd199e0a5693750856f30b41767f7 +version: 0.92.0 +mtime: 1695741265 +commit: 8f57d22f639e132cbd87324abacd864232c611ce ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.28202/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-09-06 18:58:03 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1766 (New) Package is "syft" Wed Sep 6 18:58:03 2023 rev:47 rq:1109094 version:0.89.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-08-01 15:38:35.353842361 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1766/syft.changes 2023-09-06 19:01:49.343320930 +0200 @@ -1,0 +2,90 @@ +Tue Sep 05 14:57:48 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.89.0: + * tidy gomod and gitignore (#2082) + * fix quiet flag (#2081) + * fix: in some cases, try to use pom info to guess name and +version to top level jar (#2080) + * fix: don't panic on universal go binaries (#2078) + * chore: update CLI to CLIO (#2001) + * Add registry certificate verification support (#1734) + * fix: CPE generation for django (#2068) + +--- +Tue Sep 05 14:54:29 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.88.0: + * chore: update quill to the latest version (#2065) + * fix: duplicate entries in cyclonedx dependency list (#2063) + * Fix panic in pom parsing (#2064) + * Fix: don't validate pom declared group (#2054) + * chore: trace log pom property reflect usage (#2059) + * fix: do not double-prefix symlink paths that already contain +volume names (#2051) + * feat: add bash classifier (#2055) + * Detect golang boring crypto and fipsonly modules (#2021) + * fix: properly parse conan ref and include user and channel +(#2034) + * chore(deps): bump github.com/charmbracelet/lipgloss from 0.7.1 +to 0.8.0 (#2053) + * Enable reading non-utf-8 encodings for java pom.xml files +(#2047) + * feat: 1944 - update purl generation to use a consistent groupID +(#2033) + * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 +(#2049) + * chore(deps): update bootstrap tools to latest versions (#2048) + * chore(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 +(#2045) + * chore(deps): update CPE dictionary index (#2043) + * fill out new version notice (#2042) + +--- +Tue Sep 05 14:49:59 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.87.1: + * feat: use java package names to determine known groupids +(#2032) + * fix: inconsistent removal of binaries by overlap (#2036) + * fix: CycloneDX relationships not output or decoded properly +(#1974) + * chore: restore cataloger.DefaultConfig (#2028) + +--- +Tue Sep 05 14:31:00 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.87.0: + * fix: read direct package files when decoding SPDX tag-value +(#2014) + * chore(deps): update bootstrap tools to latest versions (#2022) + * chore(deps): update CPE dictionary index (#2025) + * chore(deps): update bootstrap tools to latest versions (#2012) + * chore(deps): bump github.com/vifraa/gopom from 0.2.2 to 1.0.0 +(#2008) + * 1948-filter-pkg-by-type (#2011) + * chore(deps): bump github.com/dave/jennifer from 1.6.1 to 1.7.0 +(#2009) + * fix: SPDX license values and download location (#2007) + * 931: binary cataloger exclusion defaults for ownership by +overlap (#1948) + * chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 +(#2004) + * chore(deps): bump modernc.org/sqlite from 1.24.0 to 1.25.0 +(#1998) + * test: add coverage for new rpmdb paths (#1999) + * chore: improve spdx purl decoding (#1996) + * fix: gradle lockfile parser groupId handling (#1995) + * fix: update glob to use newer usr/lib/sysimage path (#1997) + * fix: opkg search glob (#1994) + * feat: nginx binary classifier (#1988) + * Expand deb cataloger to include opkg (#1985) + * chore(deps): update bootstrap tools to latest versions (#1991) + * chore(deps): bump github.com/google/go-containerregistry +(#1993) + * chore: update bubbly to fix hanging (#1990) + * chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 +(#1989) + * feat: use originator logic to fill supplier (#1980) + * add metadata types to all cpe test fixtures (#1982) + +--- Old: syft-0.86.1.obscpio New: syft-0.89.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.Mz2nuu/_old 2023-09-06 19:01:53.811480210 +0200 +++ /var/tmp/diff_new_pack.Mz2nuu/_new 2023-09-06 19:01:53.815480353 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-08-01 15:38:32 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32662 (New) Package is "syft" Tue Aug 1 15:38:32 2023 rev:46 rq:1101708 version:0.86.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-07-13 17:18:22.869058018 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.32662/syft.changes 2023-08-01 15:38:35.353842361 +0200 @@ -1,0 +2,40 @@ +Tue Aug 01 10:30:23 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.86.1: + * fix: default image source name to user input (#1979) + +--- +Tue Aug 01 10:17:13 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.86.0: + * chore(deps): update stereoscope to +d1f3d766295ed3c8362ac1be68070e2a1dba4d03 (#1975) + * chore: update to latest commit in tools-golang (#1969) + * Guess unpinned versions in python requirements.txt (#1966) + * chore(deps): bump github.com/vifraa/gopom from 0.2.1 to 0.2.2 +(#1965) + * Fix panic condition on docker pull failure (#1968) + * bump JSON schema to account for simplified python env markers +(#1967) + * feat: support top-level SPDX package and graph (#1934) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to +5.8.1 (#1959) + * Add cataloger for Swift Package Manager. (#1919) + * chore(deps): update stereoscope to +d515761c6ca2743a67d7d08053db69235ae76d1d (#1953) + * chore(deps): bump github.com/docker/docker (#1955) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to +5.8.0 (#1951) + * Introduce indexed embedded CPE dictionary (#1897) + * chore(deps): bump github.com/gookit/color from 1.5.3 to 1.5.4 +(#1949) + * Add support for parsing .NET assemblies (#1943) + * docs: capture artifactory dev settings from 1895 (#1947) + * remove build binary and add explicit git ignore + * docs: update docs with new docker specific instructions (#1941) + * remove jotframe UI (#1932) + * fix: remove indirect dependency of circl v1.1.0 (#1940) + * chore: move wait before iteration to guarantee read before tea +(#1931) + +--- Old: syft-0.85.0.obscpio New: syft-0.86.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.6vT4s6/_old 2023-08-01 15:38:37.373854869 +0200 +++ /var/tmp/diff_new_pack.6vT4s6/_new 2023-08-01 15:38:37.373854869 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.85.0 +Version:0.86.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.6vT4s6/_old 2023-08-01 15:38:37.413855117 +0200 +++ /var/tmp/diff_new_pack.6vT4s6/_new 2023-08-01 15:38:37.417855142 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.85.0 +v0.86.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.6vT4s6/_old 2023-08-01 15:38:37.433855241 +0200 +++ /var/tmp/diff_new_pack.6vT4s6/_new 2023-08-01 15:38:37.437855266 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 4fc17edd146af34ab06f5b0443ef8ddac3aaf076 + e2f7befbfbf88053dfb2007c6499a4bb2d232c3c (No newline at EOF) ++ syft-0.85.0.obscpio -> syft-0.86.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.85.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.32662/syft-0.86.1.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.6vT4s6/_old 2023-08-01 15:38:37.485855563 +0200 +++ /var/tmp/diff_new_pack.6vT4s6/_new 2023-08-01 15:38:37.489855588 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.85.0 -mtime: 1689182094 -commit: 4fc17edd146af34ab06f5b0443ef8ddac3aaf076 +version: 0.86.1 +mtime: 1690824558 +commit: e2f7befbfbf88053dfb2007c6499a4bb2d232c3c ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.32662/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-07-13 17:18:20 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.8922 (New) Package is "syft" Thu Jul 13 17:18:20 2023 rev:45 rq:1098447 version:0.85.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-06-30 20:00:02.282059506 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.8922/syft.changes 2023-07-13 17:18:22.869058018 +0200 @@ -1,0 +2,34 @@ +Thu Jul 13 04:49:43 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.85.0: + * implement ui handle waiter (#1930) + * fix: background reader apart from global handler for testing +(#1929) + * chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.24.0 +(#1928) + * fix: allow valid cyclonedx input with no components (#1873) + * fix: "or-later" suffix updated to consider deprecated "+" +operator (#1907) + * feat: CLI flag for directory base (#1867) + * Fix CPE gen for k8s python client (#1921) + * chore: update iterations to protect against race (#1927) + * chore(deps): update bootstrap tools to latest versions (#1922) + * fix: Don't use the actual redis or grpc CPEs for gems (#1926) + * fix(install): return with right error code (#1915) + * Remove erroneous Java CPEs from generation (#1918) + * chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 +(#1916) + * Switch UI to bubbletea (#1888) + * fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate +the link (#1884) + * add file source digest support (#1914) + * chore(deps): update bootstrap tools to latest versions (#1908) + * chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 +(#1912) + * chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 +(#1913) + * doc(readme): add installation section with scoop (#1909) + * Refactor source API (#1846) + * chore(deps): update bootstrap tools to latest versions (#1905) + +--- Old: syft-0.84.1.obscpio New: syft-0.85.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.ofGBZ5/_old 2023-07-13 17:18:24.617068334 +0200 +++ /var/tmp/diff_new_pack.ofGBZ5/_new 2023-07-13 17:18:24.621068357 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.84.1 +Version:0.85.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.ofGBZ5/_old 2023-07-13 17:18:24.649068522 +0200 +++ /var/tmp/diff_new_pack.ofGBZ5/_new 2023-07-13 17:18:24.653068546 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.84.1 +v0.85.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.ofGBZ5/_old 2023-07-13 17:18:24.677068687 +0200 +++ /var/tmp/diff_new_pack.ofGBZ5/_new 2023-07-13 17:18:24.681068711 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 791d1f955215f1dad383c9835e4d3c01267dc0f5 + 4fc17edd146af34ab06f5b0443ef8ddac3aaf076 (No newline at EOF) ++ syft-0.84.1.obscpio -> syft-0.85.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.84.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.8922/syft-0.85.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.ofGBZ5/_old 2023-07-13 17:18:24.721068947 +0200 +++ /var/tmp/diff_new_pack.ofGBZ5/_new 2023-07-13 17:18:24.725068970 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.84.1 -mtime: 1687968312 -commit: 791d1f955215f1dad383c9835e4d3c01267dc0f5 +version: 0.85.0 +mtime: 1689182094 +commit: 4fc17edd146af34ab06f5b0443ef8ddac3aaf076 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.8922/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-06-30 19:59:43 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.13546 (New) Package is "syft" Fri Jun 30 19:59:43 2023 rev:44 rq:1096049 version:0.84.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-06-21 22:40:39.142657595 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.13546/syft.changes 2023-06-30 20:00:02.282059506 +0200 @@ -1,0 +2,21 @@ +Fri Jun 30 04:42:50 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.84.1: + * chore(deps): update stereoscope to +cd49355d934e9e09339e0b690398afe7bd9f63f1 (#1903) + * chore(deps): update bootstrap tools to latest versions (#1902) + * fix: discover deb file relationships in distroless images +(#1901) + * add oss community board auto-add workflow (#1898) + * chore(deps): update stereoscope to +8c7173ebcf69187d480d4d8b0c6cafaa7aef7024 (#1890) + * chore(deps): update bootstrap tools to latest versions (#1894) + * fix: add support for Dart SDK package dependencies (#1891) + * Simplify the SBOM writer interface (#1892) + * fix: improve version detection in Java archive name parsing +(#1889) + * fix: only output valid cyclonedx license choices (#1879) + * docs: clarify reasoning of default catalogers for images or +directories (#1887) + +--- Old: syft-0.84.0.obscpio New: syft-0.84.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.G6DFaH/_old 2023-06-30 20:00:04.146070593 +0200 +++ /var/tmp/diff_new_pack.G6DFaH/_new 2023-06-30 20:00:04.162070688 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.84.0 +Version:0.84.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.G6DFaH/_old 2023-06-30 20:00:04.234071116 +0200 +++ /var/tmp/diff_new_pack.G6DFaH/_new 2023-06-30 20:00:04.234071116 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.84.0 +v0.84.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.G6DFaH/_old 2023-06-30 20:00:04.262071283 +0200 +++ /var/tmp/diff_new_pack.G6DFaH/_new 2023-06-30 20:00:04.266071307 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 5d54e6e847192f63db80c9a7ee23197476c632ce + 791d1f955215f1dad383c9835e4d3c01267dc0f5 (No newline at EOF) ++ syft-0.84.0.obscpio -> syft-0.84.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.84.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.13546/syft-0.84.1.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.G6DFaH/_old 2023-06-30 20:00:04.326071663 +0200 +++ /var/tmp/diff_new_pack.G6DFaH/_new 2023-06-30 20:00:04.330071687 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.84.0 -mtime: 1687277315 -commit: 5d54e6e847192f63db80c9a7ee23197476c632ce +version: 0.84.1 +mtime: 1687968312 +commit: 791d1f955215f1dad383c9835e4d3c01267dc0f5 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.13546/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-06-21 22:39:29 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.15902 (New) Package is "syft" Wed Jun 21 22:39:29 2023 rev:43 rq:1094256 version:0.84.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-06-16 16:54:19.573521653 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.15902/syft.changes 2023-06-21 22:40:39.142657595 +0200 @@ -1,0 +2,11 @@ +Wed Jun 21 04:48:16 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.84.0: + * Configure chronicle to pre-1.0 mode (#1886) + * chore: update SPDX license list to 3.21 (#1885) + * chore(deps): update bootstrap tools to latest versions (#1880) + * Pad artifact IDs (#1882) + * chore(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 +(#1878) + +--- Old: syft-0.83.1.obscpio New: syft-0.84.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.daLrZk/_old 2023-06-21 22:40:46.994704850 +0200 +++ /var/tmp/diff_new_pack.daLrZk/_new 2023-06-21 22:40:47.014704970 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.83.1 +Version:0.84.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.daLrZk/_old 2023-06-21 22:40:47.058705235 +0200 +++ /var/tmp/diff_new_pack.daLrZk/_new 2023-06-21 22:40:47.062705259 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.83.1 +v0.84.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.daLrZk/_old 2023-06-21 22:40:47.082705379 +0200 +++ /var/tmp/diff_new_pack.daLrZk/_new 2023-06-21 22:40:47.090705427 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - a1bba36d514c3ff0f34635b9cdc9f07a92ea793b + 5d54e6e847192f63db80c9a7ee23197476c632ce (No newline at EOF) ++ syft-0.83.1.obscpio -> syft-0.84.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.83.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.15902/syft-0.84.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.daLrZk/_old 2023-06-21 22:40:47.130705668 +0200 +++ /var/tmp/diff_new_pack.daLrZk/_new 2023-06-21 22:40:47.134705692 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.83.1 -mtime: 1686757539 -commit: a1bba36d514c3ff0f34635b9cdc9f07a92ea793b +version: 0.84.0 +mtime: 1687277315 +commit: 5d54e6e847192f63db80c9a7ee23197476c632ce ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.15902/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-06-16 16:53:24 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.15902 (New) Package is "syft" Fri Jun 16 16:53:24 2023 rev:42 rq:1093164 version:0.83.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-06-13 16:09:34.902910783 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.15902/syft.changes 2023-06-16 16:54:19.573521653 +0200 @@ -1,0 +2,14 @@ +Wed Jun 14 18:11:48 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.83.1: + * chore(deps): bump modernc.org/sqlite from 1.23.0 to 1.23.1 +(#1874) + * chore(deps): update stereoscope to +5b5049bf4d3a99df9a2b1c31d5d52ddff7b5cec2 (#1871) + * chore(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 +(#1876) + * fix: pom properties not setting artifact id (#1870) + * chore(deps): bump github.com/spdx/tools-golang from 0.5.1 to +0.5.2 (#1868) + +--- Old: syft-0.83.0.obscpio New: syft-0.83.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.W3hlE1/_old 2023-06-16 16:54:22.141536925 +0200 +++ /var/tmp/diff_new_pack.W3hlE1/_new 2023-06-16 16:54:22.193537233 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.83.0 +Version:0.83.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.W3hlE1/_old 2023-06-16 16:54:22.441538708 +0200 +++ /var/tmp/diff_new_pack.W3hlE1/_new 2023-06-16 16:54:22.445538732 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.83.0 +v0.83.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.W3hlE1/_old 2023-06-16 16:54:22.461538827 +0200 +++ /var/tmp/diff_new_pack.W3hlE1/_new 2023-06-16 16:54:22.465538851 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 1764e1c3f6bd66781f8350d957a1f95e4d9ad3de + a1bba36d514c3ff0f34635b9cdc9f07a92ea793b (No newline at EOF) ++ syft-0.83.0.obscpio -> syft-0.83.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.83.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.15902/syft-0.83.1.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.W3hlE1/_old 2023-06-16 16:54:22.493539017 +0200 +++ /var/tmp/diff_new_pack.W3hlE1/_new 2023-06-16 16:54:22.497539041 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.83.0 -mtime: 1685991854 -commit: 1764e1c3f6bd66781f8350d957a1f95e4d9ad3de +version: 0.83.1 +mtime: 1686757539 +commit: a1bba36d514c3ff0f34635b9cdc9f07a92ea793b ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.15902/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-06-13 16:09:30 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.15902 (New) Package is "syft" Tue Jun 13 16:09:30 2023 rev:41 rq:1092663 version:0.83.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-05-24 20:22:52.932365493 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.15902/syft.changes 2023-06-13 16:09:34.902910783 +0200 @@ -1,0 +2,29 @@ +Mon Jun 12 19:35:49 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.83.0: + * fix: handle invalid symlinks (#1861) + * chore(deps): bump github.com/spdx/tools-golang from 0.5.0 to +0.5.1 (#1850) + * chore(deps): update bootstrap tools to latest versions (#1857) + * Pr 1825 (#1865) + * chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to +1.9.3 (#1862) + * chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 +(#1863) + * feat: source-version flag (#1859) + * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 +(#1851) + * accept main.version ldflags even without vcs (#1855) + * feat: add scope to pom properties (#1779) + * chore(deps): bump github.com/stretchr/testify from 1.8.3 to +1.8.4 (#1852) + * chore(deps): bump github.com/docker/docker (#1849) + * Add test to ensure package metadata is represented in the JSON +schema (#1841) + * Fix directory resolver to consider CWD and root path input +correctly (#1840) + * Migrate location-related structs to the file package (#1751) + * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to +5.7.0 (#1843) + +--- Old: syft-0.82.0.obscpio New: syft-0.83.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.TdGavJ/_old 2023-06-13 16:09:37.538926334 +0200 +++ /var/tmp/diff_new_pack.TdGavJ/_new 2023-06-13 16:09:37.582926593 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.82.0 +Version:0.83.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.TdGavJ/_old 2023-06-13 16:09:37.730927466 +0200 +++ /var/tmp/diff_new_pack.TdGavJ/_new 2023-06-13 16:09:37.734927490 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.82.0 +v0.83.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.TdGavJ/_old 2023-06-13 16:09:37.782927774 +0200 +++ /var/tmp/diff_new_pack.TdGavJ/_new 2023-06-13 16:09:37.786927797 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 4ac8fdf6df0da4cd6f76820dbec9f490ee56bcba + 1764e1c3f6bd66781f8350d957a1f95e4d9ad3de (No newline at EOF) ++ syft-0.82.0.obscpio -> syft-0.83.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.82.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.15902/syft-0.83.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.TdGavJ/_old 2023-06-13 16:09:37.862928246 +0200 +++ /var/tmp/diff_new_pack.TdGavJ/_new 2023-06-13 16:09:37.874928316 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.82.0 -mtime: 1684861129 -commit: 4ac8fdf6df0da4cd6f76820dbec9f490ee56bcba +version: 0.83.0 +mtime: 1685991854 +commit: 1764e1c3f6bd66781f8350d957a1f95e4d9ad3de ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.15902/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-05-24 20:22:30 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1533 (New) Package is "syft" Wed May 24 20:22:30 2023 rev:40 rq:1088720 version:0.82.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-05-23 14:55:27.478807802 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1533/syft.changes 2023-05-24 20:22:52.932365493 +0200 @@ -1,0 +2,16 @@ +Tue May 23 17:54:05 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.82.0: + * fix: add panic recovery for license parse (#1839) + * chore: return both failures when failed to retrieve an image +with a scheme (#1801) + * Extract go module versions from ldflags for binaries built by +go (#1832) + * fix: duplicate packages, support pnpm lockfile v6 (#1778) + * chore(deps): update stereoscope to +e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834) + * chore(deps): bump github.com/stretchr/testify from 1.8.2 to +1.8.3 (#1829) + * chore(deps): bump github.com/docker/docker (#1833) + +--- Old: syft-0.81.0.obscpio New: syft-0.82.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.z3vO7u/_old 2023-05-24 20:22:54.844376894 +0200 +++ /var/tmp/diff_new_pack.z3vO7u/_new 2023-05-24 20:22:54.852376941 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.81.0 +Version:0.82.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.z3vO7u/_old 2023-05-24 20:22:54.888377156 +0200 +++ /var/tmp/diff_new_pack.z3vO7u/_new 2023-05-24 20:22:54.892377180 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.81.0 +v0.82.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.z3vO7u/_old 2023-05-24 20:22:54.928377395 +0200 +++ /var/tmp/diff_new_pack.z3vO7u/_new 2023-05-24 20:22:54.928377395 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 334a775cb9cd6bf50033de1bb3aa04f46b669f5d + 4ac8fdf6df0da4cd6f76820dbec9f490ee56bcba (No newline at EOF) ++ syft-0.81.0.obscpio -> syft-0.82.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.81.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1533/syft-0.82.0.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.z3vO7u/_old 2023-05-24 20:22:54.976377681 +0200 +++ /var/tmp/diff_new_pack.z3vO7u/_new 2023-05-24 20:22:54.980377705 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.81.0 -mtime: 1684506070 -commit: 334a775cb9cd6bf50033de1bb3aa04f46b669f5d +version: 0.82.0 +mtime: 1684861129 +commit: 4ac8fdf6df0da4cd6f76820dbec9f490ee56bcba ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1533/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-05-23 14:54:49 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1533 (New) Package is "syft" Tue May 23 14:54:49 2023 rev:39 rq:1088550 version:0.81.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-05-06 22:09:53.368949799 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1533/syft.changes 2023-05-23 14:55:27.478807802 +0200 @@ -1,0 +2,34 @@ +Tue May 23 07:31:00 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.81.0: + * Keep original FileInfo persisted on file.Metadata structs +(#1794) + * chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to +1.9.2 (#1827) + * chore(deps): bump github.com/google/go-containerregistry +(#1823) + * chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to +1.9.1 (#1822) + * chore(deps): bump github.com/docker/docker (#1824) + * fix: update field plurality of 8.0.0 schema before release +(#1820) + * fix: update cataloger to check for expressions before split +(#1819) + * feat: update syft license concept to complex struct (#1743) + * fix: cyclonedx depends-on relationship inverted (#1816) + * fix: retain sbom cataloger relationships (#1509) + * feat: warn if parsing newer SBOM (#1810) + * feat: Add R cataloger (#1790) + * update cosign to v2 release (different go module) (#1805) + * fix: Reduce log spam on unknown relationship type (#1797) + * chore(deps): update bootstrap tools to latest versions (#1807) + * chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802) + * chore(deps): bump github.com/docker/docker (#1795) + * chore(deps): bump github.com/google/go-containerregistry +(#1796) + * chore(deps): update bootstrap tools to latest versions (#1792) + * Print package list when extra packages found (#1791) + * chore(deps): update bootstrap tools to latest versions (#1786) + * chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787) + +--- Old: syft-0.80.0.obscpio New: syft-0.81.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.GjbLHq/_old 2023-05-23 14:55:29.214818074 +0200 +++ /var/tmp/diff_new_pack.GjbLHq/_new 2023-05-23 14:55:29.222818121 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.80.0 +Version:0.81.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.GjbLHq/_old 2023-05-23 14:55:29.282818477 +0200 +++ /var/tmp/diff_new_pack.GjbLHq/_new 2023-05-23 14:55:29.286818500 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.80.0 +v0.81.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.GjbLHq/_old 2023-05-23 14:55:29.318818689 +0200 +++ /var/tmp/diff_new_pack.GjbLHq/_new 2023-05-23 14:55:29.322818713 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 0f1aed447751f92dcc0165b56aa474ec9706805e + 334a775cb9cd6bf50033de1bb3aa04f46b669f5d (No newline at EOF) ++ syft-0.80.0.obscpio -> syft-0.81.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.80.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1533/syft-0.81.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.GjbLHq/_old 2023-05-23 14:55:29.370818997 +0200 +++ /var/tmp/diff_new_pack.GjbLHq/_new 2023-05-23 14:55:29.374819021 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.80.0 -mtime: 1683301301 -commit: 0f1aed447751f92dcc0165b56aa474ec9706805e +version: 0.81.0 +mtime: 1684506070 +commit: 334a775cb9cd6bf50033de1bb3aa04f46b669f5d ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1533/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-05-06 22:09:47 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1533 (New) Package is "syft" Sat May 6 22:09:47 2023 rev:38 rq:1085189 version:0.80.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-04-22 22:04:08.898539353 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1533/syft.changes 2023-05-06 22:09:53.368949799 +0200 @@ -1,0 +2,26 @@ +Fri May 05 19:51:00 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.80.0: + * Update the CPE generation for spring-security-core (#1789) + * chore: do not HTML escape PackageURLs (#1782) + * chore: do not include kernel module cataloger by default +(#1784) + * chore(docs): Update lists of catalogers (#1780) + * chore: add more detail on SPDX file IDs (#1769) + * Search /usr/share for rpmdb to fix scan on ostree-managed +images (#1756) + * chore(deps): bump github.com/docker/docker (#1767) + * rename sbom.PackageCatalog to sbom.Packages (#1773) + * chore(deps): bump modernc.org/sqlite from 1.22.0 to 1.22.1 +(#1768) + * Create python requirements metadata (#1759) + * chore: update test redactor ordering (#1765) + * rename pkg.Catalog to pkg.Collection (#1764) + * chore(deps): bump modernc.org/sqlite from 1.21.2 to 1.22.0 +(#1758) + * chore: go-rpmdb update (#1757) + * chore(deps): bump github.com/CycloneDX/cyclonedx-go from +0.7.1-0.20221222100750-41a1ac565cce to 0.7.1 (#1706) + * fix: Improve pnpm support (#1752) + +--- Old: syft-0.79.0.obscpio New: syft-0.80.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.KVzksQ/_old 2023-05-06 22:09:54.820957881 +0200 +++ /var/tmp/diff_new_pack.KVzksQ/_new 2023-05-06 22:09:54.828957925 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.79.0 +Version:0.80.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.KVzksQ/_old 2023-05-06 22:09:54.876958193 +0200 +++ /var/tmp/diff_new_pack.KVzksQ/_new 2023-05-06 22:09:54.880958215 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.79.0 +v0.80.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.KVzksQ/_old 2023-05-06 22:09:54.896958304 +0200 +++ /var/tmp/diff_new_pack.KVzksQ/_new 2023-05-06 22:09:54.900958326 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - b2b332e8b2b66af0905e98b54ebd713a922be1a8 + 0f1aed447751f92dcc0165b56aa474ec9706805e (No newline at EOF) ++ syft-0.79.0.obscpio -> syft-0.80.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.79.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1533/syft-0.80.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.KVzksQ/_old 2023-05-06 22:09:54.940958549 +0200 +++ /var/tmp/diff_new_pack.KVzksQ/_new 2023-05-06 22:09:54.944958571 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.79.0 -mtime: 1682084046 -commit: b2b332e8b2b66af0905e98b54ebd713a922be1a8 +version: 0.80.0 +mtime: 1683301301 +commit: 0f1aed447751f92dcc0165b56aa474ec9706805e ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1533/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-04-22 22:03:47 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1533 (New) Package is "syft" Sat Apr 22 22:03:47 2023 rev:37 rq:1082193 version:0.79.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-04-18 15:53:14.821542531 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1533/syft.changes 2023-04-22 22:04:08.898539353 +0200 @@ -1,0 +2,13 @@ +Sat Apr 22 14:33:37 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.79.0: + * feat: Add template func `hasField` (#1754) + * fix: only cache java packages and not source content (#1750) + * Add sections of interest for Gemfile.lock cataloger (#1749) + * fix: update cache.fingerprint file to java-builds dir (#1748) + * Add ALPM Metadata to CYCLONEDX and SPDX output formats (#1747) + * chore: bump stereoscope to latest version (#1741) + * chore(deps): update bootstrap tools to latest versions (#1744) + * chore(deps): bump github.com/docker/docker (#1746) + +--- Old: syft-0.78.0.obscpio New: syft-0.79.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.ysuYzM/_old 2023-04-22 22:04:10.426548489 +0200 +++ /var/tmp/diff_new_pack.ysuYzM/_new 2023-04-22 22:04:10.430548513 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.78.0 +Version:0.79.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.ysuYzM/_old 2023-04-22 22:04:10.466548728 +0200 +++ /var/tmp/diff_new_pack.ysuYzM/_new 2023-04-22 22:04:10.470548752 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.78.0 +v0.79.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.ysuYzM/_old 2023-04-22 22:04:10.494548895 +0200 +++ /var/tmp/diff_new_pack.ysuYzM/_new 2023-04-22 22:04:10.498548919 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 244b797a199458f504758c0e3a775572a021e629 + b2b332e8b2b66af0905e98b54ebd713a922be1a8 (No newline at EOF) ++ syft-0.78.0.obscpio -> syft-0.79.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.78.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.1533/syft-0.79.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.ysuYzM/_old 2023-04-22 22:04:10.538549159 +0200 +++ /var/tmp/diff_new_pack.ysuYzM/_new 2023-04-22 22:04:10.542549183 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.78.0 -mtime: 1681748767 -commit: 244b797a199458f504758c0e3a775572a021e629 +version: 0.79.0 +mtime: 1682084046 +commit: b2b332e8b2b66af0905e98b54ebd713a922be1a8 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1533/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-04-18 15:53:10 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2023 (New) Package is "syft" Tue Apr 18 15:53:10 2023 rev:36 rq:1080066 version:0.78.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-04-13 14:11:21.204505301 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2023/syft.changes 2023-04-18 15:53:14.821542531 +0200 @@ -1,0 +2,15 @@ +Tue Apr 18 04:55:15 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.78.0: + * Create consul binary classifier (#1738) + * chore(deps): update bootstrap tools to latest versions (#1740) + * Fix kernel cataloger test fixtures (#1742) + * feat: Support scanning license files in golang packages over +the network (#1630) + * Add package-to-file location evidence relationships (#1698) + * Add Linux Kernel cataloger (#1694) + * Add annotations for evidence on package locations (#1723) + * add format make target (#1733) + * Update tests to not fail on Mac M1's. (#1730) + +--- Old: syft-0.77.0.obscpio New: syft-0.78.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.g8n36w/_old 2023-04-18 15:53:17.361557159 +0200 +++ /var/tmp/diff_new_pack.g8n36w/_new 2023-04-18 15:53:17.361557159 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.77.0 +Version:0.78.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.g8n36w/_old 2023-04-18 15:53:17.397557367 +0200 +++ /var/tmp/diff_new_pack.g8n36w/_new 2023-04-18 15:53:17.397557367 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.77.0 +v0.78.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.g8n36w/_old 2023-04-18 15:53:17.413557458 +0200 +++ /var/tmp/diff_new_pack.g8n36w/_new 2023-04-18 15:53:17.417557482 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - dd30c99bc2439cb91e3d084eb21e1040dd5a54dc + 244b797a199458f504758c0e3a775572a021e629 (No newline at EOF) ++ syft-0.77.0.obscpio -> syft-0.78.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.77.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.2023/syft-0.78.0.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.g8n36w/_old 2023-04-18 15:53:17.457557712 +0200 +++ /var/tmp/diff_new_pack.g8n36w/_new 2023-04-18 15:53:17.457557712 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.77.0 -mtime: 1681222394 -commit: dd30c99bc2439cb91e3d084eb21e1040dd5a54dc +version: 0.78.0 +mtime: 1681748767 +commit: 244b797a199458f504758c0e3a775572a021e629 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.2023/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-04-13 14:11:13 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.19717 (New) Package is "syft" Thu Apr 13 14:11:13 2023 rev:35 rq:1079074 version:0.77.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-04-06 15:56:16.548408994 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.19717/syft.changes 2023-04-13 14:11:21.204505301 +0200 @@ -1,0 +2,19 @@ +Thu Apr 13 07:22:19 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.77.0: + * chore(deps): update bootstrap tools to latest versions (#1728) + * Add support for nar files. (#1727) + * add highlevel details about catalogers (#1726) + * chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 (#1722) + * chore(deps): update stereoscope to +e95d60a265e384df29b7a139f5c5402d6ad72e06 (#1721) + * feat: gradle lockfile support (#1719) + * chore(deps): bump github.com/docker/docker (#1715) + * chore(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 (#1713) + * chore(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 (#1714) + * chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 +(#1716) + * chore(deps): bump peter-evans/create-pull-request from 4 to 5 +(#1712) + +--- Old: syft-0.76.1.obscpio New: syft-0.77.0.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.GRinyR/_old 2023-04-13 14:11:23.148516463 +0200 +++ /var/tmp/diff_new_pack.GRinyR/_new 2023-04-13 14:11:23.152516486 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.76.1 +Version:0.77.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.GRinyR/_old 2023-04-13 14:11:23.188516693 +0200 +++ /var/tmp/diff_new_pack.GRinyR/_new 2023-04-13 14:11:23.192516716 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.76.1 +v0.77.0 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.GRinyR/_old 2023-04-13 14:11:23.212516831 +0200 +++ /var/tmp/diff_new_pack.GRinyR/_new 2023-04-13 14:11:23.216516854 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 7845381331e873f65fd5013f44b7d85168ced5f5 + dd30c99bc2439cb91e3d084eb21e1040dd5a54dc (No newline at EOF) ++ syft-0.76.1.obscpio -> syft-0.77.0.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.76.1.obscpio /work/SRC/openSUSE:Factory/.syft.new.19717/syft-0.77.0.obscpio differ: char 49, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.GRinyR/_old 2023-04-13 14:11:23.256517083 +0200 +++ /var/tmp/diff_new_pack.GRinyR/_new 2023-04-13 14:11:23.260517107 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.76.1 -mtime: 1680717592 -commit: 7845381331e873f65fd5013f44b7d85168ced5f5 +version: 0.77.0 +mtime: 1681222394 +commit: dd30c99bc2439cb91e3d084eb21e1040dd5a54dc ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.19717/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-04-06 15:56:13 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.19717 (New) Package is "syft" Thu Apr 6 15:56:13 2023 rev:34 rq:1077622 version:0.76.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-04-03 17:47:08.126884630 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.19717/syft.changes 2023-04-06 15:56:16.548408994 +0200 @@ -1,0 +2,12 @@ +Thu Apr 06 03:25:22 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.76.1: + * chore: update tools-golang to v0.5.0 (#1717) + * Add Nix cataloger (#1696) + * refactor spdx tooling test to reduce intermittent failures +(#1707) + * Capture file ownership relationships from portage ecosystem +(#1702) + * chore: update deprecated set-output calls (#1705) + +--- Old: syft-0.76.0.obscpio New: syft-0.76.1.obscpio Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.Gz1TRU/_old 2023-04-06 15:56:18.380419341 +0200 +++ /var/tmp/diff_new_pack.Gz1TRU/_new 2023-04-06 15:56:18.388419386 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.76.0 +Version:0.76.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.Gz1TRU/_old 2023-04-06 15:56:18.19702 +0200 +++ /var/tmp/diff_new_pack.Gz1TRU/_new 2023-04-06 15:56:18.448419724 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.76.0 +v0.76.1 @PARENT_TAG@ enable v(.*) ++ _servicedata ++ --- /var/tmp/diff_new_pack.Gz1TRU/_old 2023-04-06 15:56:18.476419883 +0200 +++ /var/tmp/diff_new_pack.Gz1TRU/_new 2023-04-06 15:56:18.476419883 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - dfcc07e5122217ca9e2fc75817c593356fc0c405 + 7845381331e873f65fd5013f44b7d85168ced5f5 (No newline at EOF) ++ syft-0.76.0.obscpio -> syft-0.76.1.obscpio ++ /work/SRC/openSUSE:Factory/syft/syft-0.76.0.obscpio /work/SRC/openSUSE:Factory/.syft.new.19717/syft-0.76.1.obscpio differ: char 50, line 1 ++ syft.obsinfo ++ --- /var/tmp/diff_new_pack.Gz1TRU/_old 2023-04-06 15:56:18.524420154 +0200 +++ /var/tmp/diff_new_pack.Gz1TRU/_new 2023-04-06 15:56:18.532420199 +0200 @@ -1,5 +1,5 @@ name: syft -version: 0.76.0 -mtime: 1680271450 -commit: dfcc07e5122217ca9e2fc75817c593356fc0c405 +version: 0.76.1 +mtime: 1680717592 +commit: 7845381331e873f65fd5013f44b7d85168ced5f5 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.19717/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-04-03 17:46:58 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.9019 (New) Package is "syft" Mon Apr 3 17:46:58 2023 rev:33 rq:1076969 version:0.76.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-03-14 18:17:03.859866392 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.9019/syft.changes 2023-04-03 17:47:08.126884630 +0200 @@ -1,0 +2,42 @@ +Mon Apr 03 12:04:58 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.76.0: + * feat: Add config option to allow user to select the default +image source location + * chore(deps): bump github.com/docker/docker (#1699) + * chore(deps): update bootstrap tools to latest versions (#1697) + * chore(deps): update stereoscope to +d7551b7f46f53179922d6229709d3d1602881080 (#1693) + * 1577 spdxlicense generate (#1691) + * chore(deps): bump github.com/vbatts/go-mtree from 0.5.2 to +0.5.3 (#1692) + * feat: scan local go mod cache for licenses of golang packages +(#1645) + * chore: fix flaky license sorting (#1690) + * chore(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 +(#1689) + * fix: shell completion by adding missing usage message required +by spf13/cobra (#1688) + * chore(deps): update bootstrap tools to latest versions (#1686) + * chore: tweak some workflow text (#1685) + * Remove more side effects from application config testing +(#1684) + * Deprecate config.yaml as valid config source; Add unit +regression for correct config paths (#1640) + * chore: Update syft bootstrap tools to latest versions. (#1682) + * Update documentation: (#1680) + * chore: Update Stereoscope to +7928713c391e20abaede6a029f4ce37b628a4c8b (#1681) + * fix: reduce logging for bad dpkg lines (#1675) + * fix ruby classifier (#1678) + * feat: add shared dir for easier cleanup (#1676) + * chore(deps): bump github.com/google/go-containerregistry +(#1672) + * chore(deps): bump actions/setup-go from 3 to 4 (#1671) + * fix: move defer after error to protect panic case (#1670) + * feat: add argocd, helm, kustomize and kubectl binary +classifiers (#1663) + * defer closing file (#1668) + * fix: remove author contributing to javascript CPEs (#1669) + +--- Old: syft-0.75.0.tar.gz New: syft-0.76.0.obscpio syft.obsinfo Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.fBJB3G/_old 2023-04-03 17:47:11.524332417 +0200 +++ /var/tmp/diff_new_pack.fBJB3G/_new 2023-04-03 17:47:11.528353066 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.75.0 +Version:0.76.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.fBJB3G/_old 2023-04-03 17:47:11.584642141 +0200 +++ /var/tmp/diff_new_pack.fBJB3G/_new 2023-04-03 17:47:11.588662790 +0200 @@ -1,9 +1,9 @@ - + https://github.com/anchore/syft git .git -v0.75.0 +v0.76.0 @PARENT_TAG@ enable v(.*) @@ -11,7 +11,8 @@ syft - + + *.tar gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.fBJB3G/_old 2023-04-03 17:47:11.620827976 +0200 +++ /var/tmp/diff_new_pack.fBJB3G/_new 2023-04-03 17:47:11.624848624 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - cc0a376aba43e7f9c5fe66320643f72088533838 + dfcc07e5122217ca9e2fc75817c593356fc0c405 (No newline at EOF) ++ syft.obsinfo ++ name: syft version: 0.76.0 mtime: 1680271450 commit: dfcc07e5122217ca9e2fc75817c593356fc0c405 ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.9019/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-03-14 18:16:55 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.31432 (New) Package is "syft" Tue Mar 14 18:16:55 2023 rev:32 rq:1071228 version:0.75.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-03-10 22:07:31.161170586 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.31432/syft.changes 2023-03-14 18:17:03.859866392 +0100 @@ -1,0 +2,8 @@ +Mon Mar 13 19:15:25 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.75.0: + * fix: more python matching support (#1667) + * Update syft bootstrap tools to latest versions. (#1666) + * feat: add ruby classifier (#1665) + +--- Old: syft-0.74.1.tar.gz New: syft-0.75.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.FpkYnN/_old 2023-03-14 18:17:05.683876142 +0100 +++ /var/tmp/diff_new_pack.FpkYnN/_new 2023-03-14 18:17:05.691876184 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.74.1 +Version:0.75.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.FpkYnN/_old 2023-03-14 18:17:05.767876590 +0100 +++ /var/tmp/diff_new_pack.FpkYnN/_new 2023-03-14 18:17:05.779876655 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.74.1 +v0.75.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,6 @@ gz -syft-0.74.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.FpkYnN/_old 2023-03-14 18:17:05.803876783 +0100 +++ /var/tmp/diff_new_pack.FpkYnN/_new 2023-03-14 18:17:05.807876804 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 41cbbe09b205e3b80e8a57d4f7a509b5f938557d + cc0a376aba43e7f9c5fe66320643f72088533838 (No newline at EOF) ++ syft-0.74.1.tar.gz -> syft-0.75.0.tar.gz ++ 231364 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.31432/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-03-10 22:07:24 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.31432 (New) Package is "syft" Fri Mar 10 22:07:24 2023 rev:31 rq:1070559 version:0.74.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-03-03 22:31:17.552001903 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.31432/syft.changes 2023-03-10 22:07:31.161170586 +0100 @@ -1,0 +2,20 @@ +Thu Mar 09 15:31:12 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.74.1: + * Update syft bootstrap tools to latest versions. (#1658) + * fix: improved Python binary detection (#1648) + * fix: suppress some known incorrect vendor candidates for npm +CPEs (#1659) + * fix: sanitize SPDX LicenseRefs (#1657) + * chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#1655) + * chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 (#1653) + * chore(deps): bump github.com/spf13/afero from 1.9.4 to 1.9.5 +(#1654) + * chore(deps): bump golang.org/x/term from 0.5.0 to 0.6.0 (#1656) + * fix: dotnet PURL types are invalid (#1649) + * feat: disable cpe vendor wildcards to reduce false positives +(#1647) + * read relative etc/apk/repositories for alpine version when no +OS provided (#1615) + +--- Old: syft-0.74.0.tar.gz New: syft-0.74.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.H5okv1/_old 2023-03-10 22:07:32.901178507 +0100 +++ /var/tmp/diff_new_pack.H5okv1/_new 2023-03-10 22:07:32.905178525 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.74.0 +Version:0.74.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.H5okv1/_old 2023-03-10 22:07:32.949178725 +0100 +++ /var/tmp/diff_new_pack.H5okv1/_new 2023-03-10 22:07:32.953178744 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.74.0 +v0.74.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.74.0.tar.gz +syft-0.74.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.H5okv1/_old 2023-03-10 22:07:32.981178871 +0100 +++ /var/tmp/diff_new_pack.H5okv1/_new 2023-03-10 22:07:32.981178871 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 5f90d0371873faf5eb8f2e748909b32294be6263 + 41cbbe09b205e3b80e8a57d4f7a509b5f938557d (No newline at EOF) ++ syft-0.74.0.tar.gz -> syft-0.74.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.74.0/.github/workflows/validations.yaml new/syft-0.74.1/.github/workflows/validations.yaml --- old/syft-0.74.0/.github/workflows/validations.yaml 2023-03-01 21:35:01.0 +0100 +++ new/syft-0.74.1/.github/workflows/validations.yaml 2023-03-07 18:54:32.0 +0100 @@ -54,6 +54,13 @@ path: syft/pkg/cataloger/golang/test-fixtures/archs/binaries key: ${{ runner.os }}-unit-go-binaries-cache-${{ hashFiles( 'syft/pkg/cataloger/golang/test-fixtures/archs/binaries.fingerprint' ) }} + - name: Restore binary cataloger test-fixture cache +id: unit-binary-cataloger-cache +uses: actions/cache@v3 +with: + path: syft/pkg/cataloger/binary/test-fixtures/classifiers/dynamic + key: ${{ runner.os }}-unit-binary-cataloger-cache-${{ hashFiles( 'syft/pkg/cataloger/binary/test-fixtures/cache.fingerprint' ) }} + - name: Run unit tests run: make unit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.74.0/Makefile new/syft-0.74.1/Makefile --- old/syft-0.74.0/Makefile2023-03-01 21:35:01.0 +0100 +++ new/syft-0.74.1/Makefile2023-03-07 18:54:32.0 +0100 @@ -14,7 +14,7 @@ GOSIMPORTS_VERSION := v0.3.7 BOUNCER_VERSION := v0.4.0 CHRONICLE_VERSION := v0.6.0 -GORELEASER_VERSION := v1.15.2 +GORELEASER_VERSION := v1.16.0 YAJSV_VERSION := v1.4.1 COSIGN_VERSION := v1.13.1 QUILL_VERSION := v0.2.0 @@ -189,6 +189,10 @@ cd test/integration/test-fixtures && \ make cache.fingerprint + # for BINARY test fixtures + cd syft/pkg/cataloger/binary/test-fixtures && \ + make cache.fingerprint + # for JAVA BUILD test fixtures cd syft/pkg/cataloger/java/test-fixtures/java-builds
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-03-03 22:28:17 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.31432 (New) Package is "syft" Fri Mar 3 22:28:17 2023 rev:30 rq:1069102 version:0.74.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-23 16:54:10.305402134 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.31432/syft.changes 2023-03-03 22:31:17.552001903 +0100 @@ -1,0 +2,34 @@ +Fri Mar 03 05:40:08 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.74.0: + * fix: possible race condition (#1639) + * fix: remove APK OriginPackage cpe candidates (#1637) + * fix: rebar lock file decoding panic (#1628) + * fix: handle individual cataloger panics (#1636) + * fix: apk product/vendor generation for old metadata (#1635) + * feat: rust toolchain binary cataloger (#1601) + * feat: retain go package info when no module declared (#1632) + * fix: improved CPE-generation for several more APK packages +(#1631) + * chore: update deprecated release flag (#1629) + * chore(deps): bump actions/upload-artifact from 2 to 3 (#1627) + * feat: add support for SUPPORT_END in /etc/os-release (#1612) + * fix: further improvements to CPE generation for apk packages +(#1623) + * chore(deps): bump github.com/stretchr/testify from 1.8.1 to +1.8.2 (#1625) + * chore(deps): bump actions/checkout from 2 to 3 (#1626) + * feat: set cosign attest predicate type based on Syft output +type (#1598) + * chore(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.4 +(#1609) + * fix: correct apk purls for other distros (#1620) + * refactor: move apk upstream logic to apk metadata (#1619) + * fix: decoding null apk metadata pullDependencies (#1614) + * feat: haproxy binary matcher (#1591) + * fix: determine upstream for apk version streams (#1610) + * fix: improve CPE generation for curl APK (#1608) + * Revert "add workaround for macos github actions cache issue +(#1584)" (#1605) + +--- Old: syft-0.73.0.tar.gz New: syft-0.74.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.532010347 +0100 +++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.540010381 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.73.0 +Version:0.74.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.604010654 +0100 +++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.608010671 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.73.0 +v0.74.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.73.0.tar.gz +syft-0.74.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.CUx8PN/_old 2023-03-03 22:31:19.644010824 +0100 +++ /var/tmp/diff_new_pack.CUx8PN/_new 2023-03-03 22:31:19.648010842 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - aa151da5fe2a1b11502c852fd2d3ad462c1d245f + 5f90d0371873faf5eb8f2e748909b32294be6263 (No newline at EOF) ++ syft-0.73.0.tar.gz -> syft-0.74.0.tar.gz ++ 4511 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.31432/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-23 16:30:31 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1706 (New) Package is "syft" Thu Feb 23 16:30:31 2023 rev:29 rq:1067391 version:0.73.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-17 16:44:16.558616292 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1706/syft.changes 2023-02-23 16:54:10.305402134 +0100 @@ -1,0 +2,16 @@ +Thu Feb 23 10:37:37 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.73.0: + * Update Stereoscope to fab1c9638abc2c21cd53dca1f205f37d71148ee0 (#1604) + * chore: fix cataloger_test (#1603) + * fix: merging of binary packages (#1583) + * fix: issue when matching format versions (#1585) + * chore: update syft bootstrap tools to latest versions. (#1593) + * feat: add perl binary classifier (#1592) + * Update Stereoscope to 529924d6d5aa6c708cceffc651883b6e1e27f5df (#1602) + * Update SPDX license list to 3.20 (#1600) + * chore: update SPDX license list (#1599) + * fix cataloger selection to be more specific (#1582) + * add workaround for macos github actions cache issue (#1584) + +--- Old: syft-0.72.0.tar.gz New: syft-0.73.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.iI0Amr/_old 2023-02-23 16:54:13.645421502 +0100 +++ /var/tmp/diff_new_pack.iI0Amr/_new 2023-02-23 16:54:13.653421548 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.72.0 +Version:0.73.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.iI0Amr/_old 2023-02-23 16:54:13.689421757 +0100 +++ /var/tmp/diff_new_pack.iI0Amr/_new 2023-02-23 16:54:13.693421781 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.72.0 +v0.73.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.72.0.tar.gz +syft-0.73.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.iI0Amr/_old 2023-02-23 16:54:13.713421896 +0100 +++ /var/tmp/diff_new_pack.iI0Amr/_new 2023-02-23 16:54:13.717421919 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 2642a3616170ccbda9d8c8cb4f4a6b0fd5c63da9 + aa151da5fe2a1b11502c852fd2d3ad462c1d245f (No newline at EOF) ++ syft-0.72.0.tar.gz -> syft-0.73.0.tar.gz ++ 13628 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1706/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-17 16:44:09 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.22824 (New) Package is "syft" Fri Feb 17 16:44:09 2023 rev:28 rq:1066250 version:0.72.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-10 14:35:45.598078148 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.22824/syft.changes 2023-02-17 16:44:16.558616292 +0100 @@ -1,0 +2,13 @@ +Thu Feb 16 17:31:12 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.72.0: + * Update Stereoscope to 4b5ebf8c7f4b81ca79c4c3f0af1d0723eab87d42 (#1576) + * chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#1574) + * chore: update bug issue template (#1571) + * allow convert to take stdin (#1570) + * fix: improve CPE and upstream generation logic for Alpine packages (#1567) + * fix: missing APK node vulnerabilities (#1565) + * fix: python CPE generation for alpine (#1564) + * chore(deps): bump github.com/docker/docker (#1563) + +--- Old: syft-0.71.0.tar.gz New: syft-0.72.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.D8c88P/_old 2023-02-17 16:44:18.222625662 +0100 +++ /var/tmp/diff_new_pack.D8c88P/_new 2023-02-17 16:44:18.226625686 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.71.0 +Version:0.72.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.D8c88P/_old 2023-02-17 16:44:18.262625888 +0100 +++ /var/tmp/diff_new_pack.D8c88P/_new 2023-02-17 16:44:18.266625911 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.71.0 +v0.72.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.71.0.tar.gz +syft-0.72.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.D8c88P/_old 2023-02-17 16:44:18.286626023 +0100 +++ /var/tmp/diff_new_pack.D8c88P/_new 2023-02-17 16:44:18.290626046 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 88c81d33edc67b0b9636d0046417a9373ac8b74f + 2642a3616170ccbda9d8c8cb4f4a6b0fd5c63da9 (No newline at EOF) ++ syft-0.71.0.tar.gz -> syft-0.72.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.71.0/.github/ISSUE_TEMPLATE/bug_report.md new/syft-0.72.0/.github/ISSUE_TEMPLATE/bug_report.md --- old/syft-0.71.0/.github/ISSUE_TEMPLATE/bug_report.md2023-02-09 17:35:11.0 +0100 +++ new/syft-0.72.0/.github/ISSUE_TEMPLATE/bug_report.md2023-02-16 16:22:43.0 +0100 @@ -7,12 +7,12 @@ --- -**Please provide a set of steps on how to reproduce the issue** - **What happened**: **What you expected to happen**: +**Steps to reproduce the issue**: + **Anything else we need to know?**: **Environment**: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.71.0/cmd/syft/cli/convert/convert.go new/syft-0.72.0/cmd/syft/cli/convert/convert.go --- old/syft-0.71.0/cmd/syft/cli/convert/convert.go 2023-02-09 17:35:11.0 +0100 +++ new/syft-0.72.0/cmd/syft/cli/convert/convert.go 2023-02-16 16:22:43.0 +0100 @@ -3,6 +3,7 @@ import ( "context" "fmt" + "io" "os" "github.com/anchore/syft/cmd/syft/cli/options" @@ -26,15 +27,23 @@ // this can only be a SBOM file userInput := args[0] - f, err := os.Open(userInput) - if err != nil { - return fmt.Errorf("failed to open SBOM file: %w", err) + + var reader io.ReadCloser + + if userInput == "-" { + reader = os.Stdin + } else { + f, err := os.Open(userInput) + if err != nil { + return fmt.Errorf("failed to open SBOM file: %w", err) + } + defer func() { + _ = f.Close() + }() + reader = f } - defer func() { - _ = f.Close() - }() - sbom, _, err := formats.Decode(f) + sbom, _, err := formats.Decode(reader) if err != nil { return fmt.Errorf("failed to decode SBOM: %w", err) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore'
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-10 14:35:44 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1848 (New) Package is "syft" Fri Feb 10 14:35:44 2023 rev:27 rq:1064157 version:0.71.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-05 19:20:22.939619237 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1848/syft.changes 2023-02-10 14:35:45.598078148 +0100 @@ -1,0 +2,19 @@ +Fri Feb 10 06:19:19 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.71.0: + * switch from trigger-release target to release target (#1560) + * Speed up cataloging by replacing globs searching with index lookups (#1510) + * Update syft bootstrap tools to latest versions. (#1549) + * Fix installed versions (#1556) + * chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 (#1558) + * feat: add postgresql classifier (#1536) + * Add release trigger (#1501) + * chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#1552) + * chore(deps): bump golang.org/x/term from 0.4.0 to 0.5.0 (#1551) + * fix: add support for licenses not found on list (#1540) + * Update syft bootstrap tools to latest versions. (#1541) + * feat: Allow specific versions of formats to be specified (#1543) + * Update Stereoscope to c49244e4d66f1ee789027ea23acc746968799c3b (#1539) + * source: when base is set, responsePath should be absolute (#1542) + +--- Old: syft-0.70.0.tar.gz New: syft-0.71.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.CanDCw/_old 2023-02-10 14:35:46.694084697 +0100 +++ /var/tmp/diff_new_pack.CanDCw/_new 2023-02-10 14:35:46.702084745 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.70.0 +Version:0.71.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.CanDCw/_old 2023-02-10 14:35:46.734084936 +0100 +++ /var/tmp/diff_new_pack.CanDCw/_new 2023-02-10 14:35:46.734084936 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.70.0 +v0.71.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.70.0.tar.gz +syft-0.71.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.CanDCw/_old 2023-02-10 14:35:46.754085056 +0100 +++ /var/tmp/diff_new_pack.CanDCw/_new 2023-02-10 14:35:46.762085104 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 9995950c70e849f9921919faffbfcf46401f71f3 + 88c81d33edc67b0b9636d0046417a9373ac8b74f (No newline at EOF) ++ syft-0.70.0.tar.gz -> syft-0.71.0.tar.gz ++ 13648 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1848/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-05 19:20:21 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.4462 (New) Package is "syft" Sun Feb 5 19:20:21 2023 rev:26 rq:1063165 version:0.70.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-02 18:18:48.547952104 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.4462/syft.changes 2023-02-05 19:20:22.939619237 +0100 @@ -1,0 +2,11 @@ +Sat Feb 04 07:45:37 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.70.0: + * fix: update config struct to not decode password/key (#1538) + * Update syft bootstrap tools to latest versions. (#1537) + * feat: add traefik classifier (#1504) + * fix: don't hardcode Cosign attest type (#1533) + * chore(deps): bump github.com/docker/docker (#1531) + * Update syft bootstrap tools to latest versions. (#1530) + +--- Old: syft-0.69.1.tar.gz New: syft-0.70.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.lNjHGm/_old 2023-02-05 19:20:24.075625804 +0100 +++ /var/tmp/diff_new_pack.lNjHGm/_new 2023-02-05 19:20:24.079625826 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.69.1 +Version:0.70.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.lNjHGm/_old 2023-02-05 19:20:24.119626058 +0100 +++ /var/tmp/diff_new_pack.lNjHGm/_new 2023-02-05 19:20:24.123626081 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.69.1 +v0.70.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.69.1.tar.gz +syft-0.70.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.lNjHGm/_old 2023-02-05 19:20:24.147626220 +0100 +++ /var/tmp/diff_new_pack.lNjHGm/_new 2023-02-05 19:20:24.147626220 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 1530ef354ffaf59cef6a02c949f2cdb82353954f + 9995950c70e849f9921919faffbfcf46401f71f3 (No newline at EOF) ++ syft-0.69.1.tar.gz -> syft-0.70.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.1/Makefile new/syft-0.70.0/Makefile --- old/syft-0.69.1/Makefile2023-01-31 17:53:16.0 +0100 +++ new/syft-0.70.0/Makefile2023-02-03 19:06:14.0 +0100 @@ -8,11 +8,11 @@ SNAPSHOT_CMD := $(RELEASE_CMD) --skip-publish --skip-sign --snapshot # Tool versions # -GOLANGCILINT_VERSION := v1.50.1 +GOLANGCILINT_VERSION := v1.51.0 GOSIMPORTS_VERSION := v0.3.5 BOUNCER_VERSION := v0.4.0 CHRONICLE_VERSION := v0.5.1 -GORELEASER_VERSION := v1.15.0 +GORELEASER_VERSION := v1.15.1 YAJSV_VERSION := v1.4.1 COSIGN_VERSION := v1.13.1 QUILL_VERSION := v0.2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.1/cmd/syft/cli/attest/attest.go new/syft-0.70.0/cmd/syft/cli/attest/attest.go --- old/syft-0.69.1/cmd/syft/cli/attest/attest.go 2023-01-31 17:53:16.0 +0100 +++ new/syft-0.70.0/cmd/syft/cli/attest/attest.go 2023-02-03 19:06:14.0 +0100 @@ -131,7 +131,7 @@ return } - args := []string{"attest", si.UserInput, "--type", "custom", "--predicate", f.Name()} + args := []string{"attest", si.UserInput, "--predicate", f.Name()} if app.Attest.Key != "" { args = append(args, "--key", app.Attest.Key) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.1/go.mod new/syft-0.70.0/go.mod --- old/syft-0.69.1/go.mod 2023-01-31 17:53:16.0 +0100 +++ new/syft-0.70.0/go.mod 2023-02-03 19:06:14.0 +0100 @@ -53,7 +53,7 @@ github.com/Masterminds/sprig/v3 v3.2.3 github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8 github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1 - github.com/docker/docker v20.10.23+incompatible + github.com/docker/docker v23.0.0+incompatible github.com/google/go-containerregistry v0.13.0 github.com/invopop/jsonschema v0.7.0 github.com/knqyf263/go-rpmdb v0.0.0-20221030135625-4082a1ce diff -urN
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-02 18:08:48 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Thu Feb 2 18:08:48 2023 rev:25 rq:1062582 version:0.69.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-02-01 16:39:08.773633704 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-02-02 18:18:48.547952104 +0100 @@ -1,0 +2,8 @@ +Thu Feb 02 06:48:23 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.69.1: + * chore: update spdx/tools-golang to v0.5.0-rc1 (#1503) + * feat: update golang to 1.19 (#1526) + * Update syft bootstrap tools to latest versions. (#1525) + +--- Old: syft-0.69.0.tar.gz New: syft-0.69.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.519958048 +0100 +++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.523958073 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.69.0 +Version:0.69.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.559958293 +0100 +++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.563958317 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.69.0 +v0.69.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.69.0.tar.gz +syft-0.69.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.583958440 +0100 +++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.587958464 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - b81c9805dcc9bf25dad7659fd9c2bbf7dd3f3d90 + 1530ef354ffaf59cef6a02c949f2cdb82353954f (No newline at EOF) ++ syft-0.69.0.tar.gz -> syft-0.69.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.0/.github/actions/bootstrap/action.yaml new/syft-0.69.1/.github/actions/bootstrap/action.yaml --- old/syft-0.69.0/.github/actions/bootstrap/action.yaml 2023-01-30 19:47:24.0 +0100 +++ new/syft-0.69.1/.github/actions/bootstrap/action.yaml 2023-01-31 17:53:16.0 +0100 @@ -4,7 +4,7 @@ go-version: description: "Go version to install" required: true -default: "1.18.x" +default: "1.19.x" use-go-cache: description: "Restore go cache" required: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.0/.github/scripts/go-mod-tidy-check.sh new/syft-0.69.1/.github/scripts/go-mod-tidy-check.sh --- old/syft-0.69.0/.github/scripts/go-mod-tidy-check.sh2023-01-30 19:47:24.0 +0100 +++ new/syft-0.69.1/.github/scripts/go-mod-tidy-check.sh2023-01-31 17:53:16.0 +0100 @@ -4,7 +4,7 @@ ORIGINAL_STATE_DIR=$(mktemp -d "TEMP-original-state-X") TIDY_STATE_DIR=$(mktemp -d "TEMP-tidy-state-X") -trap "cp ${ORIGINAL_STATE_DIR}/* ./ && rm -fR ${ORIGINAL_STATE_DIR} ${TIDY_STATE_DIR}" EXIT +trap "cp -p ${ORIGINAL_STATE_DIR}/* ./ && git update-index -q --refresh && rm -fR ${ORIGINAL_STATE_DIR} ${TIDY_STATE_DIR}" EXIT # capturing original state of files... cp go.mod go.sum "${ORIGINAL_STATE_DIR}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.69.0/.github/scripts/json-schema-drift-check.sh new/syft-0.69.1/.github/scripts/json-schema-drift-check.sh --- old/syft-0.69.0/.github/scripts/json-schema-drift-check.sh 1970-01-01 01:00:00.0 +0100 +++ new/syft-0.69.1/.github/scripts/json-schema-drift-check.sh 2023-01-31 17:53:16.0 +0100 @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -u + +if ! git diff-index --quiet HEAD --; then + git diff-index HEAD -- + git --no-pager diff + echo "there are uncommitted changes, please commit them before running this check" + exit 1 +fi + +success=true + +if ! make generate-json-schema; then + echo "Generating json schema failed" + success=false +fi + +if ! git diff-index --quiet HEAD --; then + git diff-index HEAD -- + git --no-pager diff + echo "JSON schema drift detected!" + success=false +fi + +if ! $success; then + exit 1 +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore'
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-02-01 16:39:05 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Wed Feb 1 16:39:05 2023 rev:24 rq:1062288 version:0.69.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-26 14:10:58.968433840 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-02-01 16:39:08.773633704 +0100 @@ -1,0 +2,8 @@ +Tue Jan 31 15:04:23 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.69.0: + * Allow scanning unpacked container filesystems (#1485) + * fix: allow template for syft convert (#1521) + * 1465 attestation with private key (#1502) + +--- Old: syft-0.68.1.tar.gz New: syft-0.69.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.JZ1pKS/_old 2023-02-01 16:39:10.485644870 +0100 +++ /var/tmp/diff_new_pack.JZ1pKS/_new 2023-02-01 16:39:10.489644896 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.68.1 +Version:0.69.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.JZ1pKS/_old 2023-02-01 16:39:10.553645313 +0100 +++ /var/tmp/diff_new_pack.JZ1pKS/_new 2023-02-01 16:39:10.557645339 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.68.1 +v0.69.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.68.1.tar.gz +syft-0.69.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.JZ1pKS/_old 2023-02-01 16:39:10.577645469 +0100 +++ /var/tmp/diff_new_pack.JZ1pKS/_new 2023-02-01 16:39:10.585645522 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 4c0aef09b8d7fb78200b04416f474b90b79370de + b81c9805dcc9bf25dad7659fd9c2bbf7dd3f3d90 (No newline at EOF) ++ syft-0.68.1.tar.gz -> syft-0.69.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.68.1/cmd/syft/cli/attest/attest.go new/syft-0.69.0/cmd/syft/cli/attest/attest.go --- old/syft-0.68.1/cmd/syft/cli/attest/attest.go 2023-01-25 18:18:24.0 +0100 +++ new/syft-0.69.0/cmd/syft/cli/attest/attest.go 2023-01-30 19:47:24.0 +0100 @@ -97,6 +97,7 @@ return sBytes, nil } +//nolint:funlen func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-chan error { errs := make(chan error) go func() { @@ -131,9 +132,18 @@ } args := []string{"attest", si.UserInput, "--type", "custom", "--predicate", f.Name()} + if app.Attest.Key != "" { + args = append(args, "--key", app.Attest.Key) + } + execCmd := exec.Command(cmd, args...) execCmd.Env = os.Environ() - execCmd.Env = append(execCmd.Env, "COSIGN_EXPERIMENTAL=1") + if app.Attest.Key != "" { + execCmd.Env = append(execCmd.Env, fmt.Sprintf("COSIGN_PASSWORD=%s", app.Attest.Password)) + } else { + // no key provided, use cosign's keyless mode + execCmd.Env = append(execCmd.Env, "COSIGN_EXPERIMENTAL=1") + } // bus adapter for ui to hook into stdout via an os pipe r, w, err := os.Pipe() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.68.1/cmd/syft/cli/attest.go new/syft-0.69.0/cmd/syft/cli/attest.go --- old/syft-0.68.1/cmd/syft/cli/attest.go 2023-01-25 18:18:24.0 +0100 +++ new/syft-0.69.0/cmd/syft/cli/attest.go 2023-01-30 19:47:24.0 +0100 @@ -20,8 +20,7 @@ attestHelp = attestExample + attestSchemeHelp ) -//nolint:dupl -func Attest(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions) *cobra.Command { +func Attest(v *viper.Viper, app *config.Application, ro *options.RootOptions, po *options.PackagesOptions, ao *options.AttestOptions) *cobra.Command { cmd := { Use: "attest --output [FORMAT] ", Short: "Generate an SBOM as an attestation for the given
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-26 13:58:52 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Thu Jan 26 13:58:52 2023 rev:23 rq:1061116 version:0.68.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-23 18:32:21.580224643 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-01-26 14:10:58.968433840 +0100 @@ -1,0 +2,15 @@ +Thu Jan 26 06:37:19 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.68.1: + * fix: add relevant CPEs to python and busybox classifiers (#1517) + * Update syft bootstrap tools to latest versions. (#1515) + * chore: correct bootstrap tool script (#1514) + * chore(deps): bump github.com/google/go-containerregistry (#1513) + * Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update (#1511) + * chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505) + * chore(deps): bump github.com/docker/docker (#1506) + * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 (#1507) + * chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508) + * Bump github.com/spdx/tools-golang to v0.4.0 (#1450) + +--- Old: syft-0.68.0.tar.gz New: syft-0.68.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.WfJyoh/_old 2023-01-26 14:11:00.676443027 +0100 +++ /var/tmp/diff_new_pack.WfJyoh/_new 2023-01-26 14:11:00.732443328 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.68.0 +Version:0.68.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.WfJyoh/_old 2023-01-26 14:11:01.028444920 +0100 +++ /var/tmp/diff_new_pack.WfJyoh/_new 2023-01-26 14:11:01.060445092 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.68.0 +v0.68.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.68.0.tar.gz +syft-0.68.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.WfJyoh/_old 2023-01-26 14:11:01.128445458 +0100 +++ /var/tmp/diff_new_pack.WfJyoh/_new 2023-01-26 14:11:01.136445501 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - e58050bac045be672621047d5699b4e2da62 + 4c0aef09b8d7fb78200b04416f474b90b79370de (No newline at EOF) ++ syft-0.68.0.tar.gz -> syft-0.68.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.68.0/.github/workflows/update-bootstrap-tools.yml new/syft-0.68.1/.github/workflows/update-bootstrap-tools.yml --- old/syft-0.68.0/.github/workflows/update-bootstrap-tools.yml 2023-01-20 15:49:44.0 +0100 +++ new/syft-0.68.1/.github/workflows/update-bootstrap-tools.yml 2023-01-25 18:18:24.0 +0100 @@ -31,22 +31,22 @@ COSIGN_LATEST_VERSION=$(go list -m -json github.com/sigstore/cosign@latest 2>/dev/null | jq -r '.Version') # update version variables in the Makefile - sed -r -i -e 's/^(GOLANGCILINT_VERSION = ).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(BOUNCER_VERSION = ).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(CHRONICLE_VERSION = ).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(GORELEASER_VERSION = ).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(GOSIMPORTS_VERSION = ).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(YAJSV_VERSION = ).*/\1'${YAJSV_LATEST_VERSION}'/' Makefile - sed -r -i -e 's/^(COSIGN_VERSION = ).*/\1'${COSIGN_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(GOLANGCILINT_VERSION := ).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(BOUNCER_VERSION := ).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(CHRONICLE_VERSION := ).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(GORELEASER_VERSION := ).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(GOSIMPORTS_VERSION := ).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(YAJSV_VERSION := ).*/\1'${YAJSV_LATEST_VERSION}'/' Makefile + sed -r -i -e 's/^(COSIGN_VERSION :=
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-23 18:32:05 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Mon Jan 23 18:32:05 2023 rev:22 rq:1060339 version:0.68.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-20 17:39:31.864803600 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-01-23 18:32:21.580224643 +0100 @@ -1,0 +2,30 @@ +Sat Jan 21 07:53:06 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.68.0: + * Fix panic in apkdb parsing on empty "provides" values (#1494) + * push detailed log statements to trace-level (#1500) + * npm: package-lock license decoding to accept string or array (#1482) + * always set the package ID for java packages (#1493) + * fix: skip filling in empty fields in APK metadata (#1484) + * chore(deps): bump github.com/facebookincubator/nvdtools (#1499) + * chore(deps): bump github.com/jinzhu/copier from 0.3.2 to 0.3.5 (#1498) + * chore(deps): bump github.com/vbatts/go-mtree from 0.5.0 to 0.5.2 (#1497) + * chore(deps): bump github.com/gookit/color from 1.4.2 to 1.5.2 (#1496) + * chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#1495) + * Relax error conditions for catalogers (#1492) + * feat: add memcached classifier (#1486) + * chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1488) + * chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.0.2 to 4.6.0 (#1489) + * chore(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1490) + * chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.0 (#1491) + * chore(deps): bump github.com/google/go-containerregistry (#1487) + * chore(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 (#1475) + * chore(deps): bump github.com/adrg/xdg from 0.3.3 to 0.4.0 (#1477) + * chore(deps): bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 (#1476) + * chore(deps): bump github.com/vifraa/gopom from 0.1.0 to 0.2.1 (#1474) + * chore(deps): bump github/codeql-action from 1 to 2 (#1473) + * chore(deps): bump actions/setup-go from 2 to 3 (#1472) + * Add dependabot (#1451) +- skip non-existent release 0.67.x + +--- Old: syft-0.66.2.tar.gz New: syft-0.68.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.uU9kxC/_old 2023-01-23 18:32:24.184242663 +0100 +++ /var/tmp/diff_new_pack.uU9kxC/_new 2023-01-23 18:32:24.188242690 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.66.2 +Version:0.68.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.uU9kxC/_old 2023-01-23 18:32:24.256243161 +0100 +++ /var/tmp/diff_new_pack.uU9kxC/_new 2023-01-23 18:32:24.256243161 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.66.2 +v0.68.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.66.2.tar.gz +syft-0.68.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.uU9kxC/_old 2023-01-23 18:32:24.276243300 +0100 +++ /var/tmp/diff_new_pack.uU9kxC/_new 2023-01-23 18:32:24.280243327 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 03971ace43b877e371c13e3f786c1f6c3a4ec507 + e58050bac045be672621047d5699b4e2da62 (No newline at EOF) ++ syft-0.66.2.tar.gz -> syft-0.68.0.tar.gz ++ 2730 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.32243/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-20 17:39:12 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Fri Jan 20 17:39:12 2023 rev:21 rq:1059929 version:0.66.2 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-14 00:03:30.437812097 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-01-20 17:39:31.864803600 +0100 @@ -1,0 +2,14 @@ +Fri Jan 20 09:56:19 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.66.2: + * chore: use checkout v3 with new depth (#1471) + * chore: use checkout v2 for tag depth (#1470) + * fix: nil panic in graalvm cataloger (#1468) + * add linter for type assertion checks (#1469) + * fix: bump golang.org/x/net to v0.4.0 (#1467) + * fix: bump golang.org/x/text to v0.3.8 (#1466) + * bootstrap within composite action (#1461) + * chore: revert GolangBinMetadata name and make analogous GolangModMetadata (#1458) + * README: update Nix installation instructions (#1455) + +--- Old: syft-0.66.1.tar.gz New: syft-0.66.2.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.mwe4sy/_old 2023-01-20 17:39:33.156810747 +0100 +++ /var/tmp/diff_new_pack.mwe4sy/_new 2023-01-20 17:39:33.160810769 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.66.1 +Version:0.66.2 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.mwe4sy/_old 2023-01-20 17:39:33.192810946 +0100 +++ /var/tmp/diff_new_pack.mwe4sy/_new 2023-01-20 17:39:33.196810968 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.66.1 +v0.66.2 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.66.1.tar.gz +syft-0.66.2.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.mwe4sy/_old 2023-01-20 17:39:33.216811079 +0100 +++ /var/tmp/diff_new_pack.mwe4sy/_new 2023-01-20 17:39:33.220811101 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - ac94bf530c7b1e6ee5df1ed0f9f6454fca8bc918 + 03971ace43b877e371c13e3f786c1f6c3a4ec507 (No newline at EOF) ++ syft-0.66.1.tar.gz -> syft-0.66.2.tar.gz ++ 4477 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.32243/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-14 00:02:50 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.32243 (New) Package is "syft" Sat Jan 14 00:02:50 2023 rev:20 rq:1058118 version:0.66.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-06 17:06:07.284371989 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-01-14 00:03:30.437812097 +0100 @@ -1,0 +2,28 @@ +Fri Jan 13 06:11:18 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.66.1: + * fix: update graalvm cataloger to fix panic (#1454) + * chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452) + +--- +Fri Jan 13 06:09:05 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.66.0: + * feat: Add the origin field to the output format of syftjson (#1327) + * chore: update schema (#1449) + * feat: prefer known CPE vendors over other candidates (#1294) + * fix: update attestation code to remove library dependencies and shellout for keyless flow (#1442) + * feat: add BeamVM Hex support (#1073) + * feat: add apache httpd binary classifier (#1448) + * chore: claim artifacthub package ownership from developer-guy (#881) + * Parallel package catalog processing (#1355) + * feat: Add php binary catalogers (#1444) + * Update syft bootstrap tools to latest versions. (#1443) + * fix: duplicate file in tar archive causes read to fail (#1445) + * Add support for GraalVM Native Image executables. (#1276) + * Add redis binary classifier (#1438) + * docs: add cataloger construction summary (#1434) + * chore: update bootstrap tools to latest versions. (#1428) + * Add alpine type to purl (#1431) + +--- Old: syft-0.65.0.tar.gz New: syft-0.66.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.ubFcAg/_old 2023-01-14 00:03:32.793825820 +0100 +++ /var/tmp/diff_new_pack.ubFcAg/_new 2023-01-14 00:03:32.797825842 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.65.0 +Version:0.66.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.ubFcAg/_old 2023-01-14 00:03:32.833826052 +0100 +++ /var/tmp/diff_new_pack.ubFcAg/_new 2023-01-14 00:03:32.837826076 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.65.0 +v0.66.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.65.0.tar.gz +syft-0.66.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.ubFcAg/_old 2023-01-14 00:03:32.857826192 +0100 +++ /var/tmp/diff_new_pack.ubFcAg/_new 2023-01-14 00:03:32.861826215 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - bc1edb9c8a2fb4824bfdcac6147edc2bbf47aaf6 + ac94bf530c7b1e6ee5df1ed0f9f6454fca8bc918 (No newline at EOF) ++ syft-0.65.0.tar.gz -> syft-0.66.1.tar.gz ++ 10646 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.32243/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-06 17:05:20 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1563 (New) Package is "syft" Fri Jan 6 17:05:20 2023 rev:19 rq:1056216 version:0.65.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2023-01-04 20:18:26.533575274 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1563/syft.changes 2023-01-06 17:06:07.284371989 +0100 @@ -1,0 +2,10 @@ +Thu Jan 05 14:00:02 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.65.0: + * adding purl types for binary classifiers (#1435) + * chore: refactor basic CPE functionality to its own package (#1436) + * fix: typo in os.Getwd error message (#1433) + * fix: additional excessive go binary warnings (#1432) + * docs: migrate to homebrew-core (#1427) + +--- Old: syft-0.64.0.tar.gz New: syft-0.65.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.bl3X1o/_old 2023-01-06 17:06:08.964381424 +0100 +++ /var/tmp/diff_new_pack.bl3X1o/_new 2023-01-06 17:06:08.968381446 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.64.0 +Version:0.65.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.bl3X1o/_old 2023-01-06 17:06:09.004381649 +0100 +++ /var/tmp/diff_new_pack.bl3X1o/_new 2023-01-06 17:06:09.012381693 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.64.0 +v0.65.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.64.0.tar.gz +syft-0.65.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.bl3X1o/_old 2023-01-06 17:06:09.032381805 +0100 +++ /var/tmp/diff_new_pack.bl3X1o/_new 2023-01-06 17:06:09.036381828 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - e1e489a2849c8432781a7cb58b257fa935efa1cf + bc1edb9c8a2fb4824bfdcac6147edc2bbf47aaf6 (No newline at EOF) ++ syft-0.64.0.tar.gz -> syft-0.65.0.tar.gz ++ 36251 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1563/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2023-01-04 20:18:24 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1563 (New) Package is "syft" Wed Jan 4 20:18:24 2023 rev:18 rq:1055941 version:0.64.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-12-17 20:37:05.788786687 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1563/syft.changes 2023-01-04 20:18:26.533575274 +0100 @@ -1,0 +2,16 @@ +Wed Jan 04 15:47:49 UTC 2023 - ka...@b1-systems.de + +- Update to version 0.64.0: + * fix: unicode output in cyclonedx-json format (#1420) + * fix: excessive go binary warnings (#1424) + * feat: update spdx format model to produce valid spdx json documents (#1418) + * clean package names in python parsers (#1417) + * docs: update schema name to 2.3 (#1416) + * feat: add h1digest when scanning go.mod (#1405) + * feat: Add license parsing for java (#1385) + * fix: cyclonedx component type for binaries (#1406) + * fix: openjdk detection pattern (#1415) + * bug: spdx checksum empty array; allow syft to generate SHA1 for spdx-tag-value documents (#1404) + * Add NetBSD support. (#1412) + +--- Old: syft-0.63.0.tar.gz New: syft-0.64.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.63qXFU/_old 2023-01-04 20:18:28.001584003 +0100 +++ /var/tmp/diff_new_pack.63qXFU/_new 2023-01-04 20:18:28.005584027 +0100 @@ -1,7 +1,7 @@ # # spec file for package syft # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.63.0 +Version:0.64.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.63qXFU/_old 2023-01-04 20:18:28.049584289 +0100 +++ /var/tmp/diff_new_pack.63qXFU/_new 2023-01-04 20:18:28.053584313 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.63.0 +v0.64.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.63.0.tar.gz +syft-0.64.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.63qXFU/_old 2023-01-04 20:18:28.077584455 +0100 +++ /var/tmp/diff_new_pack.63qXFU/_new 2023-01-04 20:18:28.081584479 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 23a3173c9f2461e5906d1b9e3ac20b4806d74777 + e1e489a2849c8432781a7cb58b257fa935efa1cf (No newline at EOF) ++ syft-0.63.0.tar.gz -> syft-0.64.0.tar.gz ++ 4603 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1563/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-12-17 20:36:48 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1835 (New) Package is "syft" Sat Dec 17 20:36:48 2022 rev:17 rq:1043455 version:0.63.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-12-01 17:21:56.362468255 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1835/syft.changes 2022-12-17 20:37:05.788786687 +0100 @@ -1,0 +2,14 @@ +Fri Dec 16 12:37:58 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.63.0: + * feat: add catalog delete (#1377) + * docs: remove file classifier (#1397) + * chore: update latest cyclonedx library (#1390) + * feat: Add Java binary catalogers (#1392) + * chore: Update SPDX license list to 3.19 (#1389) + * fix: add manual vendor/product removal to fix false flags (#1070) + * Update Stereoscope to c5ff155d72f166e2332e160a75c3ff2b8e9c7e2e (#1395) + * chore: fix test busybox image sha (#1393) + * fix: go version not properly identified in binary (#1384) + +--- Old: syft-0.62.3.tar.gz New: syft-0.63.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.2Drrvs/_old 2022-12-17 20:37:06.988793279 +0100 +++ /var/tmp/diff_new_pack.2Drrvs/_new 2022-12-17 20:37:06.996793323 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.62.3 +Version:0.63.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.2Drrvs/_old 2022-12-17 20:37:07.032793521 +0100 +++ /var/tmp/diff_new_pack.2Drrvs/_new 2022-12-17 20:37:07.036793543 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.62.3 +v0.63.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.62.3.tar.gz +syft-0.63.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.2Drrvs/_old 2022-12-17 20:37:07.060793675 +0100 +++ /var/tmp/diff_new_pack.2Drrvs/_new 2022-12-17 20:37:07.064793697 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 247b054ab56f848c477495218754166272f470b5 + 23a3173c9f2461e5906d1b9e3ac20b4806d74777 (No newline at EOF) ++ syft-0.62.3.tar.gz -> syft-0.63.0.tar.gz ++ 10846 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1835/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-12-01 17:21:08 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1835 (New) Package is "syft" Thu Dec 1 17:21:08 2022 rev:16 rq:1039246 version:0.62.3 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-11-29 13:23:21.537987372 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1835/syft.changes 2022-12-01 17:21:56.362468255 +0100 @@ -1,0 +2,11 @@ +Thu Dec 01 05:41:03 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.62.3: + * Update Stereoscope to 3b80d983223f6e6fc2d33b0ffa003d30268418e9 (#1376) + * fix: Update node binary package name (#1375) + * feat: Generic Binary Cataloger (#1336) + * recover from bad parsing of golang binary (#1371) + * Fix parsing of apk databases with large entries (#1365) + * Update syft bootstrap tools to latest versions. (#1369) + +--- Old: syft-0.62.2.tar.gz New: syft-0.62.3.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.1FAR4H/_old 2022-12-01 17:22:04.634513487 +0100 +++ /var/tmp/diff_new_pack.1FAR4H/_new 2022-12-01 17:22:04.642513531 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.62.2 +Version:0.62.3 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.1FAR4H/_old 2022-12-01 17:22:04.686513771 +0100 +++ /var/tmp/diff_new_pack.1FAR4H/_new 2022-12-01 17:22:04.690513793 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.62.2 +v0.62.3 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.62.2.tar.gz +syft-0.62.3.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.1FAR4H/_old 2022-12-01 17:22:04.718513946 +0100 +++ /var/tmp/diff_new_pack.1FAR4H/_new 2022-12-01 17:22:04.722513968 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 0cbd0cc70377d5b1b11b808fbbf9ddec450c68ee + 247b054ab56f848c477495218754166272f470b5 (No newline at EOF) ++ syft-0.62.2.tar.gz -> syft-0.62.3.tar.gz ++ 174446 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1835/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-11-29 13:23:20 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1597 (New) Package is "syft" Tue Nov 29 13:23:20 2022 rev:15 rq:1038824 version:0.62.2 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-11-22 16:10:11.182031029 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1597/syft.changes 2022-11-29 13:23:21.537987372 +0100 @@ -1,0 +2,9 @@ +Mon Nov 28 18:06:04 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.62.2: + * fix: guard for locations < 1 in alpmdb parse (#1366) + * fix: remove cabal.project.freeze panic on last pkg (#1363) + * fix: requirements.txt - return unicode only letter/num for version (#1361) + * Update syft bootstrap tools to latest versions. (#1356) + +--- Old: syft-0.62.1.tar.gz New: syft-0.62.2.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.HQOeZA/_old 2022-11-29 13:23:23.785998493 +0100 +++ /var/tmp/diff_new_pack.HQOeZA/_new 2022-11-29 13:23:23.789998513 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.62.1 +Version:0.62.2 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.HQOeZA/_old 2022-11-29 13:23:23.829998711 +0100 +++ /var/tmp/diff_new_pack.HQOeZA/_new 2022-11-29 13:23:23.829998711 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.62.1 +v0.62.2 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.62.1.tar.gz +syft-0.62.2.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.HQOeZA/_old 2022-11-29 13:23:23.849998810 +0100 +++ /var/tmp/diff_new_pack.HQOeZA/_new 2022-11-29 13:23:23.849998810 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 098e61dcc81d7a6d666bc62a2166c9b8f32c61bc + 0cbd0cc70377d5b1b11b808fbbf9ddec450c68ee (No newline at EOF) ++ syft-0.62.1.tar.gz -> syft-0.62.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.62.1/Makefile new/syft-0.62.2/Makefile --- old/syft-0.62.1/Makefile2022-11-21 15:26:24.0 +0100 +++ new/syft-0.62.2/Makefile2022-11-28 16:43:18.0 +0100 @@ -13,7 +13,7 @@ GOSIMPORTS_VERSION = v0.3.4 BOUNCER_VERSION = v0.4.0 CHRONICLE_VERSION = v0.4.2 -GORELEASER_VERSION = v1.12.3 +GORELEASER_VERSION = v1.13.0 YAJSV_VERSION = v1.4.1 COSIGN_VERSION = v1.13.1 QUILL_VERSION = v0.2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.62.1/syft/pkg/cataloger/alpm/parse_alpm_db.go new/syft-0.62.2/syft/pkg/cataloger/alpm/parse_alpm_db.go --- old/syft-0.62.1/syft/pkg/cataloger/alpm/parse_alpm_db.go2022-11-21 15:26:24.0 +0100 +++ new/syft-0.62.2/syft/pkg/cataloger/alpm/parse_alpm_db.go2022-11-28 16:43:18.0 +0100 @@ -42,10 +42,12 @@ if err != nil { return nil, nil, err } + pkgFiles, err := parseMtree(r) if err != nil { return nil, nil, err } + // The replace the files found the the pacman database with the files from the mtree These contain more metadata and // thus more useful. metadata.Files = pkgFiles @@ -106,6 +108,10 @@ if err != nil { return nil, err } + + if len(locs) == 0 { + return nil, fmt.Errorf("could not find file: %s", path) + } // TODO: Should we maybe check if we found the file dbContentReader, err := resolver.FileContentsByLocation(locs[0]) if err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.62.1/syft/pkg/cataloger/haskell/parse_cabal_freeze.go new/syft-0.62.2/syft/pkg/cataloger/haskell/parse_cabal_freeze.go --- old/syft-0.62.1/syft/pkg/cataloger/haskell/parse_cabal_freeze.go 2022-11-21 15:26:24.0 +0100 +++ new/syft-0.62.2/syft/pkg/cataloger/haskell/parse_cabal_freeze.go 2022-11-28 16:43:18.0 +0100 @@ -34,6 +34,14 @@ line = strings.TrimSpace(line) startPkgEncoding, endPkgEncoding := strings.Index(line, "any.")+4, strings.Index(line, ",") + // case where comma not found for last package in constraint list +
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-11-22 16:10:02 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1597 (New) Package is "syft" Tue Nov 22 16:10:02 2022 rev:14 rq:1037138 version:0.62.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-11-19 18:09:15.266415969 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1597/syft.changes 2022-11-22 16:10:11.182031029 +0100 @@ -1,0 +2,8 @@ +Mon Nov 21 15:12:29 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.62.1: + * fix: sort relationships in SPDX output (#1350) + * chore: add debug logging for decode errors (#1352) + * feat(npm): handle aliases in package-lock.json (#1349) + +--- Old: syft-0.62.0.tar.gz New: syft-0.62.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.hwVrvd/_old 2022-11-22 16:10:12.826039370 +0100 +++ /var/tmp/diff_new_pack.hwVrvd/_new 2022-11-22 16:10:12.834039411 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.62.0 +Version:0.62.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.hwVrvd/_old 2022-11-22 16:10:12.890039695 +0100 +++ /var/tmp/diff_new_pack.hwVrvd/_new 2022-11-22 16:10:12.898039735 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.62.0 +v0.62.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.62.0.tar.gz +syft-0.62.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.hwVrvd/_old 2022-11-22 16:10:12.942039958 +0100 +++ /var/tmp/diff_new_pack.hwVrvd/_new 2022-11-22 16:10:12.95003 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - da4b2df57640e03f273a2e7e9b04eca40555e139 + 098e61dcc81d7a6d666bc62a2166c9b8f32c61bc (No newline at EOF) ++ syft-0.62.0.tar.gz -> syft-0.62.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.62.0/syft/formats/common/spdxhelpers/to_format_model.go new/syft-0.62.1/syft/formats/common/spdxhelpers/to_format_model.go --- old/syft-0.62.0/syft/formats/common/spdxhelpers/to_format_model.go 2022-11-18 19:42:55.0 +0100 +++ new/syft-0.62.1/syft/formats/common/spdxhelpers/to_format_model.go 2022-11-21 15:26:24.0 +0100 @@ -105,7 +105,7 @@ }, Packages: toPackages(s.Artifacts.PackageCatalog), Files: toFiles(s), - Relationships: toRelationships(s.Relationships), + Relationships: toRelationships(s.RelationshipsSorted()), } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.62.0/syft/formats/common/testutils/utils.go new/syft-0.62.1/syft/formats/common/testutils/utils.go --- old/syft-0.62.0/syft/formats/common/testutils/utils.go 2022-11-18 19:42:55.0 +0100 +++ new/syft-0.62.1/syft/formats/common/testutils/utils.go 2022-11-21 15:26:24.0 +0100 @@ -2,8 +2,10 @@ import ( "bytes" + "math/rand" "strings" "testing" + "time" "github.com/sergi/go-diff/diffmatchpatch" "github.com/stretchr/testify/assert" @@ -12,6 +14,7 @@ "github.com/anchore/stereoscope/pkg/filetree" "github.com/anchore/stereoscope/pkg/image" "github.com/anchore/stereoscope/pkg/imagetest" + "github.com/anchore/syft/syft/artifact" "github.com/anchore/syft/syft/linux" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/sbom" @@ -276,3 +279,25 @@ return catalog } + +//nolint:gosec +func AddSampleFileRelationships(s *sbom.SBOM) { + catalog := s.Artifacts.PackageCatalog.Sorted() + s.Artifacts.FileMetadata = map[source.Coordinates]source.FileMetadata{} + + files := []string{"/f1", "/f2", "/d1/f3", "/d2/f4", "/z1/f5", "/a1/f6"} + rnd := rand.New(rand.NewSource(time.Now().UnixNano())) + rnd.Shuffle(len(files), func(i, j int) { files[i], files[j] = files[j], files[i] }) + + for _, f := range files { + meta := source.FileMetadata{} + coords := source.Coordinates{RealPath: f} + s.Artifacts.FileMetadata[coords] = meta + + s.Relationships = append(s.Relationships,
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-11-19 18:09:07 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1597 (New) Package is "syft" Sat Nov 19 18:09:07 2022 rev:13 rq:1036800 version:0.62.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-11-16 15:42:58.363746761 +0100 +++ /work/SRC/openSUSE:Factory/.syft.new.1597/syft.changes 2022-11-19 18:09:15.266415969 +0100 @@ -1,0 +2,33 @@ +Sat Nov 19 12:04:28 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.62.0: + * fix: spdx java checksum correctness (#1348) + * feat: Add support for npm lockfile version 3 (#1206) + +--- +Fri Nov 18 15:38:51 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.61.0: + * clean name bug (#1347) + * Add spdx relationship encoding for dependencies (#1342) + * feat: SPDX 2.3 support (#1311) + * SBOM cataloger (#1029) + * chore: clean up linting configuration (#1343) + * fix: Unmarshal Syft JSON with missing metadata (#1338) + * fix apk decode for older data shapes (#1341) + * chore: add unit test for wolfi os release identification (#1340) + * fix: Output only valid CPEs for CycloneDX OS components (#1339) + * feat: Add `--name` option to override name in output (#1269) + * Add support for dependency relationships for alpine (apk) (#1063) + * normalize alpm md5 refs (#1333) + * Update java generic cataloger (#1329) + * Support encoding map types to CycloneDX properties (#1332) + * Update swift cataloger to generic cataloger (#1324) + * port rust cataloger to new generic cataloger pattern (#1323) + * port ruby cataloger to new generic cataloger pattern (#1322) + * port rpm cataloger to new generic cataloger pattern (#1321) + * port python cataloger to new generic cataloger pattern (#1319) + * Update portage cataloger to new generic cataloger (#1316) + * port php cataloger to new generic cataloger pattern (#1315) + +--- Old: syft-0.60.3.tar.gz New: syft-0.62.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.bCbH6H/_old 2022-11-19 18:09:16.710424131 +0100 +++ /var/tmp/diff_new_pack.bCbH6H/_new 2022-11-19 18:09:16.714424154 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.60.3 +Version:0.62.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.bCbH6H/_old 2022-11-19 18:09:16.762424425 +0100 +++ /var/tmp/diff_new_pack.bCbH6H/_new 2022-11-19 18:09:16.766424448 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.60.3 +v0.62.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.60.3.tar.gz +syft-0.62.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.bCbH6H/_old 2022-11-19 18:09:16.790424584 +0100 +++ /var/tmp/diff_new_pack.bCbH6H/_new 2022-11-19 18:09:16.794424606 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - bc9740d50a38e9660f2f98ed91d84c6d8799cf70 + da4b2df57640e03f273a2e7e9b04eca40555e139 (No newline at EOF) ++ syft-0.60.3.tar.gz -> syft-0.62.0.tar.gz ++ 32955 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1597/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-11-16 15:42:47 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1597 (New) Package is "syft" Wed Nov 16 15:42:47 2022 rev:12 rq:1035810 version:0.60.3 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-10-18 12:45:55.777850741 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1597/syft.changes 2022-11-16 15:42:58.363746761 +0100 @@ -1,0 +2,57 @@ +Tue Nov 15 09:52:45 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.60.3: + * javascript cataloger: node binary: nil pointer dereference (#1313) + * Fix: Include version information in binary cataloger CPEs (#1310) + * fix: only generate PURL on empty string (#1312) + * add s3 credentials to release (#1309) + * port javascript cataloger to new generic cataloger pattern (#1308) + +--- +Tue Nov 15 09:44:11 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.60.2: + * chore: update goreleaser brew token (#1306) + * fix: Decode binary and unknown metadata (#1307) + +--- +Tue Nov 15 09:39:47 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.60.1: + * chore: update github token permissions for goreleaser (#1305) + +--- +Tue Nov 15 09:29:12 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.60.0: + * fix: update ci secret to use new password (#1304) + * fix: update secret value to use new cert cahin (#1303) + * fix: verbose quill release failures (#1302) + * fix: unterminated quoted string (#1300) + * fix: update Makefile to remove old signing arch (#1299) + * feat: add nodejs-binary package classifier (#1296) + * update go-rpmdb to improve parsing of installed files (#1297) + * docs: update attestation directions with new cosign changes + * fix: Continue parsing Python RECORD files when bad lines encountered (#1295) + * Fix #1245 Update SPDX license list to 3.18 (#1259) + * fix: Resolve Maven POM expressions (#1251) (#1278) + * port haskell cataloger to new generic cataloger pattern (#1290) + * port golang cataloger to new generic cataloger pattern (#1289) + * port deb/dpkg cataloger to new generic cataloger pattern (#1288) + * update cataloger tests to use pkgtest utils (#1287) + * port dotnet cataloger to new generic cataloger pattern (#1286) + * port dart cataloger to new generic cataloger pattern (#1285) + * port conan cataloger to new generic cataloger pattern (#1284) + * port apk cataloger to new generic cataloger pattern (#1283) + * replace signing tooling with quill (#1280) + * Upgrade generic cataloger (#1281) + * Update syft bootstrap tools to latest versions. (#1282) + * replace logger interface with anchore/go-logger (#1279) + * Update syft bootstrap tools to latest versions. (#1267) + * Add go binary h1 digest to SPDX (#1265) + * fix: move reproduction to top of issue (#1264) + * fix: update syftjson ID to match major schema version (#1274) + * Use in-toto CycloneDX predicate to be compatible with cosign (#1270) + * chore: handle deprecated SPDX license: StandardML-NJ (#1266) + +--- Old: syft-0.59.0.tar.gz New: syft-0.60.3.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.SbJtlf/_old 2022-11-16 15:43:00.135753185 +0100 +++ /var/tmp/diff_new_pack.SbJtlf/_new 2022-11-16 15:43:00.139753200 +0100 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.59.0 +Version:0.60.3 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.SbJtlf/_old 2022-11-16 15:43:00.167753302 +0100 +++ /var/tmp/diff_new_pack.SbJtlf/_new 2022-11-16 15:43:00.171753316 +0100 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.59.0 +v0.60.3 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.59.0.tar.gz +syft-0.60.3.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.SbJtlf/_old 2022-11-16 15:43:00.191753389 +0100 +++ /var/tmp/diff_new_pack.SbJtlf/_new 2022-11-16 15:43:00.195753403 +0100 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 41bc6bb410352845f22766e27dd48ba93aa825a4 + bc9740d50a38e9660f2f98ed91d84c6d8799cf70 (No newline at EOF)
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-10-18 12:45:34 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2275 (New) Package is "syft" Tue Oct 18 12:45:34 2022 rev:11 rq:1029643 version:0.59.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-09-30 17:58:36.373352729 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2275/syft.changes 2022-10-18 12:45:55.777850741 +0200 @@ -1,0 +2,19 @@ +Tue Oct 18 05:11:08 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.59.0: + * Fixes #1179 Deprecated SPDX license (#1263) + * feat: add RelationshipsBySourceOwnership to syft json output (#1248) + * fix: reset merged package into map; (#1258) + * refactor: Remove experimental Anchore Enterprise upload functionality (#1257) + * Update syft bootstrap tools to latest versions. (#1254) + * Update Stereoscope to d24c9d626b33fa720210b007a20767801827b532 (#1253) + * Update syft bootstrap tools to latest versions. (#1244) + * fix apkdb checksum representation (#1247) + * feat: add identifiable field to source object (#1243) + * feat: attest support for Singularity images (#1201) + * Update syft bootstrap tools to latest versions. (#1239) + * Update Stereoscope to 1b1b744a919964f38d14e1416fb3f25221b761ce (#1240) + * fix: Follow symlinks when searching for globs in all-layers scope (#1221) + * update requires to use list; remove field (#1234) + +--- Old: syft-0.58.0.tar.gz New: syft-0.59.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.lvEvEs/_old 2022-10-18 12:45:57.409854457 +0200 +++ /var/tmp/diff_new_pack.lvEvEs/_new 2022-10-18 12:45:57.417854475 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.58.0 +Version:0.59.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.lvEvEs/_old 2022-10-18 12:45:57.449854548 +0200 +++ /var/tmp/diff_new_pack.lvEvEs/_new 2022-10-18 12:45:57.453854557 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.58.0 +v0.59.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.58.0.tar.gz +syft-0.59.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.lvEvEs/_old 2022-10-18 12:45:57.473854602 +0200 +++ /var/tmp/diff_new_pack.lvEvEs/_new 2022-10-18 12:45:57.477854611 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - b9b13d5525df89194d332467f692bc28bc68d07f + 41bc6bb410352845f22766e27dd48ba93aa825a4 (No newline at EOF) ++ syft-0.58.0.tar.gz -> syft-0.59.0.tar.gz ++ 6336 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.2275/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-09-30 17:58:19 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2275 (New) Package is "syft" Fri Sep 30 17:58:19 2022 rev:10 rq:1007143 version:0.58.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-09-21 14:44:15.166046731 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2275/syft.changes 2022-09-30 17:58:36.373352729 +0200 @@ -1,0 +2,13 @@ +Fri Sep 30 05:10:45 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.58.0: + * Add Conan (C/C++) conan.lock file support (#1230) + * add sequence diagrams and flesh out TODO notes (#1233) + * Do not fail if unable to parse `.rpm` file (#1232) + * fix: support exclude patterns on Windows (#1228) + * Update syft bootstrap tools to latest versions. (#1225) + * Update Stereoscope to 56552770e555d764ea72b99d3c810326b27ead4a (#1224) + * Update syft bootstrap tools to latest versions. (#1223) + * Update syft bootstrap tools to latest versions. (#1220) + +--- Old: syft-0.57.0.tar.gz New: syft-0.58.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.MweLpK/_old 2022-09-30 17:58:38.049356312 +0200 +++ /var/tmp/diff_new_pack.MweLpK/_new 2022-09-30 17:58:38.053356320 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.57.0 +Version:0.58.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.MweLpK/_old 2022-09-30 17:58:38.085356389 +0200 +++ /var/tmp/diff_new_pack.MweLpK/_new 2022-09-30 17:58:38.089356397 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.57.0 +v0.58.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.57.0.tar.gz +syft-0.58.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.MweLpK/_old 2022-09-30 17:58:38.105356431 +0200 +++ /var/tmp/diff_new_pack.MweLpK/_new 2022-09-30 17:58:38.109356440 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 04d288b3643f906255af88108f27712bb2be5b63 + b9b13d5525df89194d332467f692bc28bc68d07f (No newline at EOF) ++ syft-0.57.0.tar.gz -> syft-0.58.0.tar.gz ++ 2824 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.2275/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-09-21 14:43:14 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2083 (New) Package is "syft" Wed Sep 21 14:43:14 2022 rev:9 rq:1005155 version:0.57.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-09-14 13:45:01.745901348 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2083/syft.changes 2022-09-21 14:44:15.166046731 +0200 @@ -1,0 +2,13 @@ +Wed Sep 21 08:27:42 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.57.0: + * feat: catalog python files for installed-files.txt file metadata (#1217) + * Stabilize SPDX JSON output sorting (#1216) + * bug: remove chance for panic; provide default attestation path (#1214) + * refactor: update Makefile organization; update DEVELOPING.md instructions (#1212) + * refactor: replace ioutil=>io; update linter (#1211) + * Update bootstrap tools to latest versions. (#1204) + * Add gosimports (#1205) + * refactor: move formats from internal into syft module (#1172) + +--- Old: syft-0.56.0.tar.gz New: syft-0.57.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.y8reer/_old 2022-09-21 14:44:16.942051369 +0200 +++ /var/tmp/diff_new_pack.y8reer/_new 2022-09-21 14:44:16.942051369 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.56.0 +Version:0.57.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.y8reer/_old 2022-09-21 14:44:16.982051473 +0200 +++ /var/tmp/diff_new_pack.y8reer/_new 2022-09-21 14:44:16.986051484 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.56.0 +v0.57.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.56.0.tar.gz +syft-0.57.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.y8reer/_old 2022-09-21 14:44:17.006051536 +0200 +++ /var/tmp/diff_new_pack.y8reer/_new 2022-09-21 14:44:17.010051546 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - c5dca001e267d2a91ff82e53ca72535ceef6af02 + 04d288b3643f906255af88108f27712bb2be5b63 (No newline at EOF) ++ syft-0.56.0.tar.gz -> syft-0.57.0.tar.gz ++ 27536 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.2083/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-09-14 13:44:52 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2083 (New) Package is "syft" Wed Sep 14 13:44:52 2022 rev:8 rq:1003417 version:0.56.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-09-07 11:06:47.288521138 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2083/syft.changes 2022-09-14 13:45:01.745901348 +0200 @@ -1,0 +2,13 @@ +Tue Sep 13 12:42:32 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.56.0: + * warn on errors from RPM DB parsing (#1200) + * docs: improve Singularity image source docs (#1190) + * Add RPM file scanning support (#1188) + * Normalize syft-json output (#1194) + * Revert "External sources configuration (#1158)" (#1191) + * Update syft bootstrap tools to latest versions. (#1186) + * Fix RPM DB license handling (#1184) + * Update syft bootstrap tools to latest versions. (#1182) + +--- Old: syft-0.55.0.tar.gz New: syft-0.56.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.h6KbFD/_old 2022-09-14 13:45:03.589905990 +0200 +++ /var/tmp/diff_new_pack.h6KbFD/_new 2022-09-14 13:45:03.597906011 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.55.0 +Version:0.56.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.h6KbFD/_old 2022-09-14 13:45:03.641906121 +0200 +++ /var/tmp/diff_new_pack.h6KbFD/_new 2022-09-14 13:45:03.645906131 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.55.0 +v0.56.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.55.0.tar.gz +syft-0.56.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.h6KbFD/_old 2022-09-14 13:45:03.669906192 +0200 +++ /var/tmp/diff_new_pack.h6KbFD/_new 2022-09-14 13:45:03.673906202 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - a7966a4d9d8155be788af33fe5e5af2e40043f82 + c5dca001e267d2a91ff82e53ca72535ceef6af02 (No newline at EOF) ++ syft-0.55.0.tar.gz -> syft-0.56.0.tar.gz ++ 3217 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.2083/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-09-07 11:06:28 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.2083 (New) Package is "syft" Wed Sep 7 11:06:28 2022 rev:7 rq:1001570 version:0.55.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-07-22 19:21:48.640715118 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.2083/syft.changes 2022-09-07 11:06:47.288521138 +0200 @@ -1,0 +2,82 @@ +Wed Sep 07 05:42:57 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.55.0: + * update stereoscope to latest (#1181) + * Update syft bootstrap tools to latest versions. (#1180) + * Bug fix for 1095 - syft conversion option error (#1177) + * Update syft bootstrap tools to latest versions. (#1176) + * enhance development support on macOS ARM (#1163) + * Capture if a node module is private (#1161) + * Find version numbers from jars with different naming conventions (#1174) + * Update syft bootstrap tools to latest versions. (#1171) + * Fix update-bootstrap-tools workflow (#1170) + * workflow to create automated PRs to update bootstrap tools (#1167) + * feat: add support for licenses in package-lock json v2 (#1164) + * External sources configuration (#1158) + * feat: add support for pnpm (#1166) + * Prevent symlinks causing duplicate package-file relationships (#1168) + +--- +Wed Sep 07 05:38:56 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.54.0: + * Associate node package licenses from node_modules (#1152) + * Give the contributing guide a substantial rework (#1155) + * fix: extract file ids correctly for spdx-json (#1156) + * metadata decoding should be optional (#1154) + * Update Stereoscope to 84004345484edb881f1cc1d841115da8abda06c3 (#1151) + * Add modularitylabel metadata to RPM type records generated by syft (#1148) + * Update Stereoscope to 1c79d5c84abcc54466417fcc17c844a4875888a1 (#1149) + * retraction for mispublished versions (#1147) + * cataloger configuration is respected regardless of source (#1142) + * Update README.md (#1146) + * bump cosign to v1.10.1 (#1144) + +--- +Wed Sep 07 05:35:58 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.53.4: + * Update stereoscope to get rid of the replace directive (#1140) + +--- +Wed Sep 07 05:33:24 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.53.3: + * Correct squashfs import and fix incorrect bouncer configuration (#1138) + +--- +Wed Sep 07 05:31:12 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.53.2: + * Overwrite deprecated SPDX licenses automatically (#1009) + * disable release for docker assets (#1137) + +--- +Wed Sep 07 05:29:04 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.53.1: + * improve docker release bootstrap (#1136) + * Singularity Image Support (#974) + +--- +Wed Sep 07 05:25:20 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.53.0: + * remove docker login from keychain (#1135) + * remove ENV checks from siging script (#1134) + * remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133) + * remove prefixed v from tag to match release (#1131) + * rollback actions-setup-docker to earlier version (#1130) + * Bump go-rustaudit to support rustaudit 0.2.0 (#1127) + * bump bouncer to v0.4.0 (#1125) + * Added ppc64le supported to the syft:debug image (#1124) + * add a cataloger for binaries built with rust-audit (#1116) + * bump goreleaser to v1.10.3 (#1123) + * bump golangci-lint to v1.47.2 (#1122) + * bump cosign in bootstrap-tools to v1.10.0 (#1121) + * Added s390x support (#1117) + * Delete pr_action.yaml (#1120) + * fix: use generic instead of not generating purl (#1119) + * bump cosign to v1.10.0 (#1114) + +--- Old: syft-0.52.0.tar.gz New: syft-0.55.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.7Dx5EU/_old 2022-09-07 11:06:48.740524829 +0200 +++ /var/tmp/diff_new_pack.7Dx5EU/_new 2022-09-07 11:06:48.744524838 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.52.0 +Version:0.55.0 Release:0 Summary:CLI tool and
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-07-22 19:21:29 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.21925 (New) Package is "syft" Fri Jul 22 19:21:29 2022 rev:6 rq:990664 version:0.52.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-07-18 18:34:00.061762915 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.21925/syft.changes 2022-07-22 19:21:48.640715118 +0200 @@ -1,0 +2,14 @@ +Thu Jul 21 15:12:29 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.52.0: + * Update sigstore/rekor dependency (#1112) + * Added ppc64le support (#1099) + * patch-distroless-ghcr (#1110) + * add distroless debug image to published release (#1106) + * update help formatting (#1105) + * feat: implement haskell support (#1096) + * Add the -r argument for gnu xargs (#1103) + * fix: -o output option to include formats (#1102) + * moves go-rpmdb to latest; libc => v1.16.7 (#1098) + +--- Old: syft-0.51.0.tar.gz New: syft-0.52.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.6xY2pR/_old 2022-07-22 19:21:50.072717330 +0200 +++ /var/tmp/diff_new_pack.6xY2pR/_new 2022-07-22 19:21:50.076717336 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.51.0 +Version:0.52.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.6xY2pR/_old 2022-07-22 19:21:50.108717385 +0200 +++ /var/tmp/diff_new_pack.6xY2pR/_new 2022-07-22 19:21:50.112717391 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.51.0 +v0.52.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.51.0.tar.gz +syft-0.52.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.6xY2pR/_old 2022-07-22 19:21:50.132717422 +0200 +++ /var/tmp/diff_new_pack.6xY2pR/_new 2022-07-22 19:21:50.136717429 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 470b13045bbbf150f3c79d1487a01ae6acc5592d + ba9adb17ebb510a2a3bd2b641738b1d9235e1f3e (No newline at EOF) ++ syft-0.51.0.tar.gz -> syft-0.52.0.tar.gz ++ 3274 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.21925/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-07-18 18:33:56 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1523 (New) Package is "syft" Mon Jul 18 18:33:56 2022 rev:5 rq:989613 version:0.51.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-07-08 14:01:47.550439021 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1523/syft.changes 2022-07-18 18:34:00.061762915 +0200 @@ -1,0 +2,12 @@ +Sat Jul 16 19:00:04 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.51.0: + * feat: add support for cocoapods (Swift/Objective-C) (#1081) + * Fix package url for Go modules with no / (#1092) + * Update Stereoscope to 777471f38c5b2f15c19d6cffe093ce6392d8040c (#1090) + * feat: output attestation to file (#1087) + * Update Stereoscope to cfbd966e5a8d11d73cd17adc8b8ab8468a086f1e (#1089) + * Add portage support for Gentoo Linux (#1076) + * Add PR action back to workflow with new token (#1086) + +--- Old: syft-0.50.0.tar.gz New: syft-0.51.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.Ci1QZw/_old 2022-07-18 18:34:01.661765191 +0200 +++ /var/tmp/diff_new_pack.Ci1QZw/_new 2022-07-18 18:34:01.665765196 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.50.0 +Version:0.51.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.Ci1QZw/_old 2022-07-18 18:34:01.693765236 +0200 +++ /var/tmp/diff_new_pack.Ci1QZw/_new 2022-07-18 18:34:01.697765242 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.50.0 +v0.51.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.50.0.tar.gz +syft-0.51.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.Ci1QZw/_old 2022-07-18 18:34:01.713765264 +0200 +++ /var/tmp/diff_new_pack.Ci1QZw/_new 2022-07-18 18:34:01.713765264 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 69134ed3b54bc8b1d86d868611f7d069ce3290a8 + 470b13045bbbf150f3c79d1487a01ae6acc5592d (No newline at EOF) ++ syft-0.50.0.tar.gz -> syft-0.51.0.tar.gz ++ 3173 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1523/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-07-08 14:01:42 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1523 (New) Package is "syft" Fri Jul 8 14:01:42 2022 rev:4 rq:987414 version:0.50.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-06-28 15:21:59.689908580 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1523/syft.changes 2022-07-08 14:01:47.550439021 +0200 @@ -1,0 +2,16 @@ +Wed Jul 06 18:12:23 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.50.0: + * feat: add new login cmd (#1068) + * update AltRpmDbGlob with comment and context (#1085) + * feat: add support for conan packages (C/C++) (#1083) + * add golang main module and pseudo-version (#916) + * fix: add glob to filter list to ensure rpm metadata files are matched??? (#1079) + * remove pr automation until service account creation (#1080) + * fix: purl generation for pom.xml (#1078) + * Update Stereoscope to 5bd627c0f9ce7facbd63ed1f0cf894d97021aa5e (#1072) + * fix: add new languages found in cpes (#1069) + * fix: add php catalogers to all catalogers (#1065) + * feat: add use-all-catalogers flag (#1050) + +--- Old: syft-0.49.0.tar.gz New: syft-0.50.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.GXU1ym/_old 2022-07-08 14:01:49.082440662 +0200 +++ /var/tmp/diff_new_pack.GXU1ym/_new 2022-07-08 14:01:49.086440666 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.49.0 +Version:0.50.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.GXU1ym/_old 2022-07-08 14:01:49.126440709 +0200 +++ /var/tmp/diff_new_pack.GXU1ym/_new 2022-07-08 14:01:49.130440713 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.49.0 +v0.50.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.49.0.tar.gz +syft-0.50.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.GXU1ym/_old 2022-07-08 14:01:49.154440739 +0200 +++ /var/tmp/diff_new_pack.GXU1ym/_new 2022-07-08 14:01:49.154440739 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - d5e12ff89c2d3af684152dd401618533a6f1b67e + 69134ed3b54bc8b1d86d868611f7d069ce3290a8 (No newline at EOF) ++ syft-0.49.0.tar.gz -> syft-0.50.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.49.0/.github/workflows/pr.yaml new/syft-0.50.0/.github/workflows/pr.yaml --- old/syft-0.49.0/.github/workflows/pr.yaml 2022-06-24 17:05:25.0 +0200 +++ new/syft-0.50.0/.github/workflows/pr.yaml 1970-01-01 01:00:00.0 +0100 @@ -1,17 +0,0 @@ -# Uses https://github.com/actions/add-to-project example to add PR to Anchore OSS project -name: Add pr to OSS project - -on: - pull_request: -types: - - opened - -jobs: - add-to-project: -name: Add pr to project -runs-on: ubuntu-latest -steps: - - uses: actions/add-to-project@main -with: - project-url: https://github.com/orgs/anchore/projects/22 - github-token: ${{ secrets.CI_WRITE_GITHUB_TOKEN }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.49.0/README.md new/syft-0.50.0/README.md --- old/syft-0.49.0/README.md 2022-06-24 17:05:25.0 +0200 +++ new/syft-0.50.0/README.md 2022-07-05 17:57:28.0 +0200 @@ -30,6 +30,8 @@ ### Supported Ecosystems - Alpine (apk) +- C (conan) +- C++ (conan) - Dart (pubs) - Debian (dpkg) - Dotnet (deps.json) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/syft-0.49.0/cmd/syft/cli/commands.go new/syft-0.50.0/cmd/syft/cli/commands.go --- old/syft-0.49.0/cmd/syft/cli/commands.go2022-06-24 17:05:25.0 +0200 +++ new/syft-0.50.0/cmd/syft/cli/commands.go2022-07-05 17:57:28.0 +0200 @@ -15,6 +15,7 @@ "github.com/anchore/syft/internal/log" "github.com/anchore/syft/internal/version" "github.com/anchore/syft/syft/event" + cranecmd "github.com/google/go-containerregistry/cmd/crane/cmd" "github.com/gookit/color" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -30,6 +31,7 @@ // at this level. Values from the config should only be used after
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-06-28 15:21:48 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1548 (New) Package is "syft" Tue Jun 28 15:21:48 2022 rev:3 rq:985332 version:0.49.0 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-06-23 10:25:12.979801662 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1548/syft.changes 2022-06-28 15:21:59.689908580 +0200 @@ -1,0 +2,11 @@ +Mon Jun 27 13:20:51 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.49.0: + * Updates parsing of `yarn.lock` to use `resolved` URLs that are pulled from yarn and npm registries (#926) + * remove OSS Meetup message (#1057) + * add pom.xml cataloger (#1055) + * Add support for CBL-Mariner distroless images (#1045) + * Add catalogers configuration (#1038) + * add template output (#1051) + +--- Old: syft-0.48.1.tar.gz New: syft-0.49.0.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.AxXRx4/_old 2022-06-28 15:22:01.125910724 +0200 +++ /var/tmp/diff_new_pack.AxXRx4/_new 2022-06-28 15:22:01.137910742 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.48.1 +Version:0.49.0 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 ++ _service ++ --- /var/tmp/diff_new_pack.AxXRx4/_old 2022-06-28 15:22:01.173910796 +0200 +++ /var/tmp/diff_new_pack.AxXRx4/_new 2022-06-28 15:22:01.177910801 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.48.1 +v0.49.0 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.48.1.tar.gz +syft-0.49.0.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.AxXRx4/_old 2022-06-28 15:22:01.197910832 +0200 +++ /var/tmp/diff_new_pack.AxXRx4/_new 2022-06-28 15:22:01.197910832 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 03e37044d437294b0aac44a4e9277eb8f6c8be3f + d5e12ff89c2d3af684152dd401618533a6f1b67e (No newline at EOF) ++ syft-0.48.1.tar.gz -> syft-0.49.0.tar.gz ++ 14783 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1548/vendor.tar.gz differ: char 5, line 1
commit syft for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syft for openSUSE:Factory checked in at 2022-06-23 10:24:26 Comparing /work/SRC/openSUSE:Factory/syft (Old) and /work/SRC/openSUSE:Factory/.syft.new.1548 (New) Package is "syft" Thu Jun 23 10:24:26 2022 rev:2 rq:984470 version:0.48.1 Changes: --- /work/SRC/openSUSE:Factory/syft/syft.changes2022-06-16 18:21:43.088208462 +0200 +++ /work/SRC/openSUSE:Factory/.syft.new.1548/syft.changes 2022-06-23 10:25:12.979801662 +0200 @@ -1,0 +2,29 @@ +Wed Jun 22 08:47:26 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.48.1: + * update stereoscope to latest version (#1052) + +--- +Wed Jun 22 08:34:13 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.48.0: + * update zip_read_closer to incorporate zip64 support (#1041) + * Add pacman (alpm) parser support (#943) + +--- +Wed Jun 22 08:23:30 UTC 2022 - ka...@b1-systems.de + +- Update to version 0.47.0: + * Update of README.md (#1027) + * bump cosign to v1.9.0 to resolve reporting of GHSA-66x3-6cw3-v5gj (#1025) + * add workflows to test new project automation (#1023) + * improve LanguageByName and add unit tests (#1034) + * Read Description from dpkg status files (#996) + * Add announcement for Anchore OSS Virtual Meetup (#1033) + * add main module field to go bin metadata (#1026) + * Add filters to package cataloger (#1021) + * change draft to false for release process (#1016) + * Support RPM distros with newer RPM db formats (#1018) + * fix: add component list to prevent cyclone-dx panic (#1015) + +--- Old: syft-0.46.3.tar.gz New: syft-0.48.1.tar.gz Other differences: -- ++ syft.spec ++ --- /var/tmp/diff_new_pack.iQNi3X/_old 2022-06-23 10:25:18.695807872 +0200 +++ /var/tmp/diff_new_pack.iQNi3X/_new 2022-06-23 10:25:18.703807881 +0200 @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: syft -Version:0.46.3 +Version:0.48.1 Release:0 Summary:CLI tool and library for generating a Software Bill of Materials License:Apache-2.0 @@ -36,9 +36,12 @@ %setup -q -T -D -a 1 %build +DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" +BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}") go build \ -mod=vendor \ -buildmode=pie \ + -ldflags="-X github.com/anchore/syft/internal/version.version=%{version} -X github.com/anchore/syft/internal/version.buildDate=$BUILD_DATE" \ -o bin/syft ./cmd/syft %install ++ _service ++ --- /var/tmp/diff_new_pack.iQNi3X/_old 2022-06-23 10:25:18.731807912 +0200 +++ /var/tmp/diff_new_pack.iQNi3X/_new 2022-06-23 10:25:18.735807916 +0200 @@ -3,7 +3,7 @@ https://github.com/anchore/syft git .git -v0.46.3 +v0.48.1 @PARENT_TAG@ enable v(.*) @@ -16,7 +16,7 @@ gz -syft-0.46.3.tar.gz +syft-0.48.1.tar.gz ++ _servicedata ++ --- /var/tmp/diff_new_pack.iQNi3X/_old 2022-06-23 10:25:18.755807938 +0200 +++ /var/tmp/diff_new_pack.iQNi3X/_new 2022-06-23 10:25:18.755807938 +0200 @@ -1,6 +1,6 @@ https://github.com/anchore/syft - 7cb8e1fc14a278ec5afce379623a47577aba9917 + 03e37044d437294b0aac44a4e9277eb8f6c8be3f (No newline at EOF) ++ syft-0.46.3.tar.gz -> syft-0.48.1.tar.gz ++ 6552 lines of diff (skipped) ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/syft/vendor.tar.gz /work/SRC/openSUSE:Factory/.syft.new.1548/vendor.tar.gz differ: char 4, line 1