From eddb0960846978ea8bf8abb790053dff55f17fff322a4713eaa8a016389d9f49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@posteo.net>
Date: Wed, 8 Nov 2023 16:32:09 +0000
Subject: [PATCH] [info=e7076f0971c7963534b0ad701267258c921d4720]
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:dirkmueller:trivy:2/trivy?expand=0&rev=1
---
_scmsync.obsinfo | 6 +-
_service | 10 +--
_servicedata | 2 +-
trivy-0.44.1.tar.zst | 3 -
trivy-0.47.0.tar.zst | 3 +
trivy.changes | 156 +++++++++++++++++++++++++++++++++++++++++++
trivy.spec | 4 +-
vendor.obscpio | 3 -
vendor.tar.zst | 4 +-
9 files changed, 172 insertions(+), 19 deletions(-)
delete mode 100644 trivy-0.44.1.tar.zst
create mode 100644 trivy-0.47.0.tar.zst
delete mode 100644 vendor.obscpio
diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index a5e1331..39f229c 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1692203616
-commit: fe5cccdebe8c3f80a50568289bbf4e65174e54d1
+mtime: 1699461074
+commit: e7076f0971c7963534b0ad701267258c921d4720
url: https://src.opensuse.org/dirkmueller/trivy.git
-revision: fe5cccdebe8c3f80a50568289bbf4e65174e54d1
+revision: e7076f0971c7963534b0ad701267258c921d4720
diff --git a/_service b/_service
index 3b852dd..265ddb2 100644
--- a/_service
+++ b/_service
@@ -1,20 +1,20 @@
<services>
- <service name="tar_scm" mode="disabled">
+ <service name="tar_scm" mode="manual">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param>
- <param name="revision">v0.44.1</param>
+ <param name="revision">v0.47.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
- <service name="recompress" mode="disabled">
+ <service name="recompress" mode="manual">
<param name="file">trivy-*.tar</param>
<param name="compression">zst</param>
</service>
- <service name="set_version" mode="disabled">
+ <service name="set_version" mode="manual">
<param name="basename">trivy</param>
</service>
- <service name="go_modules" mode="disabled">
+ <service name="go_modules" mode="manual">
<param name="compression">zst</param>
</service>
</services>
diff --git a/_servicedata b/_servicedata
index dc7b42e..a3daa66 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param>
- <param name="changesrevision">f1052799894cc8a8480ff28e1c717a9d811876a2</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">d6df5fbcda878e43e5e02484304726ebe7c6c418</param></service></servicedata>
\ No newline at end of file
diff --git a/trivy-0.44.1.tar.zst b/trivy-0.44.1.tar.zst
deleted file mode 100644
index 9ea3956..0000000
--- a/trivy-0.44.1.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:68993cb17d1bbcde10e5309b5f596730fa7220cbc6d4397b649314c41f0d0567
-size 43479857
diff --git a/trivy-0.47.0.tar.zst b/trivy-0.47.0.tar.zst
new file mode 100644
index 0000000..e1b4529
--- /dev/null
+++ b/trivy-0.47.0.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1c412452181b149f9dac4ca3f3d3f44080ff5b61306d246039c950973a393c10
+size 43593249
diff --git a/trivy.changes b/trivy.changes
index f5cfb46..dbe0553 100644
--- a/trivy.changes
+++ b/trivy.changes
@@ -1,3 +1,159 @@
+-------------------------------------------------------------------
+Tue Nov 07 12:24:51 UTC 2023 - dmueller@suse.com
+
+- Update to version 0.47.0:
+ * docs: add info that license scanning supports file-patterns flag (#5484)
+ * docs: add Zora integration into Ecosystem session (#5490)
+ * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
+ * ci: use maximize build space for K8s tests (#5387)
+ * fix: correct error mismatch causing race in fast walks (#5516)
+ * docs: k8s vulnerability scanning (#5515)
+ * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
+ * chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
+ * docs: remove glad for java datasources (#5508)
+ * chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
+ * chore: remove unused logger attribute in amazon detector (#5476)
+ * fix: correct error mismatch causing race in fast walks (#5482)
+ * chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
+ * chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
+ * chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
+ * fix(server): add licenses to `BlobInfo` message (#5382)
+ * chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
+ * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
+ * feat: scan vulns on k8s core component apps (#5418)
+ * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470)
+ * chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
+ * fix(sbom): save digests for package/application when scanning SBOM files (#5432)
+ * docs: fix the broken link (#5454)
+ * docs: fix error when installing `PyYAML` for gh pages (#5462)
+ * fix(java): download java-db once (#5442)
+ * chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
+ * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419)
+ * feat(misconf): Support `--ignore-policy` in config scans (#5359)
+ * docs(misconf): fix broken table for `Use container image` section (#5425)
+ * feat(dart): add graph support (#5374)
+ * refactor: define a new struct for scan targets (#5397)
+ * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399)
+ * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
+ * chore(deps): move to aws-sdk-go-v2 (#5381)
+ * docs: remove --scanners none (#5384)
+ * docs: Update container_image.md #5182 (#5193)
+ * feat(report): Add `InstalledFiles` field to Package (#4706)
+ * feat(k8s): add support for vulnerability detection (#5268)
+ * fix(python): override BOM in `requirements.txt` files (#5375)
+ * docs: add kbom documentation (#5363)
+ * test: use maximize build space for VM tests (#5362)
+ * chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
+ * fix(report): add escaping quotes in misconfig Title for asff template (#5351)
+ * ci: add workflow to check Go versions of dependencies (#5340)
+ * chore(deps): Upgrade defsec to v0.93.1 (#5348)
+ * chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
+ * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
+ * fix: add config files to FS for post-analyzers (#5333)
+ * fix: fix MIME warnings after updating to Go 1.20 (#5336)
+ * build: fix a compile error with Go 1.21 (#5339)
+ * feat: added `Metadata` into the k8s resource's scan report (#5322)
+ * ci: check only PR's in `actions/stale` (#5337)
+ * chore: update adopters template (#5330)
+ * ci: do not trigger tests on the push event (#5313)
+ * fix(sbom): use PURL or Group and Name in case of Java (#5154)
+ * docs: add buildkite repository to ecosystem page (#5316)
+ * chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
+ * chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
+ * chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
+ * chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
+ * chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
+ * chore: enable go-critic (#5302)
+ * chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
+ * chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
+ * close java-db client (#5273)
+ * chore(deps): bump docker/login-action from 2 to 3 (#5291)
+ * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
+ * chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
+ * chore(deps): bump github.com/opencontainers/image-spec (#5295)
+ * fix(report): removes git::http from uri in sarif (#5244)
+ * Improve the meaning of sentence (#5301)
+ * chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
+ * chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
+ * add app nil check (#5274)
+ * typo: in secret.md (#5281)
+ * docs: add info about `github` format (#5265)
+ * feat(dotnet): add license support for NuGet (#5217)
+ * docs: correctly export variables (#5260)
+ * chore: Add line numbers for lint output (#5247)
+ * chore(cli): disable java-db flags in server mode (#5263)
+ * feat(db): allow passing registry options (#5226)
+ * chore(deps): Bump up defsec to v0.93.0 (#5253)
+ * refactor(purl): use TypeApk from purl (#5232)
+ * chore: enable more linters (#5228)
+ * ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)
+ * Fix typo on ide.md (#5239)
+ * refactor: use defined types (#5225)
+ * fix(purl): skip local Go packages (#5190)
+ * docs: update info about license scanning in Yarn projects (#5207)
+ * ci: auto apply labels (#5200)
+ * fix link (#5203)
+ * fix(purl): handle rust types (#5186)
+ * chore: auto-close issues (#5177)
+ * chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)
+ * fix(k8s): kbom support addons labels (#5178)
+ * test: validate SPDX with the JSON schema (#5124)
+ * chore: bump trivy-kubernetes-latest (#5161)
+ * docs: add 'Signature Verification' guide (#4731)
+ * docs: add image-scanner-with-trivy for ecosystem (#5159)
+ * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
+ * chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)
+ * Update filtering.md (#5131)
+ * chore(deps): bump sigstore/cosign-installer (#5104)
+ * chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)
+ * chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)
+ * chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)
+ * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)
+ * chaging adopters discussion tempalte (#5091)
+ * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)
+ * chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)
+ * chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)
+ * chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)
+ * chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)
+ * chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)
+ * docs: add Bitnami (#5078)
+ * feat(docker): add support for scanning Bitnami components (#5062)
+ * feat: add support for .trivyignore.yaml (#5070)
+ * fix(terraform): improve detection of terraform files (#4984)
+ * feat: filter artifacts on --exclude-owned flag (#5059)
+ * fix(sbom): cyclonedx advisory should omit `null` value (#5041)
+ * build: maximize build space for build tests (#5072)
+ * feat: improve kbom component name (#5058)
+ * fix(pom): add licenses for pom artifacts (#5071)
+ * chore(deps): Update defsec to v0.92.0 (#5068)
+ * chore: bump Go to `1.20` (#5067)
+ * feat: PURL matching with qualifiers in OpenVEX (#5061)
+ * feat(java): add graph support for pom.xml (#4902)
+ * feat(swift): add vulns for cocoapods (#5037)
+ * fix: support image pull secret for additional workloads (#5052)
+ * fix: #5033 Superfluous double quote in html.tpl (#5036)
+ * docs(repo): update trivy repo usage and example (#5049)
+ * perf: Optimize Dockerfile for reduced layers and size (#5038)
+ * feat: scan K8s Resources Kind with --all-namespaces (#5043)
+ * fix: vulnerability typo (#5044)
+ * docs: adding a terraform tutorial to the docs (#3708)
+ * feat(report): add licenses to sarif format (#4866)
+ * feat(misconf): show the resource name in the report (#4806)
+ * chore: update alpine base images (#5015)
+ * feat: add Package.resolved swift files support (#4932)
+ * feat(nodejs): parse licenses in yarn projects (#4652)
+ * fix: k8s private registries support (#5021)
+ * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
+ * feat(vuln): support last_affected field from osv (#4944)
+ * feat(server): add version endpoint (#4869)
+ * feat: k8s private registries support (#4987)
+ * fix(server): add indirect prop to package (#4974)
+ * docs: add coverage (#4954)
+ * feat(c): add location for lock file dependencies. (#4994)
+ * docs: adding blog post on ec2 (#4813)
+ * revert 32bit bins (#4977)
+ * chore(deps): bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (#4917)
+
-------------------------------------------------------------------
Thu Aug 10 10:51:52 UTC 2023 - dmueller@suse.com
diff --git a/trivy.spec b/trivy.spec
index 1b49092..c032dcb 100644
--- a/trivy.spec
+++ b/trivy.spec
@@ -17,7 +17,7 @@
Name: trivy
-Version: 0.44.1
+Version: 0.47.0
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
@@ -25,7 +25,7 @@ Group: System/Management
URL: https://github.com/aquasecurity/trivy
Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
-BuildRequires: golang(API) = 1.19
+BuildRequires: golang(API) = 1.20
BuildRequires: golang-packaging
BuildRequires: zstd
Requires: ca-certificates
diff --git a/vendor.obscpio b/vendor.obscpio
deleted file mode 100644
index 0c27c9b..0000000
--- a/vendor.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f44cf2cabdc09d63678bdb9cf4c5b82b4a96a7e960f22243e230c579299bb094
-size 307762556
diff --git a/vendor.tar.zst b/vendor.tar.zst
index c9157ce..4f52007 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:b92488b733ec36321896d325ddc268932c026441e6c7a37b139f3c23804e07b3
-size 19379502
+oid sha256:403b5ab1db08965e058289f3c8b341030284dad937919916853fefdd67bc77d4
+size 19662044