From 062c4c451962038eada1d919c4641f12f713179a88a45e4b03b9bba539330e5d Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Mon, 3 Apr 2023 12:32:29 +0000
Subject: [PATCH] - Update to version 0.39.0:   * docs(cli): added makefile and
 go file to create docs (#3930)   * chore: Revert "ci: add gpg signing for RPM
 packages (#3612)" (#3946)   * chore: ignore gpg key (#3943)   *
 feat(cyclonedx): support dependency graph (#3177)   * chore(deps): Bump
 defsec to v0.85.0 (#3940)   * feat(rust): remove dev deps and find direct
 deps for Cargo.lock (#3919)   * feat(server): redis with public TLS certs
 support (#3783)   * feat(flag): Add glob support to `--skip-dirs` and
 `--skip-files`  (#3866)   * chore: replace make with mage (#3932)   *
 fix(sbom): add checksum to files (#3888)   * chore(deps): bump
 github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)   * chore: remove
 unused mount volumes (#3927)   * feat: add auth support for downloading OCI
 artifacts (#3915)   * refactor(purl): use epoch in qualifier (#3913)   *
 chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0
 (#3727)   * feat(image): add registry options (#3906)   * feat(rust):
 dependency tree and line numbers support for cargo lock file (#3746)   *
 chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)  
 * feat(php): add support for location, licenses and graph for composer.lock
 files (#3873)   * chore(deps): updates wazero to 1.0.0 (#3904)   *
 feat(image): discover SBOM in OCI referrers (#3768)   * docs: change
 cache-dir key in config file (#3897)   * fix(sbom): use release and epoch for
 SPDX package version (#3896)   * ci: add gpg signing for RPM packages (#3612)
   * docs: Update incorrect comment for skip-update flag (#3878)   *
 refactor(misconf): simplify policy filesystem (#3875)   * feat(nodejs): parse
 package.json alongside yarn.lock (#3757)   * fix(spdx): add
 PkgDownloadLocation field (#3879)   * fix(report): try to guess direct deps
 for dependency tree (#3852)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=53
---
 _service             |  2 +-
 _servicedata         |  2 +-
 trivy-0.38.3.tar.zst |  3 --
 trivy-0.39.0.tar.zst |  3 ++
 trivy.changes        | 72 +++++++++++++++++++++++++++++++++++++++-----
 trivy.spec           |  2 +-
 vendor.obscpio       |  3 ++
 vendor.tar.zst       |  4 +--
 8 files changed, 76 insertions(+), 15 deletions(-)
 delete mode 100644 trivy-0.38.3.tar.zst
 create mode 100644 trivy-0.39.0.tar.zst
 create mode 100644 vendor.obscpio

diff --git a/_service b/_service
index 9022088..20b6d82 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.38.3</param>
+    <param name="revision">v0.39.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
diff --git a/_servicedata b/_servicedata
index 0fac1df..169bf10 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">a12f58be57931c13b5ba9016bc8afd52bd63d3ae</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">ed590966a3efdaf6cbb48e34bfb36ea0884e45d8</param></service></servicedata>
\ No newline at end of file
diff --git a/trivy-0.38.3.tar.zst b/trivy-0.38.3.tar.zst
deleted file mode 100644
index 28ed8d7..0000000
--- a/trivy-0.38.3.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a7ca8865087b1cc8dea0b3ef96c5e1c501e795c01aca167b5acafbee942660af
-size 44721671
diff --git a/trivy-0.39.0.tar.zst b/trivy-0.39.0.tar.zst
new file mode 100644
index 0000000..8de5d22
--- /dev/null
+++ b/trivy-0.39.0.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8eec8b9859100325cba0854b654f4a5dc55e752aa6c6ff51fd02098cc3d94b2e
+size 44746619
diff --git a/trivy.changes b/trivy.changes
index 7c9818f..4e818e3 100644
--- a/trivy.changes
+++ b/trivy.changes
@@ -1,18 +1,76 @@
+-------------------------------------------------------------------
+Mon Apr 03 08:36:44 UTC 2023 - dmueller@suse.com
+
+- Update to version 0.39.0:
+  * docs(cli): added makefile and go file to create docs (#3930)
+  * chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
+  * chore: ignore gpg key (#3943)
+  * feat(cyclonedx): support dependency graph (#3177)
+  * chore(deps): Bump defsec to v0.85.0 (#3940)
+  * feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
+  * feat(server): redis with public TLS certs support (#3783)
+  * feat(flag): Add glob support to `--skip-dirs` and `--skip-files`  (#3866)
+  * chore: replace make with mage (#3932)
+  * fix(sbom): add checksum to files (#3888)
+  * chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
+  * chore: remove unused mount volumes (#3927)
+  * feat: add auth support for downloading OCI artifacts (#3915)
+  * refactor(purl): use epoch in qualifier (#3913)
+  * chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
+  * feat(image): add registry options (#3906)
+  * feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
+  * chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
+  * feat(php): add support for location, licenses and graph for composer.lock files (#3873)
+  * chore(deps): updates wazero to 1.0.0 (#3904)
+  * feat(image): discover SBOM in OCI referrers (#3768)
+  * docs: change cache-dir key in config file (#3897)
+  * fix(sbom): use release and epoch for SPDX package version (#3896)
+  * ci: add gpg signing for RPM packages (#3612)
+  * docs: Update incorrect comment for skip-update flag (#3878)
+  * refactor(misconf): simplify policy filesystem (#3875)
+  * feat(nodejs): parse package.json alongside yarn.lock (#3757)
+  * fix(spdx): add PkgDownloadLocation field (#3879)
+  * fix(report): try to guess direct deps for dependency tree (#3852)
+  * chore(amazon): update EOL (#3876)
+  * fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
+  * feat(amazon): add al2023 support (#3854)
+  * chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
+  * docs(misconf): Add information about selectors (#3703)
+  * docs(cli): update CLI docs with cobra (#3815)
+  * feat: k8s parallel processing (#3693)
+  * docs: add DefectDojo in the Security Management section (#3871)
+  * chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
+  * refactor: add pipeline (#3868)
+  * feat(cli): add javadb metadata to version info (#3835)
+  * chore(deps): Move compliance types to defsec (#3842)
+  * feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
+  * feat: add node toleration option (#3823)
+  * fix: allow mapfs to open dirs (#3867)
+  * fix(report): update uri only for os class targets (#3846)
+  * feat(nodejs): Add v3 npm lock file support (#3826)
+  * feat(nodejs): parse package.json files alongside package-lock.json (#2916)
+  * docs(misconf): Fix links to built in policies (#3841)
+
 -------------------------------------------------------------------
 Tue Mar 14 09:56:08 UTC 2023 - dmueller@suse.com
 
 - Update to version 0.38.3:
-  * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.86.1 to 1.89.1 (#3827)
-  * fix(java): skip empty files for jar post analyzer (#3832)
-  * fix(docker): build healthcheck command for line without /bin/sh prefix (#3831)
+  * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
+    from 1.86.1 to 1.89.1
+  * fix(java): skip empty files for jar post analyzer
+  * fix(docker): build healthcheck command for line without
+    /bin/sh prefix
   * refactor(license): use goyacc for license parser (#3824)
-  * chore(deps): bump github.com/docker/docker from 23.0.0-rc.1+incompatible to 23.0.1+incompatible (#3586)
-  * fix: populate timeout context to node-collector (#3766)
+  * chore(deps): bump github.com/docker/docker from
+    23.0.0-rc.1+incompatible to 23.0.1+incompatible
+  * fix: populate timeout context to node-collector
   * fix: exclude node collector scanning (#3771)
-  * fix: display correct flag in error message when skipping java db update #3808
+  * fix: display correct flag in error message when skipping
+    java db update #3808
   * fix: disable jar analyzer for scanners other than vuln (#3810)
   * fix(sbom): fix incompliant license format for spdx (#3335)
-  * fix(java): the project props take precedence over the parent's props (#3320)
+  * fix(java): the project props take precedence over the
+    parent's props (#3320)
   * docs: add canary build info to README.md (#3799)
   * docs: adding link to gh token generation (#3784)
   * docs: changing docs in accordance with #3460 (#3787)
diff --git a/trivy.spec b/trivy.spec
index 4f41255..36c0637 100644
--- a/trivy.spec
+++ b/trivy.spec
@@ -19,7 +19,7 @@
 
 %global goipath github.com/aquasecurity/trivy
 Name:           trivy
-Version:        0.38.3
+Version:        0.39.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
diff --git a/vendor.obscpio b/vendor.obscpio
new file mode 100644
index 0000000..0c27c9b
--- /dev/null
+++ b/vendor.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f44cf2cabdc09d63678bdb9cf4c5b82b4a96a7e960f22243e230c579299bb094
+size 307762556
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 3e75425..62c220c 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9b5343aa5bcefcd310cb398274c04a532eaccab59dbf053082ff65ab8e67095f
-size 41287987
+oid sha256:b6e232385c23bddd81ab6255903fa586f48715110dddcc462d8924e08e5d567c
+size 18634053