Accepting request 1096591 from devel:Factory:git-workflow:staging:SCM_STAGING:trivy:3

🤖: Submission of trivy via pool/trivy#3 by dirkmueller OBS-URL: https://build.opensuse.org/request/show/1096591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=55
2023-07-04 13:21:56 +00:00 · 2023-07-04 13:21:56 +00:00 · 076cb03c4a
commit 076cb03c4a
parent 1443f0bae4
9 changed files with 94 additions and 12 deletions
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@ -1,4 +1,4 @@
-mtime: 1687423182
-commit: bd3ac6761c4a78b56f49f38c55e1adafa000ce4c
+mtime: 1688392392
+commit: de36092857fcbc957d70878ac2820425c07d1752
 url: https://src.opensuse.org/dirkmueller/trivy.git
-revision: bd3ac6761c4a78b56f49f38c55e1adafa000ce4c
+revision: de36092857fcbc957d70878ac2820425c07d1752
--- a/2
+++ b/2
@ -2,7 +2,7 @@
  <service name="tar_scm" mode="disabled">
    <param name="url">https://github.com/aquasecurity/trivy</param>
    <param name="scm">git</param>
-    <param name="revision">v0.42.1</param>
+    <param name="revision">v0.43.0</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="changesgenerate">enable</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">9a279fa7bb5ccdcda642f99ac2dfd80551082ee2</param></service></servicedata>
+              <param name="changesrevision">600819248ded6688801f6e92a9a49e9fa97b654b</param></service></servicedata>
--- a/eol-dates.patch
+++ b/eol-dates.patch
@ -0,0 +1,22 @@
+From 08770a6dfefcd1ad3c11abd395cef1af7c4a14a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dirk=20M=C3=BCller?= <dirk@dmllr.de>
+Date: Fri, 30 Jun 2023 16:48:52 +0200
+Subject: [PATCH] fix(suse): Add openSUSE Leap 15.5 eol date as well
+
+Taken directly from https://en.opensuse.org/Lifetime
+---
+ pkg/detector/ospkg/suse/suse.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
+index 11a4d70c5a8..cbf0c4fd991 100644
+--- a/pkg/detector/ospkg/suse/suse.go
+++ b/pkg/detector/ospkg/suse/suse.go
+@@ -55,6 +55,7 @@ var (
+ 		"15.2": time.Date(2021, 11, 30, 23, 59, 59, 0, time.UTC),
+ 		"15.3": time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC),
+ 		"15.4": time.Date(2023, 11, 30, 23, 59, 59, 0, time.UTC),
+		"15.5": time.Date(2024, 12, 31, 23, 59, 59, 0, time.UTC),
+ 	}
+ )
+ 
--- a/trivy-0.42.1.tar.zst
+++ b/trivy-0.42.1.tar.zst
--- a/trivy-0.43.0.tar.zst
+++ b/trivy-0.43.0.tar.zst
--- a/trivy.changes
+++ b/trivy.changes
@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Mon Jul 03 13:22:20 UTC 2023 - dmueller@suse.com
+
+- Update to version 0.43.0:
+  * chore(deps): Update defsec to v0.90.1 (#4739)
+  * feat(nodejs): support yarn workspaces (#4664)
+  * feat(cli): add include-dev-deps flag (#4700)
+  * fix(image): pass the secret scanner option to scan the img config (#4735)
+  * fix: scan job pod it not found on k8s-1.27.x (#4729)
+  * feat(docker): add support for mTLS authentication when connecting to registry (#4649)
+  * chore(deps): Update defsec to v0.90.0 (#4723)
+  * fix: skip scanning the gpg-pubkey package (#4720)
+  * Fix http registry oci pull (#4701)
+  * feat(misconf): Support skipping services (#4686)
+  * docs: fix supported modes for pubspec.lock files (#4713)
+  * fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
+  * clarifying a dir path is required for custom policies (#4716)
+  * chore: update alpine base images (#4715)
+  * fix last-history-created (#4697)
+  * feat: kbom and cyclonedx v1.5 spec support (#4708)
+  * docs: add information about Aqua (#4590)
+  * fix: k8s escape resource filename on windows os (#4693)
+  * ci: ignore merge queue branches (#4696)
+  * chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)
+  * chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)
+  * feat: cyclondx sbom custom property support (#4688)
+  * ci: do not trigger tests in main (#4692)
+  * add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
+  * use group field for jar in cyclonedx (#4674)
+  * feat(java): capture licenses from pom.xml (#4681)
+  * feat(helm): make sessionAffinity configurable (#4623)
+  * fix: Show the correct URL of the secret scanning (#4682)
+  * document expected file pattern definition format (#4654)
+  * fix: format arg error (#4642)
+  * feat(k8s): cyclonedx kbom support (#4557)
+  * fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
+  * fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
+  * ci: update build IDs (#4641)
+  * fix(debian): update EOL for Debian 12 (#4647)
+  * chore(deps): bump go-containerregistry (#4639)
+  * chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
+  * fix(db): change argument order in Exists query for JavaDB (#4595)
+  * feat(aws): Add support to see successes in results (#4427)
+  * chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)
+  * ci: do not trigger tests in main (#4614)
+  * chore(deps): bump sigstore/cosign-installer (#4609)
+  * chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)
+  * ci: bypass the required status checks (#4611)
+  * ci: support merge queue (#3652)
+  * ci: matrix build for testing (#4587)
+  * feat: trivy k8s private registry support (#4567)
+  * docs: add general coverage page (#3859)
+  * chore: create SECURITY.md (#4601)
+
+-------------------------------------------------------------------
+Fri Jun 30 15:06:47 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- add eol-dates.patch to list SLE/Leap 15.5
+
 -------------------------------------------------------------------
 Thu Jun 22 08:39:30 UTC 2023 - Dirk Müller <dmueller@suse.com>

--- a/trivy.spec
+++ b/trivy.spec
@ -17,7 +17,7 @@


 Name:           trivy
-Version:        0.42.1
+Version:        0.43.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@ -25,6 +25,7 @@ Group:          System/Management
 URL:            https://github.com/aquasecurity/trivy
 Source:         %{name}-%{version}.tar.zst
 Source1:        vendor.tar.zst
+Patch1:         eol-dates.patch
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
 BuildRequires:  golang(API) = 1.19
@ -43,7 +44,7 @@ scan. All you need to do for scanning is to specify a target such as an image
 name of the container.

 %prep
-%setup -qa1
+%autosetup -p1 -a1

 %build
 export CGO_ENABLED=1
--- a/vendor.tar.zst
+++ b/vendor.tar.zst