Update with security fixes and packaging improvements #1
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: pool/cheat#1
Reference in New Issue
Block a user
Delete Branch "witekbedyk/cheat:factory"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
* Service go_modules replace dependencies with CVEs * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm * Replace golang.org/x/net=golang.org/x/net@v0.36.0 Fixes GO-2025-3503 CVE-2025-22870 * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 Fixes GO-2025-3487 CVE-2025-22869 * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m * Service tar_scm set mode manual from disabled * Service tar_scm create archive from git so we can exclude vendor directory upstream committed to git. Committed vendor directory contents have build issues even after go mod tidy. * Service tar_scm exclude dir vendor * Service set_version set mode manual from disabled * Service set_version remove param basename not needed OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=11* Drop Requires: golang-packaging. The recommended Go toolchain dependency expression is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go * Use BuildRequires: golang(API) >= 1.19 matching go.mod * Build PIE with pattern that may become recommended procedure: %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build A go toolchain buildmode default config would be preferable but none exist at this time. * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable * Remove go build -o output binary location and name. Default binary has the same name as package of func main() and is placed in the top level of the build directory. * Add basic %check to execute binary --help OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=12Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .
Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment:
@maintenance-release-review: approve.To request changes on behalf of the group, create the following comment:
@maintenance-release-review: declinefollowed with lines justifying the decision.Future edits of the comments are ignored, a new comment is required to change the review state.
Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .
Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment:
@opensuse-review: approve.To request changes on behalf of the group, create the following comment:
@opensuse-review: declinefollowed with lines justifying the decision.Future edits of the comments are ignored, a new comment is required to change the review state.
Legal review in progress.
@maintenance-release-review: approve
merge ok
rfrohl approved a review on behalf of maintenance-release-review
@opensuse-review : approve
LGTM
merge ok
oertel approved a review on behalf of opensuse-review
Legal reviewed by dec16180 as acceptable_by_lawyer: