diff --git a/_service b/_service
index 45389db..8a90918 100644
--- a/_service
+++ b/_service
@@ -1,19 +1,24 @@
-
+
https://github.com/cheat/cheat
git
.git
+ vendor
4.4.2
@PARENT_TAG@
v(.*)
-
- cheat
+
-
+
*.tar
gz
-
+
+ github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
+ golang.org/x/net=golang.org/x/net@v0.47.0
+ golang.org/x/crypto=golang.org/x/crypto@v0.45.0
+ golang.org/x/sys=golang.org/x/sys@v0.38.0
+ github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
diff --git a/cheat-4.4.2.tar.gz b/cheat-4.4.2.tar.gz
index 7047f49..1a1ce28 100644
--- a/cheat-4.4.2.tar.gz
+++ b/cheat-4.4.2.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:a7e92c1c31822496fa6240d8a4665e22b900fa885fc9c7f6c12389d0b6bffdf2
-size 3165152
+oid sha256:06cc200505033eb825ec918adfb728c80b780990bf6b7c2eec5813764a8077a3
+size 44318
diff --git a/cheat.changes b/cheat.changes
index 18e8d4f..c693ad4 100644
--- a/cheat.changes
+++ b/cheat.changes
@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Thu Nov 27 08:11:59 UTC 2025 - Witek Bedyk
+
+- Security:
+ * CVE-2025-47913: Fix client process termination (bsc#1253593)
+ * CVE-2025-58181: Fix potential unbounded memory consumption
+ (bsc#1253922)
+ * CVE-2025-47914: Fix panic due to an out of bounds read
+ (bsc#1254051)
+ * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
+ * Replace golang.org/x/net=golang.org/x/net@v0.47.0
+ * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0
+
+-------------------------------------------------------------------
+Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk
+
+- Packaging improvements:
+ * Drop Requires: golang-packaging. The recommended Go toolchain
+ dependency expression is BuildRequires: golang(API) >= 1.x or
+ optionally the metapackage BuildRequires: go
+ * Use BuildRequires: golang(API) >= 1.19 matching go.mod
+ * Build PIE with pattern that may become recommended procedure:
+ %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
+ A go toolchain buildmode default config would be preferable
+ but none exist at this time.
+ * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
+ * Remove go build -o output binary location and name. Default
+ binary has the same name as package of func main() and is
+ placed in the top level of the build directory.
+ * Add basic %check to execute binary --help
+
+-------------------------------------------------------------------
+Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk
+
+- Packaging improvements:
+ * Service go_modules replace dependencies with CVEs
+ * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
+ Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
+ * Replace golang.org/x/net=golang.org/x/net@v0.36.0
+ Fixes GO-2025-3503 CVE-2025-22870
+ * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
+ Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
+ Fixes GO-2025-3487 CVE-2025-22869
+ * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
+ Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
+ Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
+ * Service tar_scm set mode manual from disabled
+ * Service tar_scm create archive from git so we can exclude
+ vendor directory upstream committed to git. Committed vendor
+ directory contents have build issues even after go mod tidy.
+ * Service tar_scm exclude dir vendor
+ * Service set_version set mode manual from disabled
+ * Service set_version remove param basename not needed
+
+-------------------------------------------------------------------
+Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter
+
+- bsc#1247629 (CVE-2025-21613):
+ * Use go-git 5.13.0 via replace in _service
+
-------------------------------------------------------------------
Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter
diff --git a/cheat.spec b/cheat.spec
index d68749a..5a829f3 100644
--- a/cheat.spec
+++ b/cheat.spec
@@ -1,7 +1,7 @@
#
# spec file for package cheat
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,16 +25,22 @@ Group: Productivity/Other
URL: https://github.com/cheat/cheat
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
-BuildRequires: golang-packaging
+BuildRequires: golang(API) >= 1.24
%description
cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.
%prep
-%setup -q -a 1
+%autosetup -a 1
%build
-go build -mod=vendor -buildmode=pie -o cheat ./cmd/cheat
+%ifnarch ppc64
+export GOFLAGS="-buildmode=pie"
+%endif
+go build ./cmd/%{name}
+
+%check
+./%{name} --help
%install
install -D -m0755 %{name} %{buildroot}%{_bindir}/%{name}
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 0454889..effc29c 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:d402260db778eef389d8e5d3519e4cbfc2c4a2b547fa19d2b96c48b734fb9552
-size 3024687
+oid sha256:d2c5c7a1af2a99b98074fe0e1b77dc312713b341f11e40b91dd9b8be102def8a
+size 3296585