pool/govulncheck
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

4 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
5879e34aab Accepting request 1301282 from devel:languages:go 
- Packaging improvements:
  * Update to BuildRequires: golang(API) >= 1.25 latest table.
    This tool requires the latest stable Go toolchain to check
    other Go applications using that latest stable version of Go.
  * Refs boo#1248678 (forwarded request 1301277 from jfkw)

OBS-URL: https://build.opensuse.org/request/show/1301282
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/govulncheck?expand=0&rev=12
 2025-08-25 18:39:27 +00:00
Jeff Kowalczyk
e9658356c8 - Packaging improvements: 
* Update to BuildRequires: golang(API) >= 1.25 latest table.
    This tool requires the latest stable Go toolchain to check
    other Go applications using that latest stable version of Go.
  * Refs boo#1248678

OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/govulncheck?expand=0&rev=23
 2025-08-25 13:23:19 +00:00
Ana Guerrero
64f9b7f449 Accepting request 1237548 from devel:languages:go 
- Update to version 1.1.4:
  * go.mod: update golang.org/x dependencies
  * go.mod: update golang.org/x dependencies
  * cmd/govulncheck: remove unnecessary fixups
  * cmd/govulncheck: better mask new (sbom) versions
  * cmd/govulncheck: mask dirty dependency versions
  * cmd/govulncheck: add missing test data
  * cmd/govulncheck: set gotypesalias=1 when using >=1.23 toolchain
  * go.mod: update golang.org/x dependencies
  * internal/sarif: use empty arrays instead of nils
  * cmd/govulncheck/testdata: expand set of go versions in fixup
  * cmd/govulncheck: remove unused fixup
  * internal/scan: add amounts to sbom text output
  * internal/scan: remove 'scanning n packages...' msg
  * internal/scan: add SBOM to text output
  * internal/vulncheck: pass SBOM to handlers
  * go.mod: update golang.org/x dependencies
  * internal/semver: add SemverToGoTag
  * internal/govulncheck: add sbom message type
  * internal/openvex: refactor PURL
  * internal/openvex: populate product subcomponents
  * internal/scan: do not show stacks in traces mode for binaries
  * internal/scan: reorganize trace text layout in trace mode
  * go.mod: update golang.org/x dependencies
  * internal/vulncheck: remove use of ssautil.AllFunctions
  * cmd/govulncheck: update test file for main module vulnerabilities
  * cmd/govulncheck: add docs on detecting main module vulns
  * go.mod: update golang.org/x dependencies
- Packaging improvements:
  * Update to BuildRequires: golang(API) >= 1.22 matching go.mod (forwarded request 1237547 from jfkw)

OBS-URL: https://build.opensuse.org/request/show/1237548
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/govulncheck?expand=0&rev=11
 2025-01-14 15:22:36 +00:00
Jeff Kowalczyk
38f89c8bc1 - Update to version 1.1.4: 
* go.mod: update golang.org/x dependencies
  * go.mod: update golang.org/x dependencies
  * cmd/govulncheck: remove unnecessary fixups
  * cmd/govulncheck: better mask new (sbom) versions
  * cmd/govulncheck: mask dirty dependency versions
  * cmd/govulncheck: add missing test data
  * cmd/govulncheck: set gotypesalias=1 when using >=1.23 toolchain
  * go.mod: update golang.org/x dependencies
  * internal/sarif: use empty arrays instead of nils
  * cmd/govulncheck/testdata: expand set of go versions in fixup
  * cmd/govulncheck: remove unused fixup
  * internal/scan: add amounts to sbom text output
  * internal/scan: remove 'scanning n packages...' msg
  * internal/scan: add SBOM to text output
  * internal/vulncheck: pass SBOM to handlers
  * go.mod: update golang.org/x dependencies
  * internal/semver: add SemverToGoTag
  * internal/govulncheck: add sbom message type
  * internal/openvex: refactor PURL
  * internal/openvex: populate product subcomponents
  * internal/scan: do not show stacks in traces mode for binaries
  * internal/scan: reorganize trace text layout in trace mode
  * go.mod: update golang.org/x dependencies
  * internal/vulncheck: remove use of ssautil.AllFunctions
  * cmd/govulncheck: update test file for main module vulnerabilities
  * cmd/govulncheck: add docs on detecting main module vulns
  * go.mod: update golang.org/x dependencies
- Packaging improvements:
  * Update to BuildRequires: golang(API) >= 1.22 matching go.mod

OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/govulncheck?expand=0&rev=21
 2025-01-13 19:14:43 +00:00
7 changed files with 58 additions and 10 deletions
Expand all files Collapse all files

2
_service
View File

@@ -3,7 +3,7 @@
<param name="url">https://github.com/golang/vuln.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.1.3</param>
<param name="revision">v1.1.4</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

2
_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/golang/vuln.git</param>
<param name="changesrevision">4ea4418106cea3bb2c9aa098527c924e9e1fbbb4</param></service></servicedata>
<param name="changesrevision">d1f380186385b4f64e00313f31743df8e4b89a77</param></service></servicedata>

BIN
govulncheck-1.1.3.tar.gz LFS
View File

Binary file not shown.

BIN
govulncheck-1.1.4.tar.gz LFS Normal file
View File

Binary file not shown.

48
govulncheck.changes
View File

@@ -1,3 +1,51 @@
-------------------------------------------------------------------
Mon Aug 25 13:07:21 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* Update to BuildRequires: golang(API) >= 1.25 latest table.
This tool requires the latest stable Go toolchain to check
other Go applications using that latest stable version of Go.
* Refs boo#1248678
-------------------------------------------------------------------
Mon Jan 13 18:11:03 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 1.1.4:
* go.mod: update golang.org/x dependencies
* go.mod: update golang.org/x dependencies
* cmd/govulncheck: remove unnecessary fixups
* cmd/govulncheck: better mask new (sbom) versions
* cmd/govulncheck: mask dirty dependency versions
* cmd/govulncheck: add missing test data
* cmd/govulncheck: set gotypesalias=1 when using >=1.23 toolchain
* go.mod: update golang.org/x dependencies
* internal/sarif: use empty arrays instead of nils
* cmd/govulncheck/testdata: expand set of go versions in fixup
* cmd/govulncheck: remove unused fixup
* internal/scan: add amounts to sbom text output
* internal/scan: remove 'scanning n packages...' msg
* internal/scan: add SBOM to text output
* internal/vulncheck: pass SBOM to handlers
* go.mod: update golang.org/x dependencies
* internal/semver: add SemverToGoTag
* internal/govulncheck: add sbom message type
* internal/openvex: refactor PURL
* internal/openvex: populate product subcomponents
* internal/scan: do not show stacks in traces mode for binaries
* internal/scan: reorganize trace text layout in trace mode
* go.mod: update golang.org/x dependencies
* internal/vulncheck: remove use of ssautil.AllFunctions
* cmd/govulncheck: update test file for main module vulnerabilities
* cmd/govulncheck: add docs on detecting main module vulns
* go.mod: update golang.org/x dependencies
* cmd/govulncheck: update unit tests
* internal/vulncheck: properly check for main package vulns
* internal/vulncheck: explicitly exclude devel from affected ranges
* internal/vulncheck: consider main module when checking bin vulns
* internal/vulncheck: exclude dev go versions from ancient check
- Packaging improvements:
* Update to BuildRequires: golang(API) >= 1.22 matching go.mod
-------------------------------------------------------------------
Wed Oct 16 14:47:39 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>

6
govulncheck.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package govulncheck
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: govulncheck
Version: 1.1.3
Version: 1.1.4
Release: 0
Summary: CLI tool to report known CVE vulnerabilities in Go source code and binaries
License: BSD-3-Clause
@@ -25,7 +25,7 @@ Group: Development/Languages/Go
URL: https://github.com/golang/vuln
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) >= 1.21
BuildRequires: golang(API) >= 1.25
# Required to build on SLE-12
ExcludeArch: s390

BIN
vendor.tar.gz LFS
View File

Binary file not shown.