Accepting request 930653 from devel:kubic

- Update to version 0.20.2:
  * docs: update builtin.md (#1335)
  * chore: fix issues with Homebrew formula (#1329)
  * chore: bump GoReleaser to v0.183.0 (#1328)
  * docs: update iac.md for a typo (#1326)
  * docs: typo fix (#1308)
  * Add new networking API features to Ingress (#1262)
  * chore(release): bump up GoReleaser to v0.182.1 (#1299)
  * fix(yarn): support quoted version (#1298)
  * feat(custom-forward): Forward the extended advisory data (#1247)
  * feat(javascript) : Initialize npm driver for javascript packages (#1289)
  * fix(cli): fix incorrect comparision of DB metadata type. (#1286)
  * docs: add footer to readme (#1281)
  * feat(report): add package path (#1274)
  * feat(command): add rootfs command (#1271)
  * fix: update fanal (#1272)
  * feat(commands): remove deprecated options (#1270)
  * Aggregate jar result for table (#1269)
  * BREAKING(report): migrate to new json schema (#1265)
  * feat: improve --skip-dirs and --skip-files (#1249)
  * fix(gobinary): skip large files (#1259)
  * Disable library analyzer for OS only scan type (#1191)
  * chore: update trivy version (#1252)
  * refactor: move from io/ioutil to io and os package (#1245)
  * fix: brew test command (#1253)
  * fix:added layer info in packages (#1248)
  * fix(go/binary): improve debug messages (#1244)
  * Update db.go (#1199)
  * fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
  * feat(debian): support the versions that reached EOL (#1237)

OBS-URL: https://build.opensuse.org/request/show/930653
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=10

0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch

@@ -1,42 +0,0 @@
-From 4a321591fb95f317dc90dfda9a7815a6902a9ed6 Mon Sep 17 00:00:00 2001
-From: Dirk Mueller <dirk@dmllr.de>
-Date: Thu, 10 Jun 2021 14:41:09 +0200
-Subject: [PATCH] suse: mark sle 15.3 as maintained, add opensuse 15.3
-
-SLE 15.3 is about to be released and will be maintained until
-6 months after 15.4. this allows us to guess the 15 SP2 EOL date,
-so updating that as well.
----
- pkg/detector/ospkg/suse/suse.go | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
-index 6216840..2cba114 100644
---- a/pkg/detector/ospkg/suse/suse.go
-+++ b/pkg/detector/ospkg/suse/suse.go
-@@ -38,10 +38,11 @@ var (
- 		"12.5": time.Date(2024, 10, 31, 23, 59, 59, 0, time.UTC),
- 		"15":   time.Date(2019, 12, 31, 23, 59, 59, 0, time.UTC),
- 		"15.1": time.Date(2021, 1, 31, 23, 59, 59, 0, time.UTC),
--		// 6 months after SLES 15 SP3 release
--		"15.2": time.Date(2021, 10, 31, 23, 59, 59, 0, time.UTC),
-+		"15.2": time.Date(2021, 12, 31, 23, 59, 59, 0, time.UTC),
- 		// 6 months after SLES 15 SP4 release
--		// "15.3":   time.Date(2028, 7, 31, 23, 59, 59, 0, time.UTC),
-+		"15.3":   time.Date(2028, 7, 31, 23, 59, 59, 0, time.UTC),
-+		// 6 months after SLES 15 SP5 release
-+		// "15.4":   time.Date(2028, 7, 31, 23, 59, 59, 0, time.UTC),
- 	}
- 
- 	opensuseEolDates = map[string]time.Time{
-@@ -52,6 +53,7 @@ var (
- 		"15.0": time.Date(2019, 12, 3, 23, 59, 59, 0, time.UTC),
- 		"15.1": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
- 		"15.2": time.Date(2021, 11, 30, 23, 59, 59, 0, time.UTC),
-+		"15.3": time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC),
- 	}
- )
- 
--- 
-2.31.1
-

_service

@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.18.3</param>
+    <param name="revision">v0.20.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">85e45cad958c60245f848a9cf3bf103bb8efdd6e</param></service></servicedata>
+              <param name="changesrevision">5dc8cfe55d808c39ae0d785710a7107d6e6de06b</param></service></servicedata>

trivy.changes

@@ -1,3 +1,105 @@
+-------------------------------------------------------------------
+Wed Nov 10 11:42:19 UTC 2021 - dmueller@suse.com
+
+- Update to version 0.20.2:
+  * docs: update builtin.md (#1335)
+  * chore: fix issues with Homebrew formula (#1329)
+  * chore: bump GoReleaser to v0.183.0 (#1328)
+  * docs: update iac.md for a typo (#1326)
+  * docs: typo fix (#1308)
+  * Add new networking API features to Ingress (#1262)
+  * chore(release): bump up GoReleaser to v0.182.1 (#1299)
+  * fix(yarn): support quoted version (#1298)
+  * feat(custom-forward): Forward the extended advisory data (#1247)
+  * feat(javascript) : Initialize npm driver for javascript packages (#1289)
+  * fix(cli): fix incorrect comparision of DB metadata type. (#1286)
+  * docs: add footer to readme (#1281)
+  * feat(report): add package path (#1274)
+  * feat(command): add rootfs command (#1271)
+  * fix: update fanal (#1272)
+  * feat(commands): remove deprecated options (#1270)
+  * Aggregate jar result for table (#1269)
+  * BREAKING(report): migrate to new json schema (#1265)
+  * feat: improve --skip-dirs and --skip-files (#1249)
+  * fix(gobinary): skip large files (#1259)
+  * Disable library analyzer for OS only scan type (#1191)
+  * chore: update trivy version (#1252)
+  * refactor: move from io/ioutil to io and os package (#1245)
+  * fix: brew test command (#1253)
+  * fix:added layer info in packages (#1248)
+  * fix(go/binary): improve debug messages (#1244)
+  * Update db.go (#1199)
+  * fix(deps): fix CVE-2021-32760 for github.com/containerd/containerd (#1243)
+  * feat(debian): support the versions that reached EOL (#1237)
+  * feat(alpine): support unfixed vulnerabilities (#1235)
+  * feat(report): add image config (#1231)
+  * feat(nodejs): support package.json (#1225)
+  * refactor: use testing DB instead of mock (#1234)
+  * feat(ruby): support gemspec (#1224)
+  * feat(python): add packaging detector and respective hook (#1223)
+  * feat(license): Added support to new License field of go-dep-parser's library (#1167)
+  * fix(oracle): handle advisories contain ksplice versions (#1209)
+  * fix(docs): remove OSVDB advisories (#1215)
+  * docs: fix typos in CONTRIBUTING.md (#1181)
+  * Update EOL of Debian 11 (#1180)
+  * fix(plugin): resolve a closure (#1207)
+  * docs: fix typo (#1206)
+  * fix(detector): change an argument for trivy-db getter (#1203)
+  * chore(mod): update fanal (#1179)
+  * Add license info to package data (#1176)
+  * feat(nuget): support packages.config (#1095)
+  * feat(python): add support for requirements.txt (#1169)
+  * GitLab CI integration documentation (#1168)
+  * chore(gorelease) change goreleaser config to include template examples (#1138)
+  * chore(deps): bump dmnemec/copy_file_to_another_repo_action (#1153)
+  * chore(deps): bump actions/stale from 3 to 4 (#1152)
+  * feat(report): add end of service life flag to OS metadata (#1142)
+  * chore: set up Dependabot for github-actions and docker (#1128)
+  * docs: fix typo (#1149)
+  * docs: add some external links (#1147)
+  * chore (release): add ubuntu esm versions to deploy script (#1151)
+  * docs(troubleshooting) add urls which are required to download vuls db (#1137)
+  * Updated the Alpine Image to 3.14 (latest) (#1130)
+  * Added EOL for Ubuntu 21.10 (#1131)
+  * fix(image): disabled scanning of config files within container images (#1133)
+  * docs: fixed typo (#1124)
+  * update cyclonedx github action to v0.3.0 (#1127)
+  * fix(policy): fix panic on the first run (#1116)
+  * docs(misconf): add comparison with Conftest and tfsec (#1111)
+  * feat(report): add schema version (#1110)
+  * fix(scan): change unknown os from info to debug (#1109)
+  * docs: add misconfiguration (#1101)
+  * fix(config): rename include-successes with include-non-failures (#1107)
+  * feat(config): support --trace (#1106)
+  * fix(policy): reduce the Internet access (#1105)
+  * chore: bump golangci-lint to v1.41.1 (#1104)
+  * feat: support config scanning (#931)
+  * feat(report): add artifact metadata (#1079)
+  * Generate SBOM (#1076)
+  * fix(db): multiple prefixed data sources (#1070)
+  * Add EOL date for Alpine 3.14 (#1072)
+  * suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059)
+  * docs: improve data sources (#1069)
+  * chore(label): add kind/security-advisory (#1068)
+  * fix(asff): replace slice with substr (#1058)
+  * fix(helm-chart): parametrized ingress host path (#1049)
+  * feat: support Google Artifact Repository (#1055)
+  * Update ASFF template to use label for severity (#1047)
+  * BREAKING: migrate to a new JSON schema (#782)
+  * docs: Fix link to AWS Security Hub template (#1046)
+  * refactor(server): support gzip (#1045)
+  * chore(rpc): update protoc and twirp (#1044)
+  * Added support for list all packages flag in client (#1032)
+  * chore: chart with 0.18.3 (#1033)
+  * feat: add gitlab codequality template (#895)
+  * feat(plugin): add aqua plugin (#1029)
+  * fix(go): if patchedVersion is empty mark it as vulnerable (#1030)
+  * docs(ubuntu): fix supported versions (#1028)
+  * Support Ubuntu 21.04 (#1027)
+  * chore: remove codecov (#1016)
+  * fix typo on github-actions.md (#1022)
+- drop 0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch (upstream)
+
 -------------------------------------------------------------------
 Thu Jun 10 12:46:10 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

trivy.spec

@@ -19,7 +19,7 @@
 
 %global goipath github.com/aquasecurity/trivy
 Name:           trivy
-Version:        0.18.3
+Version:        0.20.2
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@@ -27,7 +27,6 @@ Group:          System/Management
 URL:            https://github.com/aquasecurity/trivy
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
-Patch0:         0001-suse-mark-sle-15.3-as-maintained-add-opensuse-15.3.patch
 BuildRequires:  golang-packaging
 BuildRequires:  golang(API) >= 1.16
 Requires:       ca-certificates