Accepting request 1145485 from devel:Factory:git-workflow:staging:dirkmueller:trivy:5
Update to 0.49.1 (🤖: Submission of trivy via #5 by dirkmueller) OBS-URL: https://build.opensuse.org/request/show/1145485 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=61
This commit is contained in:
commit
d4192f4986
@ -1,4 +1,4 @@
|
||||
mtime: 1701858137
|
||||
commit: 9bcf5b04b8e4b8e4ef33271ecf56c252063a907c
|
||||
mtime: 1707400276
|
||||
commit: 2104123c72636f1cd80a006a15bd8b68af402960
|
||||
url: https://src.opensuse.org/dirkmueller/trivy.git
|
||||
revision: 9bcf5b04b8e4b8e4ef33271ecf56c252063a907c
|
||||
revision: 2104123c72636f1cd80a006a15bd8b68af402960
|
||||
|
2
_service
2
_service
@ -2,7 +2,7 @@
|
||||
<service name="tar_scm" mode="manual">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.48.0</param>
|
||||
<param name="revision">v0.49.1</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="changesrevision">f2aa9bf3eb31468921491a071be60e9de8fd10bf</param></service></servicedata>
|
||||
<param name="changesrevision">6ccc0a554b07b05fd049f882a1825a0e1e0aabe1</param></service></servicedata>
|
BIN
trivy-0.48.0.tar.zst
(Stored with Git LFS)
BIN
trivy-0.48.0.tar.zst
(Stored with Git LFS)
Binary file not shown.
BIN
trivy-0.49.1.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.49.1.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
108
trivy.changes
108
trivy.changes
@ -1,3 +1,111 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 08 12:51:32 UTC 2024 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.49.1:
|
||||
* fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025)
|
||||
* docs: Fix broken link to "pronunciation" (#6057)
|
||||
* chore(deps): bump actions/upload-artifact from 3 to 4 (#6047)
|
||||
* chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)
|
||||
* chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)
|
||||
* ci: reduce `root-reserve-mb` size for `maximize-build-space` (#6064)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)
|
||||
* chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)
|
||||
* fix: fix cursor usage in Redis Clear function (#6056)
|
||||
* chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)
|
||||
* fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034)
|
||||
* chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)
|
||||
* chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)
|
||||
* chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)
|
||||
* test: fix flaky `TestDockerEngine` (#6054)
|
||||
* chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)
|
||||
* chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)
|
||||
* chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)
|
||||
* chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)
|
||||
* fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
|
||||
* chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)
|
||||
* fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
|
||||
* feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
|
||||
* docs: add note about Bun (#6001)
|
||||
* fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011)
|
||||
* fix: check returned error before deferring f.Close() (#6007)
|
||||
* feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
|
||||
* feat(vuln): enable `--vex` for all targets (#5992)
|
||||
* docs: update link to data sources (#6000)
|
||||
* feat(java): add support for line numbers for pom.xml files (#5991)
|
||||
* refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981)
|
||||
* docs: Update troubleshooting guide with image not found error (#5983)
|
||||
* style: update band logos (#5968)
|
||||
* chore(deps): Update misconfig deps (#5956)
|
||||
* docs: update cosign tutorial and commands, update kyverno policy (#5929)
|
||||
* docs: update command to scan go binary (#5969)
|
||||
* fix: handle non-parsable images names (#5965)
|
||||
* chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)
|
||||
* fix(amazon): save system files for pkgs containing `amzn` in src (#5951)
|
||||
* fix(alpine): Add EOL support for alpine 3.19. (#5938)
|
||||
* feat: allow end-users to adjust K8S client QPS and burst (#5910)
|
||||
* chore(deps): bump go-ebs-file (#5934)
|
||||
* fix(nodejs): find licenses for packages with slash (#5836)
|
||||
* fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922)
|
||||
* fix: ignore no init containers (#5939)
|
||||
* docs: Fix documentation of ecosystem (#5940)
|
||||
* docs(misconf): multiple ignores in comment (#5926)
|
||||
* fix(secret): find aws secrets ending with a comma or dot (#5921)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)
|
||||
* docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
|
||||
* fix(java): don't remove excluded deps from upper pom's (#5838)
|
||||
* fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630)
|
||||
* feat(vex): add PURL matching for CSAF VEX (#5890)
|
||||
* fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901)
|
||||
* revert(report): don't escape new line characters for sarif format (#5897)
|
||||
* docs: improve filter by rego (#5402)
|
||||
* chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)
|
||||
* docs: add_scan2html_to_trivy_ecosystem (#5875)
|
||||
* fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
|
||||
* feat(vex): Add support for CSAF format (#5535)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)
|
||||
* chore(deps): bump actions/setup-go from 4 to 5 (#5845)
|
||||
* chore(deps): bump actions/stale from 8 to 9 (#5846)
|
||||
* chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)
|
||||
* chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)
|
||||
* chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)
|
||||
* chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)
|
||||
* chore(deps): bump actions/setup-python from 4 to 5 (#5848)
|
||||
* feat(python): parse licenses from dist-info folder (#4724)
|
||||
* chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)
|
||||
* feat(nodejs): add yarn alias support (#5818)
|
||||
* chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)
|
||||
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)
|
||||
* chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)
|
||||
* refactor: propagate time through context values (#5858)
|
||||
* refactor: move PkgRef under PkgIdentifier (#5831)
|
||||
* fix(cyclonedx): fix unmarshal for licenses (#5828)
|
||||
* chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)
|
||||
* feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#5822)
|
||||
* chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#5809)
|
||||
* chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#5805)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 14:18:46 UTC 2023 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.48.1:
|
||||
* chore(deps): bump trivy-iac to v0.7.1 (#5797)
|
||||
* fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
|
||||
* refactor(sbom): disable html escaping for CycloneDX (#5764)
|
||||
* refactor(purl): use `pub` from `package-url` (#5784)
|
||||
* docs(python): add note to using `pip freeze` for `compatible releases` (#5760)
|
||||
* fix(report): use OS information for OS packages purl in `github` template (#5783)
|
||||
* fix(report): fix error if miconfigs are empty (#5782)
|
||||
* refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
|
||||
* fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
|
||||
* docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
|
||||
* fix(report): update Gitlab template (#5721)
|
||||
* feat(secret): add support of GitHub fine-grained tokens (#5740)
|
||||
* fix(misconf): add an image misconf to result (#5731)
|
||||
* feat(secret): added support of Docker registry credentials (#5720)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)
|
||||
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 06 10:00:18 UTC 2023 - dmueller@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: trivy
|
||||
Version: 0.48.0
|
||||
Version: 0.49.1
|
||||
Release: 0
|
||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||
License: Apache-2.0
|
||||
@ -25,7 +25,7 @@ Group: System/Management
|
||||
URL: https://github.com/aquasecurity/trivy
|
||||
Source: %{name}-%{version}.tar.zst
|
||||
Source1: vendor.tar.zst
|
||||
BuildRequires: golang(API) = 1.20
|
||||
BuildRequires: golang(API) = 1.21
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
Requires: ca-certificates
|
||||
|
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user