* update go, goreleaser and update/clean ci
* Bump kubernetes-sigs/release-actions in the all group
* Bump sigs.k8s.io/release-utils from 0.12.1 to 0.12.2 in the all group
- Packaging improvements:
* Update to BuildRequires: golang(API) >= 1.25 matching go.mod
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/vexctl?expand=0&rev=7
- Update to version 0.3.0+git181.33bac59:
* Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 in the all group
* Fix break w/cosign 2.6.0
* Bump cosign & go-vex
* Bump the all group across 1 directory with 2 updates
* Fix 2.4 linter nits
* Bump softprops/action-gh-release from 2.3.2 to 2.3.3 in the all group
* Bump github.com/spf13/cobra from 1.9.1 to 1.10.1
* Bump actions/setup-go from 5.5.0 to 6.0.0
* Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 in the all group
* Bump github.com/stretchr/testify from 1.10.0 to 1.11.0
* Bump github.com/go-viper/mapstructure/v2 in the go_modules group
* Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 in the all group
* update release-utils and fix pkg name
* Bump actions/checkout from 4.2.2 to 5.0.0
* Bump github.com/secure-systems-lab/go-securesystemslib in the all group
* Bump github.com/sigstore/rekor from 1.3.10 to 1.4.0
* Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.0
* Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.5.3 in the all group
* Bump github.com/go-viper/mapstructure/v2 in the go_modules group
* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.5.1 to 2.5.2 in the all group
* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 in the all group
* Bump the all group with 2 updates
* migrate config to v2
* Bump golangci/golangci-lint-action from 6.5.2 to 8.0.0
- Packaging improvements:
* _service tar_scm versionrewrite-pattern v(.*?)(\+git0\.?.*?)?$
which includes git offset only if offset exists. Useful for (forwarded request 1306380 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1306381
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vexctl?expand=0&rev=3
* Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 in the all group
* Fix break w/cosign 2.6.0
* Bump cosign & go-vex
* Bump the all group across 1 directory with 2 updates
* Fix 2.4 linter nits
* Bump softprops/action-gh-release from 2.3.2 to 2.3.3 in the all group
* Bump github.com/spf13/cobra from 1.9.1 to 1.10.1
* Bump actions/setup-go from 5.5.0 to 6.0.0
* Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 in the all group
* Bump github.com/stretchr/testify from 1.10.0 to 1.11.0
* Bump github.com/go-viper/mapstructure/v2 in the go_modules group
* Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 in the all group
* update release-utils and fix pkg name
* Bump actions/checkout from 4.2.2 to 5.0.0
* Bump github.com/secure-systems-lab/go-securesystemslib in the all group
* Bump github.com/sigstore/rekor from 1.3.10 to 1.4.0
* Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.0
* Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.5.3 in the all group
* Bump github.com/go-viper/mapstructure/v2 in the go_modules group
* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.5.1 to 2.5.2 in the all group
* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 in the all group
* Bump the all group with 2 updates
* migrate config to v2
* Bump golangci/golangci-lint-action from 6.5.2 to 8.0.0
- Packaging improvements:
* _service tar_scm versionrewrite-pattern v(.*?)(\+git0\.?.*?)?$
which includes git offset only if offset exists. Useful for
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/vexctl?expand=0&rev=5
- Update to version 0.3.0+git133.ff97560:
* Upstream has not had a recent tagged release to pick up
dependency updates committed to main branch.
- Packaging improvements:
* _service tar_scm set revision to branch main until upstream
next has a tagged release
* _service tar_scm when revision is a branch name e.g. master
use versionformat @PARENT_TAG@+git@TAG_OFFSET@.%h to represent
git commit history included beyond last tagged release. Archive
name will be: name-X.Y.Z+gitN.shortsha.tar.gz. When upstream
project resumes tagged releases drop the param versionformat
and restore revision to tag name e.g. vX.Y.Z.
* Update to BuildRequires: golang(API) >= 1.24 matching go.mod
* %install remove extraneous comment and dest path quoting (forwarded request 1286233 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1286234
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vexctl?expand=0&rev=2
- Update to version 0.3.0+git133.ff97560:
* Upstream has not had a recent tagged release to pick up
dependency updates committed to main branch.
- Packaging improvements:
* _service tar_scm set revision to branch main until upstream
next has a tagged release
* _service tar_scm when revision is a branch name e.g. master
use versionformat @PARENT_TAG@+git@TAG_OFFSET@.%h to represent
git commit history included beyond last tagged release. Archive
name will be: name-X.Y.Z+gitN.shortsha.tar.gz. When upstream
project resumes tagged releases drop the param versionformat
and restore revision to tag name e.g. vX.Y.Z.
* Update to BuildRequires: golang(API) >= 1.24 matching go.mod
* %install remove extraneous comment and dest path quoting
OBS-URL: https://build.opensuse.org/request/show/1286233
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/vexctl?expand=0&rev=3
New package vexctl version 0.3.0 is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product.
VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.
OBS-URL: https://build.opensuse.org/request/show/1225194
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vexctl?expand=0&rev=1
