protobuf/3.27.3 package update #25350
Conversation
![octo-sts[bot]](https://avatars.githubusercontent.com/in/801323?s=60&v=4){kind=small}
octo-sts
bot
commented
Jul 31, 2024
octo-sts
bot
commented
Signed-off-by: wolfi-bot <[email protected]>
octo-sts
bot
added
request-version-update
Package protobuf: Click to expand/collapsePackage protobuf: Package protobuf-dev: Click to expand/collapsePackage protobuf-dev: Package protoc: Click to expand/collapsePackage protoc: Package libprotoc: Click to expand/collapsePackage libprotoc: Package libprotobuf: Click to expand/collapsePackage libprotobuf: Package libprotobuf-lite: Click to expand/collapsePackage libprotobuf-lite: bincapz found differences: Click to expand/collapseChanged: /tmp/wolfictl-apk-3238268210/protoc/usr/bin/protoc-27.3.0 [✅ LOW → ✅ ]1 removed behaviors
Changed: /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upb-27.3.0Moved: libprotobuf-lite/var/lib/db/sbom/libprotobuf-lite-3.27.2-r0.spdx.json -> /tmp/wolfictl-apk-3238268210/libprotobuf-lite/var/lib/db/sbom/libprotobuf-lite-3.27.3-r0.spdx.json (similarity: 0.99)Changed: /tmp/wolfictl-apk-3238268210/libprotobuf/var/lib/db/sbom/libprotobuf-3.27.3-r0.spdx.json [✅ →
|
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/download | download files | downloadLocation |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/96102ca1ace869f7951cb01318ef |
Moved: protobuf/usr/bin/protoc-gen-upb_minitable-27.2.0 -> /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upb_minitable-27.3.0 (similarity: 0.99)
Changed: /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upbdefs-27.3.0 [⚠️ MEDIUM → ✅ LOW]
1 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/words/plugin | references a 'plugin' | plugin |
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/3692785ae4fe2eed98aa5fd3a87e |
Changed: /tmp/wolfictl-apk-3238268210/libprotobuf-lite/usr/lib/libprotobuf-lite.so.27.3.0 [⚠️ MEDIUM → ✅ LOW]
1 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/3692785ae4fe2eed98aa5fd3a87e |
Moved: protobuf-dev/var/lib/db/sbom/protobuf-dev-3.27.2-r0.spdx.json -> /tmp/wolfictl-apk-3238268210/protobuf-dev/var/lib/db/sbom/protobuf-dev-3.27.3-r0.spdx.json (similarity: 0.99)
Changed: /tmp/wolfictl-apk-3238268210/protoc/var/lib/db/sbom/protoc-3.27.3-r0.spdx.json
Changed: /tmp/wolfictl-apk-3238268210/protobuf/var/lib/db/sbom/protobuf-3.27.3-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]
2 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/download | download files | downloadLocation |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/7b6245b5d30c484c3493b3f9abb1 |
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/words/plugin | references a 'plugin' | plugin |
Changed: /tmp/wolfictl-apk-3238268210/libprotoc/usr/lib/libprotoc.so.27.3.0
10 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/program | executes external programs | execvp |
| +MEDIUM | procfs/self/exe | gets executable associated to this process | /proc/self/exe |
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | env/USER | Looks up the USER name of the current user | USER getenv |
| +LOW | exec/program/background | wait for process to exit | waitpid |
| +LOW | fs/directory/create | creates directories | mkdir |
| +LOW | fs/directory/remove | Uses libc functions to remove directories | rmdir |
| +LOW | fs/link/read | read value of a symbolic link | readlink |
| +LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
| +LOW | ref/words/plugin | references a 'plugin' | First file chunk returned by plugin did not PluginProtosZ This compiler does not support plugins in which case the given plugin name pluginpb sent unparseable request to plugin users should use the Java Lite plugin instead |
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
Changed: /tmp/wolfictl-apk-3238268210/libprotobuf/usr/lib/libprotobuf.so.27.3.0 [⚠️ MEDIUM → ✅ LOW]
3 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | compression/gzip | works with gzip files | gzip |
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
Changed: /tmp/wolfictl-apk-3238268210/libprotoc/var/lib/db/sbom/libprotoc-3.27.3-r0.spdx.json
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
