-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
protobuf/3.27.3 package update #25350
Conversation
octo-sts
bot
commented
Jul 31, 2024
Signed-off-by: wolfi-bot <[email protected]>
Package protobuf: Click to expand/collapsePackage protobuf: Package protobuf-dev: Click to expand/collapsePackage protobuf-dev: Package protoc: Click to expand/collapsePackage protoc: Package libprotoc: Click to expand/collapsePackage libprotoc: Package libprotobuf: Click to expand/collapsePackage libprotobuf: Package libprotobuf-lite: Click to expand/collapsePackage libprotobuf-lite: bincapz found differences: Click to expand/collapseChanged: /tmp/wolfictl-apk-3238268210/protoc/usr/bin/protoc-27.3.0 [✅ LOW → ✅ ]1 removed behaviors
Changed: /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upb-27.3.0Moved: libprotobuf-lite/var/lib/db/sbom/libprotobuf-lite-3.27.2-r0.spdx.json -> /tmp/wolfictl-apk-3238268210/libprotobuf-lite/var/lib/db/sbom/libprotobuf-lite-3.27.3-r0.spdx.json (similarity: 0.99)Changed: /tmp/wolfictl-apk-3238268210/libprotobuf/var/lib/db/sbom/libprotobuf-3.27.3-r0.spdx.json [✅ →
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | downloadLocation |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/96102ca1ace869f7951cb01318ef |
Moved: protobuf/usr/bin/protoc-gen-upb_minitable-27.2.0 -> /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upb_minitable-27.3.0 (similarity: 0.99)
Changed: /tmp/wolfictl-apk-3238268210/protobuf/usr/bin/protoc-gen-upbdefs-27.3.0 [⚠️ MEDIUM → ✅ LOW]
1 new behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/words/plugin | references a 'plugin' | plugin |
2 removed behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/3692785ae4fe2eed98aa5fd3a87e |
Changed: /tmp/wolfictl-apk-3238268210/libprotobuf-lite/usr/lib/libprotobuf-lite.so.27.3.0 [⚠️ MEDIUM → ✅ LOW]
1 new behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
2 removed behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/3692785ae4fe2eed98aa5fd3a87e |
Moved: protobuf-dev/var/lib/db/sbom/protobuf-dev-3.27.2-r0.spdx.json -> /tmp/wolfictl-apk-3238268210/protobuf-dev/var/lib/db/sbom/protobuf-dev-3.27.3-r0.spdx.json (similarity: 0.99)
Changed: /tmp/wolfictl-apk-3238268210/protoc/var/lib/db/sbom/protoc-3.27.3-r0.spdx.json
Changed: /tmp/wolfictl-apk-3238268210/protobuf/var/lib/db/sbom/protobuf-3.27.3-r0.spdx.json [✅ LOW → ⚠️ MEDIUM]
2 new behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | net/download | download files | downloadLocation |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/7b6245b5d30c484c3493b3f9abb1 |
1 removed behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/words/plugin | references a 'plugin' | plugin |
Changed: /tmp/wolfictl-apk-3238268210/libprotoc/usr/lib/libprotoc.so.27.3.0
10 new behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | executes external programs | execvp |
+MEDIUM | procfs/self/exe | gets executable associated to this process | /proc/self/exe |
+LOW | encoding/base64 | Supports base64 encoded strings | base64 |
+LOW | env/USER | Looks up the USER name of the current user | USER getenv |
+LOW | exec/program/background | wait for process to exit | waitpid |
+LOW | fs/directory/create | creates directories | mkdir |
+LOW | fs/directory/remove | Uses libc functions to remove directories | rmdir |
+LOW | fs/link/read | read value of a symbolic link | readlink |
+LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
+LOW | ref/words/plugin | references a 'plugin' | First file chunk returned by plugin did not PluginProtosZ This compiler does not support plugins in which case the given plugin name pluginpb sent unparseable request to plugin users should use the Java Lite plugin instead |
1 removed behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |
Changed: /tmp/wolfictl-apk-3238268210/libprotobuf/usr/lib/libprotobuf.so.27.3.0 [⚠️ MEDIUM → ✅ LOW]
3 new behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | compression/gzip | works with gzip files | gzip |
+LOW | encoding/base64 | Supports base64 encoded strings | base64 |
+LOW | process/thread_local_storage | Uses glibc thread local storage | __tls_get_addr |
1 removed behaviors
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | net/download | download files | downloadLocation |