SUSE-RU-2025:03527-1: moderate: Recommended update for govulncheck

[SLE-UPDATES]

# Recommended update for govulncheck

Announcement ID: SUSE-RU-2025:03527-1  
Release Date: 2025-10-10T11:50:00Z  
Rating: moderate  
References:

  * bsc#1248678

  
Affected Products:

  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Package Hub 15 15-SP6

  
  
An update that has one fix can now be installed.

## Description:

This update for govulncheck fixes the following issues:

Update to version 1.1.4:

  * go.mod: update golang.org/x dependencies
  * go.mod: update golang.org/x dependencies
  * cmd/govulncheck: remove unnecessary fixups
  * cmd/govulncheck: better mask new (sbom) versions
  * cmd/govulncheck: mask dirty dependency versions
  * cmd/govulncheck: add missing test data
  * cmd/govulncheck: set gotypesalias=1 when using >=1.23 toolchain
  * go.mod: update golang.org/x dependencies
  * internal/sarif: use empty arrays instead of nils
  * cmd/govulncheck/testdata: expand set of go versions in fixup
  * cmd/govulncheck: remove unused fixup
  * internal/scan: add amounts to sbom text output
  * internal/scan: remove 'scanning n packages...' msg
  * internal/scan: add SBOM to text output
  * internal/vulncheck: pass SBOM to handlers
  * go.mod: update golang.org/x dependencies
  * internal/semver: add SemverToGoTag
  * internal/govulncheck: add sbom message type
  * internal/openvex: refactor PURL
  * internal/openvex: populate product subcomponents
  * internal/scan: do not show stacks in traces mode for binaries
  * internal/scan: reorganize trace text layout in trace mode
  * go.mod: update golang.org/x dependencies
  * internal/vulncheck: remove use of ssautil.AllFunctions
  * cmd/govulncheck: update test file for main module vulnerabilities
  * cmd/govulncheck: add docs on detecting main module vulns
  * go.mod: update golang.org/x dependencies
  * cmd/govulncheck: update unit tests
  * internal/vulncheck: properly check for main package vulns
  * internal/vulncheck: explicitly exclude devel from affected ranges
  * internal/vulncheck: consider main module when checking bin vulns
  * internal/vulncheck: exclude dev go versions from ancient check

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-3527=1

  * SUSE Package Hub 15 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3527=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * govulncheck-1.1.4-150000.1.6.1
    * govulncheck-debuginfo-1.1.4-150000.1.6.1
  * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
    * govulncheck-1.1.4-150000.1.6.1
    * govulncheck-debuginfo-1.1.4-150000.1.6.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1248678

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20251010/a5e5ce92/attachment.htm>