Overview

File cheat.changes of Package cheat

-------------------------------------------------------------------
Mon Feb 16 08:55:59 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 5.1.0:
  * --update / -u flag: Pull the latest changes for all git-backed
    cheatpaths from the CLI. Reports per-path status (ok, skipped, error).
    Works with --path filtering to update specific cheatpaths. Supports
    SSH remotes via key file discovery and SSH agent. (#552)
  Documentation:
  * Fixed config filename references in man page (conf.yaml → conf.yml)
  * Added missing /etc/cheat/conf.yml config search path to man page
  * Fixed stale code references in CLAUDE.md, HACKING.md, and ADRs
  * Updated Go version requirement in INSTALLING.md

-------------------------------------------------------------------
Mon Feb 16 08:55:01 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 5.0.0:
  * Migrated from docopt to cobra (#768, #705, #632, #476)
  * Dynamic shell completions
  Breaking changes:
  * The static completion scripts under scripts/ have been removed. Users must
    regenerate completions using cheat --completion <shell>.
  * The CHEAT_USE_FZF environment variable is no longer supported.
  Bug fixes:
  * Fixed _init_completion: command not found error (#768)
  * Fixed autocompletion not working (#705)
  * Fixed zsh autocompletion not resolving cheatsheet names (#632)

-------------------------------------------------------------------
Mon Feb 16 08:54:40 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.7.1:
  * Internal cleanup and project restructuring. No user-facing behavior changes

-------------------------------------------------------------------
Mon Feb 16 08:54:08 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.7.0:
  * Brief list output (-b/--brief)

-------------------------------------------------------------------
Mon Feb 16 08:53:17 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.6.0:
  New Features:
  * Recursive .cheat directory discovery: cheat now walks up the directory
    tree to find .cheat directories, mirroring how git discovers .git
    directories. Place a .cheat directory at your project root and it
    will be available from any subdirectory. (#602)
  Documentation:
  * ADR-004: documents the design decisions for recursive .cheat discovery
  * Updated README and package docs to describe the new behaviour

-------------------------------------------------------------------
Mon Feb 16 08:52:48 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.5.2:
  Bug Fixes:
  * Static binaries: Build with CGO_ENABLED=0 to produce fully static binaries (#744)
  * Editor env vars: Respect $VISUAL and $EDITOR environment variables at runtime (#589)
  * .git in path: Fix cheatsheets being silently skipped when the cheatpath contains a directory ending in .git (#711)
  Other Changes:
  * Remove dead Homebrew formula bump workflow
  * Move ADRs from doc/adr/ to adr/ for discoverability

-------------------------------------------------------------------
Mon Feb 16 08:51:14 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.5.1:
  * Fix first-run experience (#721, #730, #771): Declining community
    cheatsheets during initial setup no longer causes errors on subsequent
    runs. config.New() now skips missing cheatpaths with a warning instead of a fatal error.
  * Fix --init output (#773): cheat --init now comments out the community
    cheatpath by default and includes clone instructions, so the output
    works as a config file without modification.
  * Fix stdin buffering in installer prompts: The installer's interactive
    prompts now read stdin without buffering, allowing cheat to be
    scripted (e.g., printf "y\nn\n" | cheat).
  * Fix frontmatter parsing on Windows: Line ending detection in cheatsheet
    frontmatter now inspects file content instead of checking runtime.GOOS,
    fixing parsing failures when files have Unix line endings on Windows.
  * CI modernized: Go 1.26, GitHub Actions v4/v5, Windows added to test matrix
  * Dependencies updated (addresses dependabot CVEs in golang.org/x/crypto, golang.org/x/net)
  * End-to-end integration tests added for first-run experience
  * Dockerfile updated to Go 1.26

-------------------------------------------------------------------
Mon Feb 16 08:50:19 UTC 2026 - Michael Vetter <mvetter@suse.com>

- Update to 4.5.0:
  Bug Fixes:
  * Fix inverted pager detection logic (returned error string instead of path)
  * Fix repo.Clone ignoring destination directory parameter
  * Fix sheet loading using append on pre-sized slices, causing nil entries
  * Clean up partial files on copy failure
  * Trim whitespace from editor config during loading
  Security:
  * Add path traversal protection for cheatsheet names
  Performance:
  * Move regex compilation outside search loop
  * Replace O(n²) string concatenation with strings.Join in search
  Build & Testing:
  * Remove go:generate; embed config and usage as string literals
  * Parallelize release builds
  * Add fuzz testing infrastructure
  * Improve test coverage from 38.9% to 50.2%
  Documentation:
  * Fix inaccurate code examples in HACKING.md
  * Add missing --conf and --all options to man page
  * Add ADRs for path traversal, env parsing, and search parallelization
  * Update CONTRIBUTING.md to reflect project policy

-------------------------------------------------------------------
Thu Nov 27 08:11:59 UTC 2025 - Witek Bedyk <witold.bedyk@suse.com>

- Security:
  * CVE-2025-47913: Fix client process termination (bsc#1253593)
  * CVE-2025-58181: Fix potential unbounded memory consumption
    (bsc#1253922)
  * CVE-2025-47914: Fix panic due to an out of bounds read
    (bsc#1254051)
  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
  * Replace golang.org/x/net=golang.org/x/net@v0.47.0
  * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0

-------------------------------------------------------------------
Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>

- Packaging improvements:
  * Drop Requires: golang-packaging. The recommended Go toolchain
    dependency expression is BuildRequires: golang(API) >= 1.x or
    optionally the metapackage BuildRequires: go
  * Use BuildRequires: golang(API) >= 1.19 matching go.mod
  * Build PIE with pattern that may become recommended procedure:
    %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
    A go toolchain buildmode default config would be preferable
    but none exist at this time.
  * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
  * Remove go build -o output binary location and name. Default
    binary has the same name as package of func main() and is
    placed in the top level of the build directory.
  * Add basic %check to execute binary --help

-------------------------------------------------------------------
Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>

- Packaging improvements:
  * Service go_modules replace dependencies with CVEs
  * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
    Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
  * Replace golang.org/x/net=golang.org/x/net@v0.36.0
    Fixes GO-2025-3503 CVE-2025-22870
  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
    Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
    Fixes GO-2025-3487 CVE-2025-22869
  * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
    Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
    Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
  * Service tar_scm set mode manual from disabled
  * Service tar_scm create archive from git so we can exclude
    vendor directory upstream committed to git. Committed vendor
    directory contents have build issues even after go mod tidy.
  * Service tar_scm exclude dir vendor
  * Service set_version set mode manual from disabled
  * Service set_version remove param basename not needed

-------------------------------------------------------------------
Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter <mvetter@suse.com>

- bsc#1247629 (CVE-2025-21613):
  * Use go-git 5.13.0 via replace in _service

-------------------------------------------------------------------
Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter <mvetter@suse.com>

- Update to 4.4.2:
  * Bump chroma to newest version
  * Remove plan9 support due to build failure
  * Upgrade to yaml.v3

-------------------------------------------------------------------
Wed Dec 13 15:27:03 UTC 2023 - Michael Vetter <mvetter@suse.com>

- Update to 4.4.1:
  * Update dependencies
  * Make minor changes to appease revive (linter)

-------------------------------------------------------------------
Mon Jan 16 10:58:53 UTC 2023 - Michael Vetter <mvetter@suse.com>

- Remove dependency on pandoc:
  Upsteam ships a man page. Lets assume they update it upon each
  release and take it without generating ourselves

-------------------------------------------------------------------
Fri Jan 13 08:37:40 UTC 2023 - Michael Vetter <mvetter@suse.com>

- Only build manpage using pandoc when on x86_64.
  Pandoc seems to not be available on all archs.

-------------------------------------------------------------------
Tue Jan 10 07:39:38 UTC 2023 - Michael Vetter <mvetter@suse.com>

- Initial package of cheat 4.4.0 for openSUSE
openSUSE Build Service is sponsored by
Places