commit heroic-games-launcher for openSUSE:Factory

Thu, 05 Mar 2026 08:23:54 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package heroic-games-launcher for 
openSUSE:Factory checked in at 2026-03-05 17:15:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/heroic-games-launcher (Old)
 and      /work/SRC/openSUSE:Factory/.heroic-games-launcher.new.561 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "heroic-games-launcher"

Thu Mar  5 17:15:21 2026 rev:7 rq:1336617 version:2.20.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/heroic-games-launcher/heroic-games-launcher.changes  
    2026-03-01 22:15:30.423645670 +0100
+++ 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.561/heroic-games-launcher.changes
     2026-03-05 17:23:28.919403963 +0100
@@ -1,0 +2,10 @@
+Wed Mar  4 22:40:58 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Security: Fix CVE-2026-3449 in @tootallnate/once
+  * Ensure version 3.0.1 is used to prevent promise hang
+    when AbortSignal aborts.
+  * Refactor: Consolidate previous CVE-related pnpm overrides
+    into a single block to simplify maintenance and reduce
+    get-source.sh file complexity.  
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.JRzPIi/_old  2026-03-05 17:23:38.547804374 +0100
+++ /var/tmp/diff_new_pack.JRzPIi/_new  2026-03-05 17:23:38.555804706 +0100
@@ -1,5 +1,5 @@
-mtime: 1772235734
-commit: 2242f2620ffa75186871402bb77525b1000d0af79e1865430118457b89cea2f8
+mtime: 1772664371
+commit: 0d5b1fa23689ff82ccfe581b9108ccaabfc2558bf3773f7aea882c2d9984e592
 url: https://src.opensuse.org/MaxxedSUSE/heroic-games-launcher
 revision: master
 

++++++ _service ++++++
--- /var/tmp/diff_new_pack.JRzPIi/_old  2026-03-05 17:23:38.587806037 +0100
+++ /var/tmp/diff_new_pack.JRzPIi/_new  2026-03-05 17:23:38.591806203 +0100
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">enable</param>
     <param name="filename">heroic-games-launcher</param>
-    <param name="revision">v2.20.0</param>
+    <param name="revision">v2.20.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v([\.\d]+)</param>
     <param name="versionrewrite-replacement">\1</param>

++++++ get-sources.sh ++++++
--- /var/tmp/diff_new_pack.JRzPIi/_old  2026-03-05 17:23:38.615807202 +0100
+++ /var/tmp/diff_new_pack.JRzPIi/_new  2026-03-05 17:23:38.619807368 +0100
@@ -81,42 +81,25 @@
   | .dependencies["@rollup/rollup-linux-arm64-gnu"] = $rollup_ver
   | .dependencies["@swc/core-linux-arm64-gnu"] = $swc_ver
 
-  # === CVE-2026-22036: undici fix (runtime enforced) ===
-  | .dependencies = (.dependencies // {})
-  | .dependencies.undici = $undici_v7
-  | .devDependencies |= del(.undici)
-
+  # === Previous CVE fixes ===
   | .pnpm.overrides = (
-      (.pnpm.overrides // {})
-      + {
-          "undici": $undici_v7,
-          "undici-types": "6.21.0"
-        }
-    )
-
-  # === CVE-2026-22029: react-router / remix-run/router fix ===
-  | .pnpm.overrides = (
-      (.pnpm.overrides // {})
-      + {
-          "@remix-run/router": "^1.23.2",
-          "react-router": "^7.12.0",
-          "react-router-dom": "^7.12.0"
-        }
-    )
-
-  # === CVE-2026-26278: fast-xml-parser DoS fix ===
-  | .pnpm.overrides = (
-      (.pnpm.overrides // {})
-      + {
-          "fast-xml-parser": "5.3.6"
-        }
-    )
+    (.pnpm.overrides // {})
+    + {
+        "undici": $undici_v7,
+        "undici-types": "6.21.0",
+        "@remix-run/router": "^1.23.2",
+        "react-router": "^7.12.0",
+        "react-router-dom": "^7.12.0",
+        "fast-xml-parser": "5.3.6",
+        "rollup": "4.59.0"
+      }
+  )
 
-  # === CVE-2026-27606: rollup fix ===
+  # === CVE-2026-3449: @tootallnate/once fix ===
   | .pnpm.overrides = (
       (.pnpm.overrides // {})
       + {
-          "rollup": "4.59.0"
+          "@tootallnate/once": "3.0.1"
         }
     )
 ' package.json > temp.json && mv temp.json package.json

++++++ heroic-games-launcher-2.20.1.obscpio ++++++
/work/SRC/openSUSE:Factory/heroic-games-launcher/heroic-games-launcher-2.20.1.obscpio
 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.561/heroic-games-launcher-2.20.1.obscpio
 differ: char 38707, line 886

++++++ pnpm-offline-store.tar.gz ++++++
/work/SRC/openSUSE:Factory/heroic-games-launcher/pnpm-offline-store.tar.gz 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.561/pnpm-offline-store.tar.gz
 differ: char 15, line 1

Reply via email to