Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package forgejo-longterm for
openSUSE:Factory checked in at 2025-12-08 11:55:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/forgejo-longterm (Old)
and /work/SRC/openSUSE:Factory/.forgejo-longterm.new.1939 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo-longterm"
Mon Dec 8 11:55:30 2025 rev:6 rq:1321399 version:11.0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-longterm.changes
2025-10-28 14:47:45.973966400 +0100
+++
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.1939/forgejo-longterm.changes
2025-12-08 11:56:18.795417252 +0100
@@ -1,0 +2,15 @@
+Sat Dec 6 21:38:42 UTC 2025 - Richard Rahl <[email protected]>
+
+- Update to version 11.0.8:
+ * fix(api): fix dependency repo perms in Create/RemoveIssueDependency
+ * fix(api): draft releases could be read before being published
+ * misconfigured security checks on tag delete web form
+ * incorrect logic in "Update PR" did not enforce head branch protection
rules correctly
+ * issue owner can delete another user's comment's edit history on same issue
+ * tag protection rules can be bypassed during tag delete operation
+ * fix: frontend-checks failure
+ * feat: Replace mholt/archiver/v3 with mholt/archives
+- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch,
+ fixed upstream
+
+-------------------------------------------------------------------
Old:
----
fix-CVE-2025-47911.patch
fix-CVE-2025-58190.patch
forgejo-src-11.0.7.tar.gz
forgejo-src-11.0.7.tar.gz.asc
New:
----
forgejo-src-11.0.8.tar.gz
forgejo-src-11.0.8.tar.gz.asc
----------(Old B)----------
Old: * feat: Replace mholt/archiver/v3 with mholt/archives
- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch,
fixed upstream
Old: * feat: Replace mholt/archiver/v3 with mholt/archives
- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch,
fixed upstream
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ forgejo-longterm.spec ++++++
--- /var/tmp/diff_new_pack.RwTzHs/_old 2025-12-08 11:56:25.647704327 +0100
+++ /var/tmp/diff_new_pack.RwTzHs/_new 2025-12-08 11:56:25.651704494 +0100
@@ -25,7 +25,7 @@
%bcond_without apparmor
%endif
Name: forgejo-longterm
-Version: 11.0.7
+Version: 11.0.8
Release: 0
Summary: Self-hostable forge
License: GPL-3.0-or-later
@@ -48,8 +48,6 @@
Source13: forgejo-hooks-abstraction.apparmor
Source99: README.SUSE
Patch0: custom-app.ini.patch
-Patch1: fix-CVE-2025-58190.patch
-Patch2: fix-CVE-2025-47911.patch
BuildRequires: golang(API) >= 1.25
## node >= 20
%if 0%{?suse_version} == 1500
++++++ forgejo-src-11.0.7.tar.gz -> forgejo-src-11.0.8.tar.gz ++++++
/work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-src-11.0.7.tar.gz
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.1939/forgejo-src-11.0.8.tar.gz
differ: char 12, line 1
++++++ node_modules.obscpio ++++++
/work/SRC/openSUSE:Factory/forgejo-longterm/node_modules.obscpio
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.1939/node_modules.obscpio
differ: char 111234718, line 380170
++++++ node_modules.spec.inc ++++++
--- /var/tmp/diff_new_pack.RwTzHs/_old 2025-12-08 11:56:26.087722761 +0100
+++ /var/tmp/diff_new_pack.RwTzHs/_new 2025-12-08 11:56:26.103723431 +0100
@@ -119,7 +119,7 @@
Source10118:
https://registry.npmjs.org/@oxc-resolver/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-5.0.1.tgz#/@oxc-resolver-binding-win32-arm64-msvc-5.0.1.tgz
Source10119:
https://registry.npmjs.org/@oxc-resolver/binding-win32-x64-msvc/-/binding-win32-x64-msvc-5.0.1.tgz#/@oxc-resolver-binding-win32-x64-msvc-5.0.1.tgz
Source10120:
https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#/@pkgjs-parseargs-0.11.0.tgz
-Source10121:
https://registry.npmjs.org/@playwright/test/-/test-1.51.0.tgz#/@playwright-test-1.51.0.tgz
+Source10121:
https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz#/@playwright-test-1.56.1.tgz
Source10122:
https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz#/@popperjs-core-2.11.8.tgz
Source10123:
https://registry.npmjs.org/@primer/octicons/-/octicons-19.14.0.tgz#/@primer-octicons-19.14.0.tgz
Source10124:
https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-22.0.2.tgz#/@rollup-plugin-commonjs-22.0.2.tgz
@@ -855,8 +855,8 @@
Source10854:
https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz#/pkg-dir-4.2.0.tgz
Source10855:
https://registry.npmjs.org/pkg-types/-/pkg-types-1.3.1.tgz#/pkg-types-1.3.1.tgz
Source10856:
https://registry.npmjs.org/pkg-types/-/pkg-types-2.1.0.tgz#/pkg-types-2.1.0.tgz
-Source10857:
https://registry.npmjs.org/playwright/-/playwright-1.51.0.tgz#/playwright-1.51.0.tgz
-Source10858:
https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.0.tgz#/playwright-core-1.51.0.tgz
+Source10857:
https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz#/playwright-1.56.1.tgz
+Source10858:
https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz#/playwright-core-1.56.1.tgz
Source10859:
https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz#/pluralize-8.0.0.tgz
Source10860:
https://registry.npmjs.org/points-on-curve/-/points-on-curve-0.2.0.tgz#/points-on-curve-0.2.0.tgz
Source10861:
https://registry.npmjs.org/points-on-path/-/points-on-path-0.2.1.tgz#/points-on-path-0.2.1.tgz
++++++ package-lock.json ++++++
--- /var/tmp/diff_new_pack.RwTzHs/_old 2025-12-08 11:56:26.151725443 +0100
+++ /var/tmp/diff_new_pack.RwTzHs/_new 2025-12-08 11:56:26.159725778 +0100
@@ -63,7 +63,7 @@
"devDependencies": {
"@axe-core/playwright": "4.10.1",
"@eslint-community/eslint-plugin-eslint-comments": "4.4.1",
- "@playwright/test": "1.51.0",
+ "@playwright/test": "1.56.1",
"@stoplight/spectral-cli": "6.14.3",
"@stylistic/eslint-plugin-js": "4.2.0",
"@stylistic/stylelint-plugin": "3.1.2",
@@ -1877,13 +1877,13 @@
}
},
"node_modules/@playwright/test": {
- "version": "1.51.0",
- "resolved":
"https://registry.npmjs.org/@playwright/test/-/test-1.51.0.tgz";,
- "integrity":
"sha512-dJ0dMbZeHhI+wb77+ljx/FeC8VBP6j/rj9OAojO08JI80wTZy6vRk9KvHKiDCUh4iMpEiseMgqRBIeW+eKX6RA==",
+ "version": "1.56.1",
+ "resolved":
"https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz";,
+ "integrity":
"sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==",
"dev": true,
"license": "Apache-2.0",
"dependencies": {
- "playwright": "1.51.0"
+ "playwright": "1.56.1"
},
"bin": {
"playwright": "cli.js"
@@ -11273,13 +11273,13 @@
}
},
"node_modules/playwright": {
- "version": "1.51.0",
- "resolved":
"https://registry.npmjs.org/playwright/-/playwright-1.51.0.tgz";,
- "integrity":
"sha512-442pTfGM0xxfCYxuBa/Pu6B2OqxqqaYq39JS8QDMGThUvIOCd6s0ANDog3uwA0cHavVlnTQzGCN7Id2YekDSXA==",
+ "version": "1.56.1",
+ "resolved":
"https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz";,
+ "integrity":
"sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==",
"dev": true,
"license": "Apache-2.0",
"dependencies": {
- "playwright-core": "1.51.0"
+ "playwright-core": "1.56.1"
},
"bin": {
"playwright": "cli.js"
@@ -11292,9 +11292,9 @@
}
},
"node_modules/playwright-core": {
- "version": "1.51.0",
- "resolved":
"https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.0.tgz";,
- "integrity":
"sha512-x47yPE3Zwhlil7wlNU/iktF7t2r/URR3VLbH6EknJd/04Qc/PSJ0EY3CMXipmglLG+zyRxW6HNo2EGbKLHPWMg==",
+ "version": "1.56.1",
+ "resolved":
"https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz";,
+ "integrity":
"sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==",
"dev": true,
"license": "Apache-2.0",
"bin": {
