commit heroic-games-launcher for openSUSE:Factory

Source-Sync Mon, 19 Jan 2026 09:41:03 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package heroic-games-launcher for 
openSUSE:Factory checked in at 2026-01-19 18:36:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/heroic-games-launcher (Old)
 and      /work/SRC/openSUSE:Factory/.heroic-games-launcher.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "heroic-games-launcher"

Mon Jan 19 18:36:25 2026 rev:2 rq:1328107 version:2.18.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/heroic-games-launcher/heroic-games-launcher.changes  
    2025-11-28 16:53:33.619872579 +0100
+++ 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.1928/heroic-games-launcher.changes
    2026-01-19 18:40:41.204467615 +0100
@@ -1,0 +2,14 @@
+Mon Jan 19 11:45:31 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Fix CVE-2026-22029 and CVE-2026-22036 affecting undici
+  versions 6.21.2 and 7.8.0, @remix-run/router below 1.23.2,
+  and react-router below 7.0.0.
+- Bump undici to 7.18.0, @remix-run/router to 1.23.2,
+  and react-router to 7.12.0. 
+
+-------------------------------------------------------------------
+Sun Jan 18 16:00:42 UTC 2026 - Jonatas Gonçalves <[email protected]>
+
+- Fix CVE-2026-22029 and CVE-2026-22036 that affect undici versions 
(6.21.2,7.8.0) and @remix-run/router below 1.23.2 and react-router below 7.0.0. 
Undici bumped to 6.21.0, @remix-run/router bumped to 1.23.2 and react-router 
bumped to 7.12.0.
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.DhSKq4/_old  2026-01-19 18:40:51.368888179 +0100
+++ /var/tmp/diff_new_pack.DhSKq4/_new  2026-01-19 18:40:51.404889669 +0100
@@ -1,5 +1,5 @@
-mtime: 1764303530
-commit: 939fe9c4c6aa7e93801e538aa5291fcf4f7ccd031e9333927729e87a76bfe1ec
+mtime: 1768823260
+commit: bdc784a5dfd7b0f4b58325f1ba0ed1aa84e6cc2a52b18fc74b3f7a7d63f267a5
 url: https://src.opensuse.org/MaxxedSUSE/heroic-games-launcher
 revision: master
 

++++++ get-sources.sh ++++++
--- /var/tmp/diff_new_pack.DhSKq4/_old  2026-01-19 18:40:51.624898772 +0100
+++ /var/tmp/diff_new_pack.DhSKq4/_new  2026-01-19 18:40:51.656900097 +0100
@@ -26,19 +26,34 @@
 cd "$REPO_DIR"
 
 # Forcing the download of required npm dependencies
-jq '
-  .dependencies += (.devDependencies | with_entries(select(.key != "electron" 
and .key != "electron-builder")))
+ESBUILD_VERSION="0.25.3"
+ROLLUP_VERSION="4.52.5"
+SWC_VERSION="1.11.24"
+UNDICI_V7_FIXED="7.18.0"
+
+jq --indent 2 \
+  --arg esbuild_ver "$ESBUILD_VERSION" \
+  --arg rollup_ver "$ROLLUP_VERSION" \
+  --arg swc_ver "$SWC_VERSION" \
+  --arg undici_v7 "$UNDICI_V7_FIXED" \
+'
+  .
+  | .dependencies += (
+      .devDependencies
+      | with_entries(select(.key != "electron" and .key != "electron-builder"))
+    )
+
   | .devDependencies = {
       "electron": .devDependencies["electron"],
       "electron-builder": .devDependencies["electron-builder"]
     }
-' package.json > temp.json && mv temp.json package.json
 
-jq --indent 2 '.packageManager = "pnpm@>=10.17.1"' package.json > temp.json && 
mv temp.json package.json
+  | .packageManager = "pnpm@>=10.17.1"
+
+  | .scripts.build = "electron-vite build"
+  | .scripts["dist:linux"] =
+      "pnpm run build && electron-builder --linux --dir 
-c.electronDist=/usr/lib64/electron/ -c.electronVersion=$(cat 
/usr/lib64/electron/version)"
 
-jq --indent 2 '
-  .scripts.build = "electron-vite build"
-  | .scripts."dist:linux" = "pnpm run build && electron-builder --linux --dir 
-c.electronDist=/usr/lib64/electron/ -c.electronVersion=$(cat 
/usr/lib64/electron/version)"
   | .build.executableName = "heroic"
   | .build.files = [
       "build/**/*",
@@ -47,30 +62,47 @@
       "!**/*.map",
       "!node_modules/@esbuild/**/*"
     ]
-  | .devDependencies |= with_entries(select(.key != "electron" and .key != 
"react-devtools"))
-  | .peerDependencies["electron"] = "^25.9.3"
-' package.json > tmp && mv tmp package.json
-
-echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
-echo "Forcing cross-architecture native binary download (ARM64)"
-echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
 
-ESBUILD_VERSION="0.25.3"
-ROLLUP_VERSION="4.52.5"
-SWC_VERSION="1.11.24"
-
-jq --arg esbuild_ver "$ESBUILD_VERSION" \
-   --arg rollup_ver "$ROLLUP_VERSION" \
-   --arg swc_ver "$SWC_VERSION" \
-'
-  .devDependencies |= del(."@esbuild/linux-arm64")
-  | .dependencies |= del(."@rollup/rollup-linux-arm64-gnu")
-  | .dependencies |= del(."@swc/core-linux-arm64-gnu") # Limpeza preventiva
+  | .devDependencies |= with_entries(
+      select(.key != "electron" and .key != "react-devtools")
+    )
+
+  | .peerDependencies.electron = "^25.9.3"
+
+  # ARM64 native binaries
+  | .devDependencies |= del(."@esbuild/linux-arm64")
+  | .dependencies |= del(
+      ."@rollup/rollup-linux-arm64-gnu",
+      ."@swc/core-linux-arm64-gnu"
+    )
 
   | .devDependencies["@esbuild/linux-arm64"] = $esbuild_ver
   | .dependencies["@rollup/rollup-linux-arm64-gnu"] = $rollup_ver
   | .dependencies["@swc/core-linux-arm64-gnu"] = $swc_ver
-' package.json > temp2.json && mv temp2.json package.json
+
+  # === CVE-2026-22036: undici fix (runtime enforced) ===
+  | .dependencies = (.dependencies // {})
+  | .dependencies.undici = $undici_v7
+  | .devDependencies |= del(.undici)
+
+  | .pnpm.overrides = (
+      (.pnpm.overrides // {})
+      + {
+          "undici": $undici_v7,
+          "undici-types": "6.21.0"
+        }
+    )
+
+  # === CVE-2026-22029: react-router / remix-run/router fix ===
+  | .pnpm.overrides = (
+      (.pnpm.overrides // {})
+      + {
+          "@remix-run/router": "^1.23.2",
+          "react-router": "^7.12.0",
+          "react-router-dom": "^7.12.0"
+        }
+    )
+' package.json > package.json.new && mv package.json.new package.json
 
 echo "++++++++++++++++++++++++++++++++++++++++++++++"
 echo "Cleanup Step"

++++++ heroic-games-launcher-2.18.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/heroic-games-launcher/heroic-games-launcher-2.18.1.tar.xz
 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.1928/heroic-games-launcher-2.18.1.tar.xz
 differ: char 15, line 1

++++++ pnpm-offline-store.tar.xz ++++++
/work/SRC/openSUSE:Factory/heroic-games-launcher/pnpm-offline-store.tar.xz 
/work/SRC/openSUSE:Factory/.heroic-games-launcher.new.1928/pnpm-offline-store.tar.xz
 differ: char 15, line 1

commit heroic-games-launcher for openSUSE:Factory

Reply via email to