Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package golang-github-prometheus-prometheus
for openSUSE:Factory checked in at 2026-01-30 18:20:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus (Old)
and
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.1995 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "golang-github-prometheus-prometheus"
Fri Jan 30 18:20:12 2026 rev:67 rq:1329754 version:3.9.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/golang-github-prometheus-prometheus.changes
2026-01-15 16:44:22.979609609 +0100
+++
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.1995/golang-github-prometheus-prometheus.changes
2026-01-30 18:21:24.935336159 +0100
@@ -1,0 +2,7 @@
+Wed Jan 28 09:41:25 UTC 2026 - Witek Bedyk <[email protected]>
+
+- CVE-2025-13465: Bump lodash package to version 4.17.23 to fix
+ prototype pollution vulnerability (bsc#1257329)
+- Drop redundant recompress service definition
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _service ++++++
--- /var/tmp/diff_new_pack.zSgMhg/_old 2026-01-30 18:21:35.799791403 +0100
+++ /var/tmp/diff_new_pack.zSgMhg/_new 2026-01-30 18:21:35.803791571 +0100
@@ -8,10 +8,6 @@
<param name="versionrewrite-pattern">v(.*)</param>
<param name="match-tag">v3*</param>
</service>
- <service name="recompress" mode="manual">
- <param name="file">*.tar</param>
- <param name="compression">gz</param>
- </service>
<service name="go_modules" mode="manual">
<param name="archive">prometheus-*.obscpio</param>
</service>
++++++ node_modules.obscpio ++++++
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/node_modules.obscpio
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.1995/node_modules.obscpio
differ: char 191930579, line 670174
++++++ node_modules.spec.inc ++++++
--- /var/tmp/diff_new_pack.zSgMhg/_old 2026-01-30 18:21:36.203808358 +0100
+++ /var/tmp/diff_new_pack.zSgMhg/_new 2026-01-30 18:21:36.207808526 +0100
@@ -496,7 +496,7 @@
Source10495:
https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz#/lines-and-columns-1.2.4.tgz
Source10496:
https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz#/locate-path-5.0.0.tgz
Source10497:
https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz#/locate-path-6.0.0.tgz
-Source10498:
https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz#/lodash-4.17.21.tgz
+Source10498:
https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz#/lodash-4.17.23.tgz
Source10499:
https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz#/lodash.memoize-4.1.2.tgz
Source10500:
https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz#/lodash.merge-4.6.2.tgz
Source10501:
https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz#/loose-envify-1.4.0.tgz
++++++ package-lock.json ++++++
--- /var/tmp/diff_new_pack.zSgMhg/_old 2026-01-30 18:21:36.251810373 +0100
+++ /var/tmp/diff_new_pack.zSgMhg/_new 2026-01-30 18:21:36.255810540 +0100
@@ -54,7 +54,7 @@
"clsx": "^2.1.1",
"dayjs": "^1.11.19",
"highlight.js": "^11.11.1",
- "lodash": "^4.17.21",
+ "lodash": "^4.17.23",
"react": "^19.2.0",
"react-dom": "^19.2.0",
"react-infinite-scroll-component": "^6.1.0",
@@ -8624,9 +8624,9 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz";,
- "integrity":
"sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz";,
+ "integrity":
"sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
"license": "MIT"
},
"node_modules/lodash.memoize": {
