Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-bqplot for openSUSE:Factory checked in at 2026-03-25 21:22:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bqplot (Old) and /work/SRC/openSUSE:Factory/.python-bqplot.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bqplot" Wed Mar 25 21:22:18 2026 rev:20 rq:1342519 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/python-bqplot/python-bqplot.changes 2025-09-01 17:19:29.194233752 +0200 +++ /work/SRC/openSUSE:Factory/.python-bqplot.new.8177/python-bqplot.changes 2026-03-27 06:47:37.949336083 +0100 @@ -1,0 +2,9 @@ +Wed Mar 25 14:04:24 UTC 2026 - Nico Krapp <[email protected]> + +- Update vendored js packages: + * "underscore" to 1.13.8 (CVE-2026-27601, bsc#1259163) + * "brace-expansion" to 5.0.1 (CVE-2026-25547, bsc#1257851) +- add update-js-deps.patch to force new versions of js dependencies +- don't build for Python 3.14, still not compatible + +------------------------------------------------------------------- New: ---- update-js-deps.patch ----------(New B)---------- New: * "brace-expansion" to 5.0.1 (CVE-2026-25547, bsc#1257851) - add update-js-deps.patch to force new versions of js dependencies - don't build for Python 3.14, still not compatible ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bqplot.spec ++++++ --- /var/tmp/diff_new_pack.jumxXB/_old 2026-03-27 06:47:38.633364317 +0100 +++ /var/tmp/diff_new_pack.jumxXB/_new 2026-03-27 06:47:38.637364483 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bqplot # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,6 +19,7 @@ # https://github.com/bqplot/bqplot/issues/1639 %define skip_python312 1 %define skip_python313 1 +%define skip_python314 1 %define pyver 0.12.45 %define jupver 0.5.46 Name: python-bqplot @@ -33,6 +34,8 @@ Source2: create_node_modules.sh # PATCH-FIX-OPENSUSE bqplot-js.patch boo#1248431 CVE-2025-9287 CVE-2025-9288 Patch0: bqplot-js.patch +# PATCH-FIX-OPENSUSE update-js-deps.patch (CVE-2026-27601, bsc#1259163), (CVE-2026-25547, bsc#1257851) +Patch1: update-js-deps.patch BuildRequires: %{python_module jupyter-packaging} BuildRequires: %{python_module jupyterlab} BuildRequires: %{python_module pip} ++++++ node_modules.tar.xz ++++++ /work/SRC/openSUSE:Factory/python-bqplot/node_modules.tar.xz /work/SRC/openSUSE:Factory/.python-bqplot.new.8177/node_modules.tar.xz differ: char 15, line 1 ++++++ update-js-deps.patch ++++++ Index: bqplot-0.12.45/js/package.json =================================================================== --- bqplot-0.12.45.orig/js/package.json +++ bqplot-0.12.45/js/package.json @@ -85,7 +85,7 @@ "popper.js": "^1.0.0", "three": "^0.91.0", "topojson": "^1.6.24", - "underscore": "^1.8.3" + "underscore": "^1.13.8" }, "jupyterlab": { "extension": "lib/jupyterlab-plugin", @@ -107,5 +107,10 @@ "resolutions": { "cipher-base": "1.0.6", "sha.js": "2.4.12" + }, + "overrides": { + "tmp": "^0.2.5", + "underscore": "^1.13.8", + "brace-expansion": "^5.0.1" } }
