Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-jupyter-ydoc for
openSUSE:Factory checked in at 2026-03-25 21:20:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-jupyter-ydoc (Old)
and /work/SRC/openSUSE:Factory/.python-jupyter-ydoc.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-jupyter-ydoc"
Wed Mar 25 21:20:43 2026 rev:16 rq:1342430 version:3.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-jupyter-ydoc/python-jupyter-ydoc.changes
2026-03-23 17:13:08.489110687 +0100
+++
/work/SRC/openSUSE:Factory/.python-jupyter-ydoc.new.8177/python-jupyter-ydoc.changes
2026-03-27 06:48:11.002700402 +0100
@@ -1,0 +2,6 @@
+Wed Mar 25 09:23:15 UTC 2026 - Nico Krapp <[email protected]>
+
+- Add update-brace-expansion.patch and refresh node modules to update
vulnerable
+ dependency (CVE-2026-25547, bsc#1257850)
+
+-------------------------------------------------------------------
New:
----
update-brace-expansion.patch
----------(New B)----------
New:
- Add update-brace-expansion.patch and refresh node modules to update vulnerable
dependency (CVE-2026-25547, bsc#1257850)
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-jupyter-ydoc.spec ++++++
--- /var/tmp/diff_new_pack.JAaSmV/_old 2026-03-27 06:48:11.810733676 +0100
+++ /var/tmp/diff_new_pack.JAaSmV/_new 2026-03-27 06:48:11.814733842 +0100
@@ -29,6 +29,8 @@
Source2: node_modules.tar.xz
# Execute this on every package update. See comments in the script.
Source3: create_node_modules.sh
+# PATCH-FIX-UPSTREAM update-brace-expansion.patch bsc#1257850
+Patch0: update-brace-expansion.patch
BuildRequires: %{python_module base >= 3.10}
BuildRequires: %{python_module hatch_nodejs_version}
BuildRequires: %{python_module hatchling >= 1.10}
@@ -60,7 +62,7 @@
- `YNotebook`: a Jupyter notebook document.
%prep
-%setup -q -n jupyter_ydoc-%{version} -b1 -a2
+%autosetup -p1 -n jupyter_ydoc-%{version} -b1 -a2
%build
%pyproject_wheel
++++++ node_modules.tar.xz ++++++
/work/SRC/openSUSE:Factory/python-jupyter-ydoc/node_modules.tar.xz
/work/SRC/openSUSE:Factory/.python-jupyter-ydoc.new.8177/node_modules.tar.xz
differ: char 15, line 1
++++++ update-brace-expansion.patch ++++++
Index: jupyter_ydoc-3.4.0/yarn.lock
===================================================================
--- jupyter_ydoc-3.4.0.orig/yarn.lock
+++ jupyter_ydoc-3.4.0/yarn.lock
@@ -1909,6 +1909,13 @@ __metadata:
languageName: node
linkType: hard
+"balanced-match@npm:^4.0.2":
+ version: 4.0.4
+ resolution: "balanced-match@npm:4.0.4"
+ checksum:
fb07bb66a0959c2843fc055838047e2a95ccebb837c519614afb067ebfdf2fa967ca8d712c35ced07f2cd26fc6f07964230b094891315ad74f11eba3d53178a0
+ languageName: node
+ linkType: hard
+
"base64-js@npm:^1.3.1":
version: 1.5.1
resolution: "base64-js@npm:1.5.1"
@@ -1916,22 +1923,12 @@ __metadata:
languageName: node
linkType: hard
-"brace-expansion@npm:^1.1.7":
- version: 1.1.11
- resolution: "brace-expansion@npm:1.1.11"
- dependencies:
- balanced-match: ^1.0.0
- concat-map: 0.0.1
- checksum:
faf34a7bb0c3fcf4b59c7808bc5d2a96a40988addf2e7e09dfbb67a2251800e0d14cd2bfc1aa79174f2f5095c54ff27f46fb1289fe2d77dac755b5eb3434cc07
- languageName: node
- linkType: hard
-
-"brace-expansion@npm:^2.0.1":
- version: 2.0.1
- resolution: "brace-expansion@npm:2.0.1"
+"brace-expansion@npm:5.0.2":
+ version: 5.0.2
+ resolution: "brace-expansion@npm:5.0.2"
dependencies:
- balanced-match: ^1.0.0
- checksum:
a61e7cd2e8a8505e9f0036b3b6108ba5e926b4b55089eeb5550cd04a471fe216c96d4fe7e4c7f995c728c554ae20ddfc4244cad10aef255e72b62930afd233d1
+ balanced-match: ^4.0.2
+ checksum:
df4dcccb04ad168655716e9c2dc7ddc61afb8c0bc368dbfbffcf3d3cae2e4ceb9797484e9dd90d7b5a360066330fc6313afec2eac207110612637dabc5e34ca5
languageName: node
linkType: hard
