Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pytest-html for openSUSE:Factory checked in at 2026-05-26 16:35:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pytest-html (Old) and /work/SRC/openSUSE:Factory/.python-pytest-html.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pytest-html" Tue May 26 16:35:38 2026 rev:23 rq:1355177 version:4.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pytest-html/python-pytest-html.changes 2026-03-27 16:53:17.488952484 +0100 +++ /work/SRC/openSUSE:Factory/.python-pytest-html.new.2084/python-pytest-html.changes 2026-05-26 16:41:04.861501744 +0200 @@ -1,0 +2,6 @@ +Tue May 26 10:41:37 UTC 2026 - Daniel Garcia <[email protected]> + +- CVE-2026-9277: shell-quote: improper escaping of newlines (bsc#1266254) + Update the vendored shell-quote to 1.8.4 node_modules + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.mkLpgJ/_old 2026-05-26 16:41:05.521529077 +0200 +++ /var/tmp/diff_new_pack.mkLpgJ/_new 2026-05-26 16:41:05.525529243 +0200 @@ -1,6 +1,6 @@ -mtime: 1774588870 -commit: 413e8cc08852c15d6d643c65002b4f40c9171e63b2268dc4c786afcb4279563b -url: https://src.opensuse.org/python-pytest/python-pytest-html.git -revision: 413e8cc08852c15d6d643c65002b4f40c9171e63b2268dc4c786afcb4279563b +mtime: 1779792251 +commit: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460 +url: https://src.opensuse.org/python-pytest/python-pytest-html +revision: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460 projectscmsync: https://src.opensuse.org/python-pytest/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-26 12:44:11.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ node_modules.obscpio ++++++ Binary files old/shell-quote-1.8.0.tgz and new/shell-quote-1.8.0.tgz differ Binary files old/shell-quote-1.8.4.tgz and new/shell-quote-1.8.4.tgz differ ++++++ node_modules.spec.inc ++++++ --- /var/tmp/diff_new_pack.mkLpgJ/_old 2026-05-26 16:41:06.417566184 +0200 +++ /var/tmp/diff_new_pack.mkLpgJ/_new 2026-05-26 16:41:06.433566847 +0200 @@ -371,7 +371,7 @@ Source10370: https://registry.npmjs.org/shasum-object/-/shasum-object-1.0.0.tgz#/shasum-object-1.0.0.tgz Source10371: https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz#/shebang-command-2.0.0.tgz Source10372: https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz#/shebang-regex-3.0.0.tgz -Source10373: https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.0.tgz#/shell-quote-1.8.0.tgz +Source10373: https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz#/shell-quote-1.8.4.tgz Source10374: https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz#/signal-exit-3.0.7.tgz Source10375: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz#/signal-exit-4.1.0.tgz Source10376: https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz#/simple-concat-1.0.1.tgz ++++++ package-lock.json ++++++ --- /var/tmp/diff_new_pack.mkLpgJ/_old 2026-05-26 16:41:06.465568172 +0200 +++ /var/tmp/diff_new_pack.mkLpgJ/_new 2026-05-26 16:41:06.485569000 +0200 @@ -4989,10 +4989,14 @@ } }, "node_modules/shell-quote": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.0.tgz";, - "integrity": "sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==", + "version": "1.8.4", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz";, + "integrity": "sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==", "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, "funding": { "url": "https://github.com/sponsors/ljharb"; }
