Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pdm for openSUSE:Factory checked in at 2026-06-25 10:58:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pdm (Old) and /work/SRC/openSUSE:Factory/.python-pdm.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pdm" Thu Jun 25 10:58:26 2026 rev:22 rq:1361677 version:2.28.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pdm/python-pdm.changes 2026-04-14 17:50:08.656065154 +0200 +++ /work/SRC/openSUSE:Factory/.python-pdm.new.2088/python-pdm.changes 2026-06-25 11:00:32.984276082 +0200 @@ -1,0 +2,54 @@ +Tue Jun 23 09:17:18 UTC 2026 - Steve Kowalik <[email protected]> + +- Update to 2.28.0: + ## Breaking Changes + * Update the minimum required Python version to 3.10. + ## Features & Improvements + * Add experimental workspace support for managing local member projects in + a shared root lock file. + * Defer startup-time imports for Python, virtualenv, and self-management + commands. + * Respect existing values of pyproject.toml when running pdm init or pdm + new. + * Move project plugin installations from .pdm-plugins under the project + root to an isolated cache directory, and add a fixer to migrate existing + plugin directories. (CVE-2026-47781, bsc#1268386) + * Remove legacy importlib compatibility wrappers and use standard-library + importlib.metadata and importlib.resources APIs directly. + * Support exclude-newer in pyproject.toml in the [tool.pdm.resolution] + table + * pdm lock --exclude-newer now accepts relative durations in the format + N{d|h|w}, such as 7d, 12h, and 3w, in addition to absolute UTC dates and + timestamps. + ## Bug Fixes + * Fix pdm completion bash printing __ltrim_colon_completions: command not + found (and a similar error for _get_comp_words_by_ref) when the generated + script is sourced in a bash without the bash-completion package loaded, + such as Git Bash on Windows or minimal Linux containers. The script now + defines small fallbacks for both helpers when they are not already + available. + * Avoid forwarding duplicate SIGINT in pdm run on POSIX. + * Fix a security issue with the installer to disallow installing to paths + outside of the scheme directory. (CVE-2026-47764, bsc#1268385) + * Refuse to write project-local config and state files (pdm.toml, + .pdm-python, .python-version) when the destination is a symlink, + preventing an untrusted repository from clobbering files outside the + project root. (CVE-2026-47763, bsc#1268384) + * Fix a regression issue that PDM_LOCKFILE env var is not respected. + * Allow configuring the default lock --exclude-newer value with + strategy.exclude-newer. + * Preserve pylock package markers when refreshing lockfile hashes. + * Fixed pdm add --frozen-lockfile --no-sync to skip dependency resolution + and update only pyproject.toml without attempting to write the lockfile. + * Fix [tool.pdm.options] being loaded from the current working directory + instead of the target project when -p/--project is used. + * Put make_file_executable into pdm.utils to replace the method of the same + name in installer. To fix a breakage introduced by installer v1. + * Fix pdm init <template> overwriting the template's additions to + build-system.requires when build-system.build-backend matches the user's + selection. + * Fixed PySpecSet merging to handle impossible Python version ranges + like >=3.6,<3.4 without crashing on empty or inverted gaps. +- Drop patch support-installer-1.0.patch, merged upstream. + +------------------------------------------------------------------- Old: ---- pdm-2.26.7.tar.gz support-installer-1.0.patch New: ---- pdm-2.28.0.tar.gz ----------(Old B)---------- Old: like >=3.6,<3.4 without crashing on empty or inverted gaps. - Drop patch support-installer-1.0.patch, merged upstream. ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pdm.spec ++++++ --- /var/tmp/diff_new_pack.5cP1Ev/_old 2026-06-25 11:00:33.672299800 +0200 +++ /var/tmp/diff_new_pack.5cP1Ev/_new 2026-06-25 11:00:33.676299938 +0200 @@ -27,16 +27,13 @@ %endif %{?sle15_python_module_pythons} Name: python-pdm%{psuffix} -Version: 2.26.7 +Version: 2.28.0 Release: 0 Summary: Python Development Master License: MIT URL: https://github.com/pdm-project/pdm/ Source0: https://files.pythonhosted.org/packages/source/p/pdm/pdm-%{version}.tar.gz -# PATCH-FIX-UPSTREAM gh#pdm-project/pdm#3764 -Patch0: support-installer-1.0.patch -BuildRequires: %{python_module base >= 3.9} -BuildRequires: %{python_module importlib-metadata if %python-base <= 3.9} +BuildRequires: %{python_module base >= 3.10} BuildRequires: %{python_module pdm-backend} BuildRequires: %{python_module pip} BuildRequires: fdupes @@ -50,7 +47,7 @@ Requires: python-httpcore >= 1.0.6 Requires: python-httpx >= 0.20 Requires: python-id >= 1.5.0 -Requires: python-installer >= 0.7 +Requires: python-installer >= 1 Requires: python-packaging >= 22.0 Requires: python-pbs-installer >= 2025.10.7 Requires: python-platformdirs @@ -59,18 +56,13 @@ Requires: python-resolvelib >= 1.1 Requires: python-rich >= 12.3.0 Requires: python-shellingham >= 1.3.2 +Requires: python-truststore >= 0.10.4 Requires: python-unearth >= 0.17.5 Requires: python-virtualenv >= 20 Requires: (python-tomlkit >= 0.11.1 with python-tomlkit < 1) -%if 0%{?python_version_nodots} < 310 -Requires: python-importlib-metadata >= 3.6 -%endif %if 0%{?python_version_nodots} < 311 Requires: python-tomli >= 1.1.0 %endif -%if 0%{?python_version_nodots} >= 310 -Requires: python-truststore >= 0.10.4 -%endif Requires(post): update-alternatives Requires(postun): update-alternatives BuildArch: noarch ++++++ pdm-2.26.7.tar.gz -> pdm-2.28.0.tar.gz ++++++ ++++ 5641 lines of diff (skipped)
