Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-pytest-html for 
openSUSE:Factory checked in at 2026-06-29 17:32:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pytest-html (Old)
 and      /work/SRC/openSUSE:Factory/.python-pytest-html.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-pytest-html"

Mon Jun 29 17:32:03 2026 rev:24 rq:1362365 version:4.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pytest-html/python-pytest-html.changes    
2026-05-26 16:41:04.861501744 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-pytest-html.new.11887/python-pytest-html.changes
 2026-06-29 17:33:49.629164918 +0200
@@ -1,0 +2,10 @@
+Mon Jun 29 08:57:20 UTC 2026 - Daniel Garcia <[email protected]>
+
+- Revendor updating shell-quote and js-yaml deps:
+  - Add patch update-js-deps.patch
+  - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a
+    denial of service (bsc#1269361)
+  - CVE-2026-53550: js-yaml: quadratic complexity when processing a
+    crafted YAML document can lead to CPU exhaustion (bsc#1268818)
+
+-------------------------------------------------------------------

New:
----
  update-js-deps.patch

----------(New B)----------
  New:- Revendor updating shell-quote and js-yaml deps:
  - Add patch update-js-deps.patch
  - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-pytest-html.spec ++++++
--- /var/tmp/diff_new_pack.0x5lf4/_old  2026-06-29 17:33:50.373190544 +0200
+++ /var/tmp/diff_new_pack.0x5lf4/_new  2026-06-29 17:33:50.377190681 +0200
@@ -27,6 +27,8 @@
 # npm install --package-lock-only --legacy-peer-deps --ignore-scripts
 Source10:       package-lock.json
 Source11:       node_modules.spec.inc
+# PATCH-FIX-OPENSUSE update-js-deps.patch
+Patch0:         update-js-deps.patch
 %include        %{_sourcedir}/node_modules.spec.inc
 BuildRequires:  %{python_module hatch-vcs}
 BuildRequires:  %{python_module hatchling}

++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.0x5lf4/_old  2026-06-29 17:33:50.421192197 +0200
+++ /var/tmp/diff_new_pack.0x5lf4/_new  2026-06-29 17:33:50.425192335 +0200
@@ -1,6 +1,6 @@
-mtime: 1779792251
-commit: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460
+mtime: 1782724122
+commit: 890596a6825e79617cb927fa8eb92f38bc8cd7f99da80dcb6751da8df780b8b0
 url: https://src.opensuse.org/python-pytest/python-pytest-html
-revision: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460
+revision: 890596a6825e79617cb927fa8eb92f38bc8cd7f99da80dcb6751da8df780b8b0
 projectscmsync: https://src.opensuse.org/python-pytest/_ObsPrj.git
 

++++++ build.specials.obscpio ++++++

++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore      1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore      2026-06-29 11:08:42.000000000 +0200
@@ -0,0 +1 @@
+.osc

++++++ node_modules.obscpio ++++++
Binary files old/argparse-1.0.10.tgz and new/argparse-1.0.10.tgz differ
Binary files old/esprima-4.0.1.tgz and new/esprima-4.0.1.tgz differ
Binary files old/js-yaml-3.14.2.tgz and new/js-yaml-3.14.2.tgz differ
Binary files old/js-yaml-4.1.1.tgz and new/js-yaml-4.1.1.tgz differ
Binary files old/js-yaml-4.3.0.tgz and new/js-yaml-4.3.0.tgz differ
Binary files old/shell-quote-1.8.4.tgz and new/shell-quote-1.8.4.tgz differ
Binary files old/shell-quote-1.9.0.tgz and new/shell-quote-1.9.0.tgz differ
Binary files old/sprintf-js-1.0.3.tgz and new/sprintf-js-1.0.3.tgz differ

++++++ node_modules.spec.inc ++++++
++++ 759 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/python-pytest-html/node_modules.spec.inc
++++ and 
/work/SRC/openSUSE:Factory/.python-pytest-html.new.11887/node_modules.spec.inc

++++++ package-lock.json ++++++
--- /var/tmp/diff_new_pack.0x5lf4/_old  2026-06-29 17:33:51.561231260 +0200
+++ /var/tmp/diff_new_pack.0x5lf4/_new  2026-06-29 17:33:51.565231396 +0200
@@ -476,15 +476,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": {
-      "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz";,
-      "integrity": 
"sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
-      "dev": true,
-      "dependencies": {
-        "sprintf-js": "~1.0.2"
-      }
-    },
     "node_modules/@istanbuljs/load-nyc-config/node_modules/camelcase": {
       "version": "5.3.1",
       "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz";,
@@ -507,20 +498,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
-      "version": "3.14.2",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz";,
-      "integrity": 
"sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "argparse": "^1.0.7",
-        "esprima": "^4.0.0"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
-      }
-    },
     "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": {
       "version": "5.0.0",
       "resolved": 
"https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz";,
@@ -2398,19 +2375,6 @@
         "url": "https://github.com/sponsors/sindresorhus";
       }
     },
-    "node_modules/esprima": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz";,
-      "integrity": 
"sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
-      "dev": true,
-      "bin": {
-        "esparse": "bin/esparse.js",
-        "esvalidate": "bin/esvalidate.js"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/esquery": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz";,
@@ -3437,10 +3401,20 @@
       "license": "MIT"
     },
     "node_modules/js-yaml": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz";,
-      "integrity": 
"sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.3.0.tgz";,
+      "integrity": 
"sha512-1td788aAnnZ5qs7V2QIRl1owjtYpbKt749Y3xauqQgwIIGF/xXWz1wMTEBx5O3LK3lXLVuqXPdPxj2BoFHaW9Q==",
       "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/puzrin";
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/nodeca";
+        }
+      ],
       "license": "MIT",
       "dependencies": {
         "argparse": "^2.0.1"
@@ -4989,9 +4963,9 @@
       }
     },
     "node_modules/shell-quote": {
-      "version": "1.8.4",
-      "resolved": 
"https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz";,
-      "integrity": 
"sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==",
+      "version": "1.9.0",
+      "resolved": 
"https://registry.npmjs.org/shell-quote/-/shell-quote-1.9.0.tgz";,
+      "integrity": 
"sha512-Iov+JwFv/2HcTpcwNMKd8+IWNb8tboQJNQTkAY/LLVK7gGH9jy+LGkVqPxfekHl+yMmiqXszdGWXgkfml7hjqA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5090,12 +5064,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/sprintf-js": {
-      "version": "1.0.3",
-      "resolved": 
"https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz";,
-      "integrity": 
"sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==",
-      "dev": true
-    },
     "node_modules/stream-browserify": {
       "version": "3.0.0",
       "resolved": 
"https://registry.npmjs.org/stream-browserify/-/stream-browserify-3.0.0.tgz";,

++++++ update-js-deps.patch ++++++
Index: pytest_html-4.2.0/package.json
===================================================================
--- pytest_html-4.2.0.orig/package.json
+++ pytest_html-4.2.0/package.json
@@ -7,6 +7,10 @@
     "unit": "nyc mocha testing/**/unittest.js --require mock-local-storage",
     "all": "npm run lint && npm run unit && npm run build:css && npm run 
build:jsapp"
   },
+  "overrides": {
+    "shell-quote": "^1.8.5",
+    "js-yaml": "^4.2.0"
+  },
   "devDependencies": {
     "browserify": "^17.0.1",
     "chai": "^6.2.2",

Reply via email to