Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pytest-html for openSUSE:Factory checked in at 2026-06-29 17:32:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pytest-html (Old) and /work/SRC/openSUSE:Factory/.python-pytest-html.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pytest-html" Mon Jun 29 17:32:03 2026 rev:24 rq:1362365 version:4.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pytest-html/python-pytest-html.changes 2026-05-26 16:41:04.861501744 +0200 +++ /work/SRC/openSUSE:Factory/.python-pytest-html.new.11887/python-pytest-html.changes 2026-06-29 17:33:49.629164918 +0200 @@ -1,0 +2,10 @@ +Mon Jun 29 08:57:20 UTC 2026 - Daniel Garcia <[email protected]> + +- Revendor updating shell-quote and js-yaml deps: + - Add patch update-js-deps.patch + - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a + denial of service (bsc#1269361) + - CVE-2026-53550: js-yaml: quadratic complexity when processing a + crafted YAML document can lead to CPU exhaustion (bsc#1268818) + +------------------------------------------------------------------- New: ---- update-js-deps.patch ----------(New B)---------- New:- Revendor updating shell-quote and js-yaml deps: - Add patch update-js-deps.patch - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pytest-html.spec ++++++ --- /var/tmp/diff_new_pack.0x5lf4/_old 2026-06-29 17:33:50.373190544 +0200 +++ /var/tmp/diff_new_pack.0x5lf4/_new 2026-06-29 17:33:50.377190681 +0200 @@ -27,6 +27,8 @@ # npm install --package-lock-only --legacy-peer-deps --ignore-scripts Source10: package-lock.json Source11: node_modules.spec.inc +# PATCH-FIX-OPENSUSE update-js-deps.patch +Patch0: update-js-deps.patch %include %{_sourcedir}/node_modules.spec.inc BuildRequires: %{python_module hatch-vcs} BuildRequires: %{python_module hatchling} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.0x5lf4/_old 2026-06-29 17:33:50.421192197 +0200 +++ /var/tmp/diff_new_pack.0x5lf4/_new 2026-06-29 17:33:50.425192335 +0200 @@ -1,6 +1,6 @@ -mtime: 1779792251 -commit: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460 +mtime: 1782724122 +commit: 890596a6825e79617cb927fa8eb92f38bc8cd7f99da80dcb6751da8df780b8b0 url: https://src.opensuse.org/python-pytest/python-pytest-html -revision: 1a0be21c221acaf6c6f0c76e43061ec3827978c61bbfb550dee0e5eb397f8460 +revision: 890596a6825e79617cb927fa8eb92f38bc8cd7f99da80dcb6751da8df780b8b0 projectscmsync: https://src.opensuse.org/python-pytest/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-29 11:08:42.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ node_modules.obscpio ++++++ Binary files old/argparse-1.0.10.tgz and new/argparse-1.0.10.tgz differ Binary files old/esprima-4.0.1.tgz and new/esprima-4.0.1.tgz differ Binary files old/js-yaml-3.14.2.tgz and new/js-yaml-3.14.2.tgz differ Binary files old/js-yaml-4.1.1.tgz and new/js-yaml-4.1.1.tgz differ Binary files old/js-yaml-4.3.0.tgz and new/js-yaml-4.3.0.tgz differ Binary files old/shell-quote-1.8.4.tgz and new/shell-quote-1.8.4.tgz differ Binary files old/shell-quote-1.9.0.tgz and new/shell-quote-1.9.0.tgz differ Binary files old/sprintf-js-1.0.3.tgz and new/sprintf-js-1.0.3.tgz differ ++++++ node_modules.spec.inc ++++++ ++++ 759 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python-pytest-html/node_modules.spec.inc ++++ and /work/SRC/openSUSE:Factory/.python-pytest-html.new.11887/node_modules.spec.inc ++++++ package-lock.json ++++++ --- /var/tmp/diff_new_pack.0x5lf4/_old 2026-06-29 17:33:51.561231260 +0200 +++ /var/tmp/diff_new_pack.0x5lf4/_new 2026-06-29 17:33:51.565231396 +0200 @@ -476,15 +476,6 @@ "node": ">=8" } }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", - "dev": true, - "dependencies": { - "sprintf-js": "~1.0.2" - } - }, "node_modules/@istanbuljs/load-nyc-config/node_modules/camelcase": { "version": "5.3.1", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", @@ -507,20 +498,6 @@ "node": ">=8" } }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": { - "version": "3.14.2", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", - "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", - "dev": true, - "license": "MIT", - "dependencies": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", @@ -2398,19 +2375,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/esprima": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", - "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", - "dev": true, - "bin": { - "esparse": "bin/esparse.js", - "esvalidate": "bin/esvalidate.js" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/esquery": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz", @@ -3437,10 +3401,20 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", - "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.3.0.tgz", + "integrity": "sha512-1td788aAnnZ5qs7V2QIRl1owjtYpbKt749Y3xauqQgwIIGF/xXWz1wMTEBx5O3LK3lXLVuqXPdPxj2BoFHaW9Q==", "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/puzrin" + }, + { + "type": "github", + "url": "https://github.com/sponsors/nodeca" + } + ], "license": "MIT", "dependencies": { "argparse": "^2.0.1" @@ -4989,9 +4963,9 @@ } }, "node_modules/shell-quote": { - "version": "1.8.4", - "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz", - "integrity": "sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==", + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.9.0.tgz", + "integrity": "sha512-Iov+JwFv/2HcTpcwNMKd8+IWNb8tboQJNQTkAY/LLVK7gGH9jy+LGkVqPxfekHl+yMmiqXszdGWXgkfml7hjqA==", "dev": true, "license": "MIT", "engines": { @@ -5090,12 +5064,6 @@ "node": ">=8" } }, - "node_modules/sprintf-js": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", - "dev": true - }, "node_modules/stream-browserify": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-3.0.0.tgz", ++++++ update-js-deps.patch ++++++ Index: pytest_html-4.2.0/package.json =================================================================== --- pytest_html-4.2.0.orig/package.json +++ pytest_html-4.2.0/package.json @@ -7,6 +7,10 @@ "unit": "nyc mocha testing/**/unittest.js --require mock-local-storage", "all": "npm run lint && npm run unit && npm run build:css && npm run build:jsapp" }, + "overrides": { + "shell-quote": "^1.8.5", + "js-yaml": "^4.2.0" + }, "devDependencies": { "browserify": "^17.0.1", "chai": "^6.2.2",
