Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2024-05-23 15:35:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo" Thu May 23 15:35:17 2024 rev:7 rq:1175962 version:7.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2024-05-03 19:46:04.456176784 +0200 +++ /work/SRC/openSUSE:Factory/.forgejo.new.24587/forgejo.changes 2024-05-23 15:35:53.628994975 +0200 @@ -1,0 +2,31 @@ +Wed May 22 20:41:58 UTC 2024 - Richard Rahl <rra...@disroot.org> + +- update to 7.0.3: + * CVE-2024-24788: a malformed DNS message in response to a query can + cause the lookup functions to get stuck in an infinite loop + * backticks in mermaid block diagram labels are not sanitized properly + * migration of a repository from gogs fails when it is hosted at a subpath. + * when creating an OAuth2 application the redirect URLs are not enforced to + be mandatory + * the API incorrectly excludes repositories where code is not enabled + * "Allow edits from maintainers" cannot be modified via the pull request web UI + * repository activity feeds (including RSS and Atom feeds) contain + repeated activities + * uploading maven packages with metadata being uploaded separately will fail + * the mail notification sent about commits pushed to pull requests are empty + * inline emails attachments are not properly handled when commenting on an + issue via email + * the links to .zip and tar.gz on the tag list web UI fail + * expanding code diff while previewing a pull request before it is created fails + * the CLI is not able to migrate Forgejo Actions artifacts + * when adopting a repository, the default branch is not taken into account + * when using reverse proxy authentication, logout will not be taken into + account when immediately trying to login afterwards + * pushing to the master branch of a sha256 repository fails + * a very long project column name will make the action menu inaccessible + * a useless error is displayed when the title of a merged pull request is + modified + * workflow badges are not working for workflows that are not running on push + (such as scheduled workflows, and ones that run on tags and pull requests) + +------------------------------------------------------------------- Old: ---- forgejo-src-7.0.2.tar.gz forgejo-src-7.0.2.tar.gz.asc New: ---- forgejo-src-7.0.3.tar.gz forgejo-src-7.0.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.NZakgQ/_old 2024-05-23 15:35:59.725216193 +0200 +++ /var/tmp/diff_new_pack.NZakgQ/_new 2024-05-23 15:35:59.729216338 +0200 @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 7.0.2 +Version: 7.0.3 Release: 0 Summary: Self-hostable forge License: MIT ++++++ forgejo-src-7.0.2.tar.gz -> forgejo-src-7.0.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-7.0.2.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.24587/forgejo-src-7.0.3.tar.gz differ: char 19, line 1 ++++++ forgejo.keyring ++++++ --- /var/tmp/diff_new_pack.NZakgQ/_old 2024-05-23 15:35:59.841220402 +0200 +++ /var/tmp/diff_new_pack.NZakgQ/_new 2024-05-23 15:35:59.845220548 +0200 @@ -1,6 +1,6 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: Hostname: -Version: Hockeypuck 2.1.1-10-gec3b0e7 +Version: Hockeypuck 2.2 xjMEY3T/yhYJKwYBBAHaRw8BAQdAVxqCQrSbpDNrx8CiTM8PUAVqdCyv2UmBDhpP HZIpoIDNHUZvcmdlam8gPGNvbnRhY3RAZm9yZ2Vqby5vcmc+wsB+BBMWCgDmAhsD ++++++ node_modules.obscpio ++++++ /work/SRC/openSUSE:Factory/forgejo/node_modules.obscpio /work/SRC/openSUSE:Factory/.forgejo.new.24587/node_modules.obscpio differ: char 135501699, line 475345 ++++++ node_modules.spec.inc ++++++ --- /var/tmp/diff_new_pack.NZakgQ/_old 2024-05-23 15:36:00.097229692 +0200 +++ /var/tmp/diff_new_pack.NZakgQ/_new 2024-05-23 15:36:00.105229983 +0200 @@ -665,7 +665,7 @@ Source10664: https://registry.npmjs.org/meow/-/meow-13.2.0.tgz#/meow-13.2.0.tgz Source10665: https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz#/merge-stream-2.0.0.tgz Source10666: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz#/merge2-1.4.1.tgz -Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz#/mermaid-10.9.0.tgz +Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz#/mermaid-10.9.1.tgz Source10668: https://registry.npmjs.org/micromark/-/micromark-3.2.0.tgz#/micromark-3.2.0.tgz Source10669: https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-1.1.0.tgz#/micromark-core-commonmark-1.1.0.tgz Source10670: https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-1.1.0.tgz#/micromark-factory-destination-1.1.0.tgz ++++++ package-lock.json ++++++ --- /var/tmp/diff_new_pack.NZakgQ/_old 2024-05-23 15:36:00.141231289 +0200 +++ /var/tmp/diff_new_pack.NZakgQ/_new 2024-05-23 15:36:00.145231434 +0200 @@ -34,7 +34,7 @@ "jquery": "3.7.1", "katex": "0.16.10", "license-checker-webpack-plugin": "0.2.1", - "mermaid": "10.9.0", + "mermaid": "10.9.1", "mini-css-extract-plugin": "2.8.1", "minimatch": "9.0.3", "monaco-editor": "0.47.0", @@ -8232,9 +8232,9 @@ } }, "node_modules/mermaid": { - "version": "10.9.0", - "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz";, - "integrity": "sha512-swZju0hFox/B/qoLKK0rOxxgh8Cf7rJSfAUc1u8fezVihYMvrJAS45GzAxTVf4Q+xn9uMgitBcmWk7nWGXOs/g==", + "version": "10.9.1", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz";, + "integrity": "sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==", "dependencies": { "@braintree/sanitize-url": "^6.0.1", "@types/d3-scale": "^4.0.3",
