-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-43a0bff5ea 2025-11-03 01:00:54.501352+00:00 --------------------------------------------------------------------------------
Name : ruff Product : Fedora 41 Version : 0.14.2 Release : 1.fc41 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv. Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1. Patch openapi-python-client to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.14.2-1 - Update to version 0.14.2; Fixes RHBZ#2406135 * Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-2 - Double _smp_tasksize_proc again - Builds for F41 were failing consistently on s390x * Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-1 - Update to 0.14.1 (close RHBZ#2360699) * Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-2 - Skip salsaâs execute_cancellation tests on all architectures * Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-1 - Update to 0.14.0 * Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.3-1 - Update to 0.13.3 * Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.2-1 - Update to 0.13.2 * Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.12.1-2 - Use rpm's native resource tunable to limit parallelism. * Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.1-1 - Update to 0.12.1 * Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.0-1 - Update to 0.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405471 [ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405472 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
