Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openQA for openSUSE:Factory checked in at 2026-02-24 15:38:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openQA (Old) and /work/SRC/openSUSE:Factory/.openQA.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openQA" Tue Feb 24 15:38:28 2026 rev:810 rq:1334553 version:5.1771846996.b67911c1 Changes: -------- --- /work/SRC/openSUSE:Factory/openQA/openQA.changes 2026-02-23 16:12:08.108316713 +0100 +++ /work/SRC/openSUSE:Factory/.openQA.new.1977/openQA.changes 2026-02-24 15:39:03.239548298 +0100 @@ -1,0 +2,8 @@ +Mon Feb 23 16:01:06 UTC 2026 - [email protected] + +- Update to version 5.1771846996.b67911c1: + * fix: update ajv to fix moderate severity ReDoS vulnerability + * fix: update minimatch override to fix high severity ReDoS vulnerability + * openqa-load-templates: Slightly simplify + +------------------------------------------------------------------- Old: ---- openQA-5.1771626210.b82f14f2.obscpio New: ---- openQA-5.1771846996.b67911c1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openQA-client-test.spec ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:04.603604921 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:04.607605087 +0100 @@ -18,7 +18,7 @@ %define short_name openQA-client Name: %{short_name}-test -Version: 5.1771626210.b82f14f2 +Version: 5.1771846996.b67911c1 Release: 0 Summary: Test package for %{short_name} License: GPL-2.0-or-later ++++++ openQA-devel-test.spec ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:04.639606416 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:04.639606416 +0100 @@ -18,7 +18,7 @@ %define short_name openQA-devel Name: %{short_name}-test -Version: 5.1771626210.b82f14f2 +Version: 5.1771846996.b67911c1 Release: 0 Summary: Test package for %{short_name} License: GPL-2.0-or-later ++++++ openQA-test.spec ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:04.671607744 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:04.671607744 +0100 @@ -18,7 +18,7 @@ %define short_name openQA Name: %{short_name}-test -Version: 5.1771626210.b82f14f2 +Version: 5.1771846996.b67911c1 Release: 0 Summary: Test package for openQA License: GPL-2.0-or-later ++++++ openQA-worker-test.spec ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:04.703609073 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:04.707609239 +0100 @@ -18,7 +18,7 @@ %define short_name openQA-worker Name: %{short_name}-test -Version: 5.1771626210.b82f14f2 +Version: 5.1771846996.b67911c1 Release: 0 Summary: Test package for %{short_name} License: GPL-2.0-or-later ++++++ openQA.spec ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:04.739610567 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:04.743610733 +0100 @@ -99,7 +99,7 @@ %define devel_requires %devel_no_selenium_requires chromedriver Name: openQA -Version: 5.1771626210.b82f14f2 +Version: 5.1771846996.b67911c1 Release: 0 Summary: The openQA web-frontend, scheduler and tools License: GPL-2.0-or-later ++++++ node_modules.obscpio ++++++ Binary files old/@isaacs-balanced-match-4.0.1.tgz and new/@isaacs-balanced-match-4.0.1.tgz differ Binary files old/@isaacs-brace-expansion-5.0.1.tgz and new/@isaacs-brace-expansion-5.0.1.tgz differ Binary files old/ajv-6.12.6.tgz and new/ajv-6.12.6.tgz differ Binary files old/ajv-6.14.0.tgz and new/ajv-6.14.0.tgz differ Binary files old/balanced-match-4.0.4.tgz and new/balanced-match-4.0.4.tgz differ Binary files old/brace-expansion-5.0.3.tgz and new/brace-expansion-5.0.3.tgz differ Binary files old/minimatch-10.1.2.tgz and new/minimatch-10.1.2.tgz differ Binary files old/minimatch-10.2.2.tgz and new/minimatch-10.2.2.tgz differ ++++++ node_modules.spec.inc ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:05.491641784 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:05.499642117 +0100 @@ -11,20 +11,20 @@ Source1010: https://registry.npmjs.org/@humanfs/node/-/node-0.16.7.tgz#/@humanfs-node-0.16.7.tgz Source1011: https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz#/@humanwhocodes-module-importer-1.0.1.tgz Source1012: https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.3.tgz#/@humanwhocodes-retry-0.4.3.tgz -Source1013: https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz#/@isaacs-balanced-match-4.0.1.tgz -Source1014: https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.1.tgz#/@isaacs-brace-expansion-5.0.1.tgz -Source1015: https://registry.npmjs.org/@pkgr/core/-/core-0.2.9.tgz#/@pkgr-core-0.2.9.tgz -Source1016: https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz#/@popperjs-core-2.11.8.tgz -Source1017: https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz#/@types-estree-1.0.8.tgz -Source1018: https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz#/@types-json-schema-7.0.15.tgz -Source1019: https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.4.tgz#/ace-builds-1.43.4.tgz -Source1020: https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz#/acorn-8.15.0.tgz -Source1021: https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz#/acorn-jsx-5.3.2.tgz -Source1022: https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz#/ajv-6.12.6.tgz -Source1023: https://registry.npmjs.org/anser/-/anser-2.3.2.tgz#/anser-2.3.2.tgz -Source1024: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz#/ansi-styles-4.3.0.tgz -Source1025: https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz#/argparse-2.0.1.tgz -Source1026: https://registry.npmjs.org/bootstrap/-/bootstrap-5.3.8.tgz#/bootstrap-5.3.8.tgz +Source1013: https://registry.npmjs.org/@pkgr/core/-/core-0.2.9.tgz#/@pkgr-core-0.2.9.tgz +Source1014: https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz#/@popperjs-core-2.11.8.tgz +Source1015: https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz#/@types-estree-1.0.8.tgz +Source1016: https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz#/@types-json-schema-7.0.15.tgz +Source1017: https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.4.tgz#/ace-builds-1.43.4.tgz +Source1018: https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz#/acorn-8.15.0.tgz +Source1019: https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz#/acorn-jsx-5.3.2.tgz +Source1020: https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz#/ajv-6.14.0.tgz +Source1021: https://registry.npmjs.org/anser/-/anser-2.3.2.tgz#/anser-2.3.2.tgz +Source1022: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz#/ansi-styles-4.3.0.tgz +Source1023: https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz#/argparse-2.0.1.tgz +Source1024: https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz#/balanced-match-4.0.4.tgz +Source1025: https://registry.npmjs.org/bootstrap/-/bootstrap-5.3.8.tgz#/bootstrap-5.3.8.tgz +Source1026: https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz#/brace-expansion-5.0.3.tgz Source1027: https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz#/callsites-3.1.0.tgz Source1028: https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz#/chalk-4.1.2.tgz Source1029: https://registry.npmjs.org/chosen-js/-/chosen-js-1.8.7.tgz#/chosen-js-1.8.7.tgz @@ -114,7 +114,7 @@ Source1113: https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz#/locate-path-6.0.0.tgz Source1114: https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz#/lodash-4.17.23.tgz Source1115: https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz#/lodash.merge-4.6.2.tgz -Source1116: https://registry.npmjs.org/minimatch/-/minimatch-10.1.2.tgz#/minimatch-10.1.2.tgz +Source1116: https://registry.npmjs.org/minimatch/-/minimatch-10.2.2.tgz#/minimatch-10.2.2.tgz Source1117: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz#/ms-2.1.3.tgz Source1118: https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz#/natural-compare-1.4.0.tgz Source1119: https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz#/optionator-0.9.4.tgz ++++++ openQA-5.1771626210.b82f14f2.obscpio -> openQA-5.1771846996.b67911c1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openQA-5.1771626210.b82f14f2/package-lock.json new/openQA-5.1771846996.b67911c1/package-lock.json --- old/openQA-5.1771626210.b82f14f2/package-lock.json 2026-02-20 23:23:30.000000000 +0100 +++ new/openQA-5.1771846996.b67911c1/package-lock.json 2026-02-23 12:43:16.000000000 +0100 @@ -209,29 +209,6 @@ "url": "https://github.com/sponsors/nzakas"; } }, - "node_modules/@isaacs/balanced-match": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz";, - "integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": "20 || >=22" - } - }, - "node_modules/@isaacs/brace-expansion": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.1.tgz";, - "integrity": "sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "@isaacs/balanced-match": "^4.0.1" - }, - "engines": { - "node": "20 || >=22" - } - }, "node_modules/@pkgr/core": { "version": "0.2.9", "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.2.9.tgz";, @@ -299,9 +276,9 @@ } }, "node_modules/ajv": { - "version": "6.12.6", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz";, - "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz";, + "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", "dev": true, "license": "MIT", "dependencies": { @@ -343,6 +320,16 @@ "dev": true, "license": "Python-2.0" }, + "node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz";, + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/bootstrap": { "version": "5.3.8", "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.3.8.tgz";, @@ -362,6 +349,19 @@ "@popperjs/core": "^2.11.8" } }, + "node_modules/brace-expansion": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz";, + "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz";, @@ -1425,16 +1425,16 @@ "dev": true }, "node_modules/minimatch": { - "version": "10.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.2.tgz";, - "integrity": "sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==", + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.2.tgz";, + "integrity": "sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { - "@isaacs/brace-expansion": "^5.0.1" + "brace-expansion": "^5.0.2" }, "engines": { - "node": "20 || >=22" + "node": "18 || 20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openQA-5.1771626210.b82f14f2/package.json new/openQA-5.1771846996.b67911c1/package.json --- old/openQA-5.1771626210.b82f14f2/package.json 2026-02-20 23:23:30.000000000 +0100 +++ new/openQA-5.1771846996.b67911c1/package.json 2026-02-23 12:43:16.000000000 +0100 @@ -34,6 +34,6 @@ "dagre-d3": { "d3": "npm:d3" }, - "minimatch": "10.1.2" + "minimatch": "10.2.2" } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openQA-5.1771626210.b82f14f2/script/openqa-load-templates new/openQA-5.1771846996.b67911c1/script/openqa-load-templates --- old/openQA-5.1771626210.b82f14f2/script/openqa-load-templates 2026-02-20 23:23:30.000000000 +0100 +++ new/openQA-5.1771846996.b67911c1/script/openqa-load-templates 2026-02-23 12:43:16.000000000 +0100 @@ -126,43 +126,46 @@ })->res; } -sub post_entry ($table, $entry) { - my %param; +sub handle_job_groups ($entry) { + # Try to create the group first + my $job_groups_url = $url->clone->path($options{apibase} . '/job_groups'); + my $create_res = $client->post($job_groups_url, form => {name => $entry->{group_name}})->res; + # this is what we get from the API if the group exists + my $exists = ($create_res->code == 500 && $create_res->json->{already_exists}); + # return 0 (indicating no change) unless --clean or --update passed + return 0 if ($exists && !$options{update} && !$options{clean}); + print_error($create_res) unless ($create_res->is_success || $exists); + # Post the job template YAML - if ($table eq 'JobGroups') { - # Try to create the group first - my $job_groups_url = $url->clone->path($options{apibase} . '/job_groups'); - my $create_res = $client->post($job_groups_url, form => {name => $entry->{group_name}})->res; - # this is what we get from the API if the group exists - my $exists = ($create_res->code == 500 && $create_res->json->{already_exists}); - # return 0 (indicating no change) unless --clean or --update passed - return 0 if ($exists && !$options{update} && !$options{clean}); - print_error($create_res) unless ($create_res->is_success || $exists); - # Post the job template YAML - - my $yaml_res = post_yaml_templates($entry->{group_name}, $entry->{template}); - print_error($yaml_res) unless $yaml_res->is_success; - return 1; - } + my $yaml_res = post_yaml_templates($entry->{group_name}, $entry->{template}); + print_error($yaml_res) unless $yaml_res->is_success; + return 1; +} - if ($table eq 'JobTemplates') { - unless (defined($entry->{prio})) { - # we have to migrate the prio from the TestSuite to the JobTemplate - for my $ts (@{$info->{TestSuites}}) { - if ($ts->{name} eq $entry->{test_suite}{name}) { - $entry->{prio} = $ts->{prio}; - } +sub handle_job_templates ($entry) { + unless (defined($entry->{prio})) { + # we have to migrate the prio from the TestSuite to the JobTemplate + for my $ts (@{$info->{TestSuites}}) { + if ($ts->{name} eq $entry->{test_suite}{name}) { + $entry->{prio} = $ts->{prio}; } } - unless (defined($entry->{group_name})) { - # we have to create a group_name from the Product - my $gn = $entry->{product}{distri}; - if ($entry->{product}{version} ne '*') { - $gn .= "-" . $entry->{product}{version}; - } - $entry->{group_name} = $gn; + } + unless (defined($entry->{group_name})) { + # we have to create a group_name from the Product + my $gn = $entry->{product}{distri}; + if ($entry->{product}{version} ne '*') { + $gn .= "-" . $entry->{product}{version}; } + $entry->{group_name} = $gn; } +} + +sub post_entry ($table, $entry) { + my %param; + + return handle_job_groups($entry) if $table eq 'JobGroups'; + handle_job_templates($entry) if $table eq 'JobTemplates'; for my $key (keys %{$entry}) { if ($key eq 'machine' && defined $entry->{machine}{name}) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openQA-5.1771626210.b82f14f2/t/40-script_load_dump_templates.t new/openQA-5.1771846996.b67911c1/t/40-script_load_dump_templates.t --- old/openQA-5.1771626210.b82f14f2/t/40-script_load_dump_templates.t 2026-02-20 23:23:30.000000000 +0100 +++ new/openQA-5.1771846996.b67911c1/t/40-script_load_dump_templates.t 2026-02-23 12:43:16.000000000 +0100 @@ -252,4 +252,68 @@ # make sure all job templates are for opensuse group not fedora group check_property($schema, 'JobTemplates', 'group_id', [$opensuse->id, $opensuse->id, $opensuse->id]); +subtest 'missing fields in job templates' => sub { + $schema->resultset($_)->delete for qw(Machines TestSuites Products JobTemplates JobGroups); + # prepare dependencies: machine and testsuite + $schema->resultset('Machines')->create({name => '64bit', backend => 'qemu'}); + $schema->resultset('TestSuites')->create({name => 'textmode'}); + $schema->resultset('Products') + ->create({name => '', arch => 'x86_64', distri => 'opensuse', flavor => 'DVD', version => '42.3'}); + $schema->resultset('Products') + ->create({name => '', arch => 'x86_64', distri => 'opensuse', flavor => 'DVD', version => '*'}); + + my ($fh, $tempfilename) = tempfile(UNLINK => 1, SUFFIX => '.pl'); + print $fh <<'EOF'; +{ + JobGroups => [], + JobTemplates => [ + { + machine => {name => '64bit'}, + product => { + arch => 'x86_64', + distri => 'opensuse', + flavor => 'DVD', + version => '42.3', + }, + test_suite => {name => 'textmode'}, + }, + { + machine => {name => '64bit'}, + product => { + arch => 'x86_64', + distri => 'opensuse', + flavor => 'DVD', + version => '*', + }, + test_suite => {name => 'textmode'}, + }, + ], + Machines => [], + Products => [], + TestSuites => [ + { + name => 'textmode', + prio => 60, + }, + ], +} +EOF + close $fh; + + my $args = "$base_args $tempfilename"; + # 2 JobTemplates, 1 TestSuite (others exist but will be '0 added') + my $expected = qr/JobTemplates +=> \{ added => 2, of => 2 \}/; + test_once $args, $expected, 'imported templates with missing fields'; + + my @jts = sort { $a->product->version cmp $b->product->version } $schema->resultset('JobTemplates')->all; + is @jts, 2, 'two job templates loaded'; + is $jts[0]->product->version, '*', 'first jt has version *'; + is $jts[0]->group->name, 'opensuse', 'correct group name for version *'; + is $jts[0]->prio, 60, 'prio migrated from test suite'; + + is $jts[1]->product->version, '42.3', 'second jt has version 42.3'; + is $jts[1]->group->name, 'opensuse-42.3', 'correct group name for version 42.3'; + is $jts[1]->prio, 60, 'prio migrated from test suite'; +}; + done_testing; ++++++ openQA.obsinfo ++++++ --- /var/tmp/diff_new_pack.WQ7Icz/_old 2026-02-24 15:39:18.220170082 +0100 +++ /var/tmp/diff_new_pack.WQ7Icz/_new 2026-02-24 15:39:18.232170579 +0100 @@ -1,5 +1,5 @@ name: openQA -version: 5.1771626210.b82f14f2 -mtime: 1771626210 -commit: b82f14f264a3bfd05ca065a2fe9ef1e22f3f580f +version: 5.1771846996.b67911c1 +mtime: 1771846996 +commit: b67911c1b3876efb4f401ab0a48964e715b8c1ee
