Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-installer for 
openSUSE:Factory checked in at 2026-06-29 17:29:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-installer (Old)
 and      /work/SRC/openSUSE:Factory/.python-installer.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-installer"

Mon Jun 29 17:29:41 2026 rev:9 rq:1362153 version:1.0.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-installer/python-installer.changes        
2026-04-13 23:18:21.430813631 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-installer.new.11887/python-installer.changes 
    2026-06-29 17:30:10.877658652 +0200
@@ -1,0 +2,10 @@
+Sun Jun 28 11:09:49 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 1.0.1:
+  * Include docs and tests in sdist again
+  * Fix long path issue on Windows
+  * Fix date in changelog
+  * Use `os.path.abspath()` instead of `Path.resolve()` for
+    performance
+
+-------------------------------------------------------------------

Old:
----
  installer-1.0.0.tar.gz

New:
----
  installer-1.0.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-installer.spec ++++++
--- /var/tmp/diff_new_pack.6qkSZy/_old  2026-06-29 17:30:11.905694095 +0200
+++ /var/tmp/diff_new_pack.6qkSZy/_new  2026-06-29 17:30:11.909694233 +0200
@@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-installer%{pkg_suffix}
-Version:        1.0.0
+Version:        1.0.1
 Release:        0
 Summary:        A library for installing Python wheels
 License:        MIT

++++++ installer-1.0.0.tar.gz -> installer-1.0.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/installer-1.0.0/.pre-commit-config.yaml 
new/installer-1.0.1/.pre-commit-config.yaml
--- old/installer-1.0.0/.pre-commit-config.yaml 2026-03-28 16:36:28.000000000 
+0100
+++ new/installer-1.0.1/.pre-commit-config.yaml 2026-05-11 20:09:08.000000000 
+0200
@@ -26,7 +26,7 @@
       - id: blacken-docs
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.7
+    rev: v0.15.8
     hooks:
       - id: ruff-check
       - id: ruff-format
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/installer-1.0.0/docs/changelog.md 
new/installer-1.0.1/docs/changelog.md
--- old/installer-1.0.0/docs/changelog.md       2026-03-28 16:36:28.000000000 
+0100
+++ new/installer-1.0.1/docs/changelog.md       2026-05-11 20:09:08.000000000 
+0200
@@ -1,6 +1,12 @@
 # Changelog
 
-## v1.0.0 (Mar 28, 2025)
+## v1.0.1 (May 11, 2026)
+- Include docs and tests in sdist again (#322)
+- Fix long path issue on Windows (#321)
+- Fix date in changelog (#324)
+- Use `os.path.abspath()` instead of `Path.resolve()` for performance (#326)
+
+## v1.0.0 (Mar 28, 2026)
 
 - Drop support for Python 3.9, 3.8, and 3.7 (#305, #242, #206)
 - Add support and Python 3.13 and 3.14 (#201, #282)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/installer-1.0.0/pyproject.toml 
new/installer-1.0.1/pyproject.toml
--- old/installer-1.0.0/pyproject.toml  2026-03-28 16:36:28.000000000 +0100
+++ new/installer-1.0.1/pyproject.toml  2026-05-11 20:09:08.000000000 +0200
@@ -27,6 +27,12 @@
 [project.urls]
 "GitHub" = "https://github.com/pypa/installer";
 
+[tool.flit.sdist]
+include = [
+    "docs/",
+    "tests/",
+]
+
 [tool.ruff]
 fix = true
 extend-exclude = [
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/installer-1.0.0/src/installer/__init__.py 
new/installer-1.0.1/src/installer/__init__.py
--- old/installer-1.0.0/src/installer/__init__.py       2026-03-28 
16:36:28.000000000 +0100
+++ new/installer-1.0.1/src/installer/__init__.py       2026-05-11 
20:09:08.000000000 +0200
@@ -1,6 +1,6 @@
 """A library for installing Python wheels."""
 
-__version__ = "1.0.0"
+__version__ = "1.0.1"
 __all__ = ["install"]
 
 from installer._core import install
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/installer-1.0.0/src/installer/destinations.py 
new/installer-1.0.1/src/installer/destinations.py
--- old/installer-1.0.0/src/installer/destinations.py   2026-03-28 
16:36:28.000000000 +0100
+++ new/installer-1.0.1/src/installer/destinations.py   2026-05-11 
20:09:08.000000000 +0200
@@ -136,8 +136,18 @@
     """Silently overwrite existing files."""
 
     def _path_with_destdir(self, scheme: Scheme, path: str) -> Path:
-        target_dir = Path(self.scheme_dict[scheme]).resolve()
-        file = (target_dir / path).resolve()
+        # See https://docs.python.org/3/library/zipfile.html#zipfile.Path:
+        #  When handling untrusted archives,
+        #  consider resolving filenames using os.path.abspath()
+        #  and checking against the target directory with os.path.commonpath().
+        #
+        # Attention: Path.absolute() is not sufficient because it does not
+        #  normalize, i.e. does not remove "..".
+        #
+        # We want to avoid Path.resolve() because it is significantly slower
+        # than os.path.abspath()!
+        target_dir = Path(os.path.abspath(self.scheme_dict[scheme]))  # noqa: 
PTH100
+        file = Path(os.path.abspath(target_dir / path))  # noqa: PTH100
 
         if not file.is_relative_to(target_dir):
             raise ValueError(

Reply via email to