Files
python-bqplot/bqplot-js.patch
Benjamin Greiner 1e6f218cf7 - Add bqplot-js.patch boo#1248431 CVE-2025-9287 CVE-2025-9288
* We need to keep most of the js lock (yarn.lock) because 0.12
    is still not fully updatable with jupyterlab 4. This will
    hopefully change with 0.13, which is at rc stage

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:jupyter/python-bqplot?expand=0&rev=48
2025-08-21 17:14:14 +00:00

24 lines
615 B
Diff

diff -ur a/js/package.json b/js/package.json
--- a/js/package.json 2025-05-21 19:20:26.000000000 +0200
+++ b/js/package.json 2025-08-21 18:56:06.584707667 +0200
@@ -35,7 +35,7 @@
"devDependencies": {
"@jupyter-widgets/base-manager": "^1.0.0",
"@jupyter-widgets/controls": "^5",
- "@jupyterlab/builder": "^3.0.0",
+ "@jupyterlab/builder": "^4.0.0",
"@types/chai": "^4.1.7",
"@types/d3": "^5.7.2",
"@types/expect.js": "^0.3.29",
@@ -103,5 +103,9 @@
"css/",
"lib/",
"shaders/"
- ]
+ ],
+ "resolutions": {
+ "cipher-base": "1.0.6",
+ "sha.js": "2.4.12"
+ }
}