diff --git a/hauler b/hauler
index 4061841..69ca5e4 160000
--- a/hauler
+++ b/hauler
@@ -1 +1 @@
-Subproject commit 4061841edd9e293f2fdfed224498ee029cd2522a9c48468a008081d8a68682f4
+Subproject commit 69ca5e4eeaa159ce0bdff54247d71066c5232b5116aa44fe4da074b6d950d2d7
diff --git a/patchinfo.20260120155333040130.93181000773252/_patchinfo b/patchinfo.20260120155333040130.93181000773252/_patchinfo
new file mode 100644
index 0000000..4063de7
--- /dev/null
+++ b/patchinfo.20260120155333040130.93181000773252/_patchinfo
@@ -0,0 +1,32 @@
+<patchinfo>
+  <issue tracker="cve" id="2026-22772"/>
+  <issue tracker="bnc" id="1256546">VUL-0: CVE-2025-47911: TRACKERBUG: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for hauler</summary>
+  <description>This update for hauler fixes the following issues:
+
+Changes in hauler:
+
+- Update to version 1.4.1 (bsc#1256546, CVE-2026-22772):
+  * fixed typos for containerd imports (#493)
+  * fix and support containerd imports of `hauls` (#492)
+  * bump github.com/sigstore/fulcio (#489)
+
+- Update to version 1.4.0:
+  * added/updated logging for `serve` and `remove` (#487)
+  * added/fixed helm chart images/dependencies features (#485)
+  * more experimental feature updates (#486)
+  * add experimental notes (#483)
+  * updated tempdir flag to store persistent flags (#484)
+  * delete artifacts from store (#473)
+  * path rewrites (#475)
+  * updated/fixed workflow dependency versions (#478)
+
+- Update to version 1.3.2:
+  * bump to latest cosign fork release (#481)
+  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476)
+</description>
+  <package>hauler</package>
+</patchinfo>