diff --git a/openQA b/openQA index 68075a6..b4ec3b9 160000 --- a/openQA +++ b/openQA @@ -1 +1 @@ -Subproject commit 68075a67b6c3af85a6b0be89c860a559170d085109c2bdaedf872b162cf6aed1 +Subproject commit b4ec3b9af734940f82d88999eb58080c3d04b20ff5867f8f189de9f6f76b9508 diff --git a/openQA-devel-container b/openQA-devel-container index a6ab86b..92119a6 160000 --- a/openQA-devel-container +++ b/openQA-devel-container @@ -1 +1 @@ -Subproject commit a6ab86b7eaa0880cb5efb7b75b823080d34ead8428adbdeed9de4c621a532fb0 +Subproject commit 92119a60a7620b69d8997615a56913c1eac863ab2e10ed543030ce44703b7095 diff --git a/os-autoinst b/os-autoinst index c267795..c050ed4 160000 --- a/os-autoinst +++ b/os-autoinst @@ -1 +1 @@ -Subproject commit c267795e7d0b266f755e8519f4a4f7d3306b1b142ec5a9c59d48135643fb3479 +Subproject commit c050ed44e28aa928bed7600a24cab7b302360d1caccf0321da5efa2261fa7188 diff --git a/patchinfo.20260219152850183014.93181000773252/_patchinfo b/patchinfo.20260219152850183014.93181000773252/_patchinfo new file mode 100644 index 0000000..0817b62 --- /dev/null +++ b/patchinfo.20260219152850183014.93181000773252/_patchinfo @@ -0,0 +1,123 @@ + + VUL-0: CVE-2026-25547: TRACKERBUG: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Nod + VUL-0: CVE-2026-25547: openQA: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process + os-autoinst-obs-workflow + important + security + Security update for openQA, os-autoinst, openQA-devel-container + This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: + +Changes in openQA: + +- Update to version 5.1771422749.560a3b26: + * fix(mcp): set navbar check expression to read-only + * feat: support inverted result filters in /tests/overview + * fix(test): Enable helm install-chart test again + * git subrepo pull (merge) --force external/os-autoinst-common + * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable + * test: Consider everything under `lib/OpenQA/Shared/` covered + * fix: Provide specific error message if job was removed `enqueue_…_track` + * refactor: Remove useless error message in `enqueue_and_keep_track` + * test: Cover case of successful executing in `enqueue_and_keep_track` + * refactor: Simplify error handling of `enqueue_and_keep_track` + * test: Cover error handling of `enqueue_and_keep_track` + * test: Consider shared session controller fully covered + * refactor: Avoid duplications in sessions controller + * refactor: Use signatures in session controller code + * test: Cover error handling in case of a bad CRSF token + * test: Cover test route for session + * fix(worker): reject jobs explicitly when worker is stopping + * feat: Remove workaround for codecov and gpg + * feat: Switch to Leap 16 in Helm charts + * feat: Switch to Leap 16.0 in openqa_data container + * feat: Replace all Leap 15.6 with 16.0 in docs and scripts + * test: Cover showing special image when backend has terminated + * fix: Use new apachectl command + * Update openQA containers to Leap 16.0 + * test: Extend tests for controller handling live view + * refactor: Move throttling into its own function + * feat(throttling): throttle jobs resources based on parameters size + * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests + * feat: Allow archiving jobs with infinite important storage durations + * feat: Flag jobs without results as archived for consistency + * feat: Remove one corner case preventing jobs from being archived + +- Update to version 5.1770718745.ce2072d3: + * feat(ui): use clickable test overview summary counts for quick filtering + * build(Makefile): fix uninterruptable tests + * docs: Mention caveats of `…_cleanup_max_free_percentage` setting + * test(25-cache-service): fix race conditions + * test(ui/21-admin-needles): properly wait for modal dialog and deletion + * test(ui/13-admin): properly wait for API key deletion + * test(40-openqa-clone-job): properly isolate from system config + * test(15-asset): bump timeout to current runtime + * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch + * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 + * fix(eslint): correct style to be eslint-9.38 compliant + * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 + * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 + * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 + * refactor: Improve variable names in function to determine expired jobs + * test: Improve name of subtest for archiving + * test: Verify that archiving works regardless of logs/results present + * Dependency cron 2026-02-06 + * Bump js-yaml from 4.1.0 to 4.1.1 + * build(deps): bump ace-builds from 1.43.3 to 1.43.4 + +- Update to version 5.1770308102.12dfd0e4: + * fix: Configure sudoers correctly in Leap 16 + * Also use devel:openQA/16.0 in dependency bot workflow + * test: Consider all controller code covered + * refactor: Remove unused "group connect" endpoints + * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint + * test: Cover all cases of search of audit log table + * refactor: Simplify function to render audit log index page + * test: Add test for `eventid` parameter of audit log page + * test: Cover remaining lines of `Asset.pm` + +- Update to version 5.1769644379.ef069e9d: + +Changes in os-autoinst: + +- Update to version 5.1771353921.c8005c9: + * git subrepo pull (merge) --force external/os-autoinst-common + * style: Fix crop.py style issues + * workaround: Remove "get_mempolicy" warning from qemu-img output + * parse_extra_log: Allow passing additional args to upload_logs + * refactor: Distinguish tests by the script path in `loadtest` + * refactor: Simplify approach for avoiding redefine warnings + +- Update to version 5.1770715824.6a80a85: + * style: Fix crop.py style issues + * workaround: Remove "get_mempolicy" warning from qemu-img output + * parse_extra_log: Allow passing additional args to upload_logs + * refactor: Distinguish tests by the script path in `loadtest` + * refactor: Simplify approach for avoiding redefine warnings + * test: Allow running tests with `Test::Warnings<0.033` + * test: Format test of `loadtestdir` in a more compact way + +- Update to version 5.1770127521.c249fe9: + * refactor: Distinguish tests by the script path in `loadtest` + * refactor: Simplify approach for avoiding redefine warnings + * test: Allow running tests with `Test::Warnings<0.033` + * test: Format test of `loadtestdir` in a more compact way + * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite + * feat: Allow enabling strict/warnings/signatures globally + * fix: Improve wrong comment about enablement of modern Perl features + +Changes in openQA-devel-container: + +- Update to version 5.1771422749.560a3b26b: + * Update to latest openQA version + + openQA + openQA:openQA-devel-test + openQA:openQA-test + openQA:openQA-worker-test + openQA:openQA-client-test + os-autoinst + os-autoinst:os-autoinst-test + os-autoinst:os-autoinst-devel-test + os-autoinst:os-autoinst-openvswitch-test + openQA-devel-container +