Update submodules from pool/ranger#1 and create patchinfo.20260107163324652482.93181000773252/_patchinfo

PR: products/PackageHub!297

.gitea/workflows/patchinfo_numberator.yaml

@@ -1,37 +1,35 @@
 # Use this as .gitea/workflows/patchinfo_numberator.yaml in all products/* repos
-name: Patchinfo ID numberator
-run-name: ${{ gitea.actor }} is setting patchinfo numbers
-on: [push]
+name: Patchinfo incident numbering
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  REPO_PATH: /workspace/${{ gitea.repository }}
+  REPO_URL: https://gitea-actions-autobuild:${{ secrets.REPO_WRITE }}@$RUNNER_GITEA_DOMAIN/${{ gitea.repository }}.git
 
 jobs:
   use-go-action:
-    runs-on: tumbleweed
+    runs-on: tumbleweed_autobuild
     steps:
-      # Install packages if not provided by image
-      - run: |
-          rpm -q go && exit 0
-          zypper ref
-          zypper in -y go
-      # Generic action from GitHub to clone the product git repo
+
       - name: Checkout product
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/github-actions-checkout@v4
-        with:
-          token: ${{ secrets.REPO_WRITE }}
-          repo-sha256: true
+        run: |
+          test -n "${{ env.REPO_PATH }}" && rm -rfv "${{ env.REPO_PATH }}"/*
+          git config --global --add safe.directory ${{ env.REPO_PATH }}
+          git clone ${{ env.REPO_URL }} ${{ env.REPO_PATH }}
 
       - name: Update all new _patchinfo files
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/patchinfo-numbering-action@v0
-      - name: Get last commit author
-        id: last-commit
-        run: |
-          echo "author=$(git log -1 --pretty='%an <%ae>')" >> $GITHUB_OUTPUT
-      - name: Commit changes back
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
+        uses: https://src.opensuse.org/actions/patchinfo-numbering-action@v0
+        with:
+          prefix: packagehub-
+
+      - name: Commit changes
+        uses: https://src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
         with:
           commit_user_name: gitea-actions-autobuild
-          commit_user_email: autobuild+gitea@opensuse.org
-          commit_author: ${{ steps.last-commit.outputs.author }}
-          commit_message: "Update incident numbers [skip actions]"
+          commit_author: Patchinfo incident numbering <gitea-actions-autobuild@noreply.src.opensuse.org> 
+          commit_message: "Update patchinfo incident numbers [skip actions]"
           commit_options: '--no-edit'
           skip_fetch: true
-

.gitmodules

@@ -10190,10 +10190,6 @@
 	path = memleax
 	url = ../../pool/memleax
 	branch = leap-16.0
-[submodule "memtest86+"]
-	path = memtest86+
-	url = ../../pool/memtest86_
-	branch = leap-16.0
 [submodule "menu-cache"]
 	path = menu-cache
 	url = ../../pool/menu-cache
@@ -11762,10 +11758,6 @@
 	path = openQA
 	url = ../../pool/openqa
 	branch = leap-16.0
-[submodule "openQA-devel-container"]
-	path = openQA-devel-container
-	url = ../../pool/openqa-devel-container
-	branch = leap-16.0
 [submodule "openSUSE-signkey-cert"]
 	path = openSUSE-signkey-cert
 	url = ../../pool/openSUSE-signkey-cert
@@ -11886,10 +11878,6 @@
 	path = openssl_tpm2_engine
 	url = ../../pool/openssl_tpm2_engine
 	branch = leap-16.0
-[submodule "opensuse-welcome-launcher"]
-	path = opensuse-welcome-launcher
-	url = ../../pool/opensuse-welcome-launcher
-	branch = leap-16.0
 [submodule "opentimelineio"]
 	path = opentimelineio
 	url = ../../pool/opentimelineio
@@ -17362,6 +17350,10 @@
 	path = rasqal
 	url = ../../pool/rasqal
 	branch = leap-16.0
+[submodule "rawtherapee"]
+	path = rawtherapee
+	url = ../../pool/rawtherapee
+	branch = leap-16.0
 [submodule "raw-thumbnailer"]
 	path = raw-thumbnailer
 	url = ../../pool/raw-thumbnailer
@@ -17574,10 +17566,6 @@
 	path = rlwrap
 	url = ../../pool/rlwrap
 	branch = leap-16.0
-[submodule "rmt-server"]
-	path = rmt-server
-	url = ../../pool/rmt-server
-	branch = leap-16.0
 [submodule "rmw"]
 	path = rmw
 	url = ../../pool/rmw
@@ -26034,3 +26022,119 @@
 	path = python-pygraphviz
 	url = ../../pool/python-pygraphviz
 	branch = leap-16.0
+[submodule "obs-service-cargo"]
+	path = obs-service-cargo
+	url = ../../pool/obs-service-cargo
+	branch = leap-16.0
+[submodule "obs-service-extract_file"]
+	path = obs-service-extract_file
+	url = ../../pool/obs-service-extract_file
+	branch = leap-16.0
+[submodule "obs-service-update_changelog"]
+	path = obs-service-update_changelog
+	url = ../../pool/obs-service-update_changelog
+	branch = leap-16.0
+[submodule "obs-service-refresh_patches"]
+	path = obs-service-refresh_patches
+	url = ../../pool/obs-service-refresh_patches
+	branch = leap-16.0
+[submodule "cargo-vendor-filterer"]
+	path = cargo-vendor-filterer
+	url = ../../pool/cargo-vendor-filterer
+	branch = leap-16.0
+[submodule "ghc-file-io"]
+	path = ghc-file-io
+	url = ../../pool/ghc-file-io
+	branch = leap-16.0
+[submodule "perl-Perl-Critic-TooMuchCode"]
+	path = perl-Perl-Critic-TooMuchCode
+	url = ../../pool/perl-Perl-Critic-TooMuchCode
+	branch = leap-16.0
+[submodule "nemo-extensions"]
+	path = nemo-extensions
+	url = ../../pool/nemo-extensions
+	branch = leap-16.0
+[submodule "nextcloud-desktop"]
+	path = nextcloud-desktop
+	url = ../../pool/nextcloud-desktop
+	branch = leap-16.0
+[submodule "hplip"]
+	path = hplip
+	url = ../../pool/hplip
+	branch = leap-16.0
+[submodule "libsigrok"]
+	path = libsigrok
+	url = ../../pool/libsigrok
+	branch = leap-16.0
+[submodule "collectd"]
+	path = collectd
+	url = ../../pool/collectd
+	branch = leap-16.0
+[submodule "obs-git-init"]
+	path = obs-git-init
+	url = ../../pool/obs-git-init
+	branch = leap-16.0
+[submodule "python-WTForms"]
+	path = python-WTForms
+	url = ../../pool/python-WTForms
+	branch = leap-16.0
+[submodule "python-Flask-WTF"]
+	path = python-Flask-WTF
+	url = ../../pool/python-Flask-WTF
+	branch = leap-16.0
+[submodule "python-Flask-RESTful"]
+	path = python-Flask-RESTful
+	url = ../../pool/python-Flask-RESTful
+	branch = leap-16.0
+[submodule "python-Flask-HTTPAuth"]
+	path = python-Flask-HTTPAuth
+	url = ../../pool/python-Flask-HTTPAuth
+	branch = leap-16.0
+[submodule "python-Flask-Babel"]
+	path = python-Flask-Babel
+	url = ../../pool/python-Flask-Babel
+	branch = leap-16.0
+[submodule "python-aniso8601"]
+	path = python-aniso8601
+	url = ../../pool/python-aniso8601
+	branch = leap-16.0
+[submodule "gnuhealth-thalamus"]
+	path = gnuhealth-thalamus
+	url = ../../pool/gnuhealth-thalamus
+	branch = leap-16.0
+[submodule "perl-MCP"]
+	path = perl-MCP
+	url = ../../pool/perl-MCP
+	branch = leap-16.0
+[submodule "fprintd"]
+	path = fprintd
+	url = ../../pool/fprintd
+	branch = leap-16.0
+[submodule "python-acme"]
+	path = python-acme
+	url = ../../pool/python-acme
+	branch = leap-16.0
+[submodule "python-certbot"]
+	path = python-certbot
+	url = ../../pool/python-certbot
+	branch = leap-16.0
+[submodule "python-certbot-nginx"]
+	path = python-certbot-nginx
+	url = ../../pool/python-certbot-nginx
+	branch = leap-16.0
+[submodule "python-ConfigArgParse"]
+	path = python-ConfigArgParse
+	url = ../../pool/python-ConfigArgParse
+	branch = leap-16.0
+[submodule "python-josepy"]
+	path = python-josepy
+	url = ../../pool/python-josepy
+	branch = leap-16.0
+[submodule "python-pyRFC3339"]
+	path = python-pyRFC3339
+	url = ../../pool/python-pyRFC3339
+	branch = leap-16.0
+[submodule "openQA-devel-container"]
+	path = openQA-devel-container
+	url =  ../../pool/openQA-devel-container
+	branch = leap-16.0

0Backports/Backports.changes

@@ -1,3 +1,175 @@
+-------------------------------------------------------------------
+Mon Jan  5 10:38:32 UTC 2026 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, remove xen related packages (bsc#1253226)
+      xen-tools-xendomains-wait-disk
+
+-------------------------------------------------------------------
+Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, not needed 
+    micro patterns that are coming from SLES
+      patterns-micro-alt_onlyDVD                               
+      patterns-micro-cloud                                     
+      patterns-micro-defaults                                  
+      patterns-micro-fips                                      
+      patterns-micro-hardware                                  
+      patterns-micro-ima-evm                                   
+      patterns-micro-kvm_host                                  
+      patterns-micro-onlyDVD                                   
+      patterns-micro-ra-agent                                  
+      patterns-micro-ra-verifier                               
+      patterns-micro-salt_minion                               
+      patterns-micro-sssd-ldap            
+
+-------------------------------------------------------------------
+Mon Oct  6 14:49:27 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, remove more uninstallables
+      aws-cli
+      NetworkManager-branding-upstream
+      sdbootutil-tukit
+      toolbox-branding-SLE-16.0 
+
+-------------------------------------------------------------------
+Mon Oct  6 13:24:32 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, cleanup more unneeded 32bit packages
+      at-spi2-core-devel-32bit
+      libcups2-32bit
+      libcurl-devel-32bit
+      libdns_sd-32bit
+      libpcap-devel-32bit
+      libraptor2-0-32bit
+      libtss2-fapi1-32bit
+
+-------------------------------------------------------------------
+Thu Oct  2 15:07:44 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded since not needed patterns
+      patterns-base-transactional_base
+      patterns-micro-elemental_client
+      patterns-sap-bone
+
+-------------------------------------------------------------------
+Fri Sep 26 16:48:57 UTC 2025 - Nathan Cutler <ncutler@suse.com>
+
+- Backports.productcompose
+  + sync with current state of SLES-16.0 (GM)
+
+-------------------------------------------------------------------
+Wed Sep 24 10:49:29 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded since busybox modules conflict with
+    SLES system packages
+      busybox-adduser
+      busybox-attr
+      busybox-bc
+      busybox-bind-utils
+      busybox-bzip2
+      busybox-coreutils
+      busybox-cpio
+      busybox-diffutils
+      busybox-dos2unix
+      busybox-ed
+      busybox-findutils
+      busybox-gawk
+      busybox-grep
+      busybox-gzip
+      busybox-hexedit
+      busybox-hostname
+      busybox-iproute2
+      busybox-iputils
+      busybox-kbd
+      busybox-kmod
+      busybox-less
+      busybox-links
+      busybox-man
+      busybox-misc
+      busybox-ncurses-utils
+      busybox-net-tools
+      busybox-netcat
+      busybox-patch
+      busybox-policycoreutils
+      busybox-procps
+      busybox-psmisc
+      busybox-sed
+      busybox-selinux-tools
+      busybox-sendmail
+      busybox-sh
+      busybox-sha3sum
+      busybox-sharutils
+      busybox-syslogd
+      busybox-sysvinit-tools
+      busybox-tar
+      busybox-telnet
+      busybox-testsuite
+      busybox-tftp
+      busybox-time
+      busybox-traceroute
+      busybox-tunctl
+      busybox-udhcpc
+      busybox-unzip
+      busybox-util-linux
+      busybox-vi
+      busybox-vlan
+      busybox-wget
+      busybox-which
+      busybox-whois
+      busybox-xz
+  + add to backports_unneeded since kernels are not allowed (bsc#1250340)
+      kernel-azure-livepatch-devel
+      kernel-default-livepatch-devel
+      kernel-livepatch-6_12_0-160000_4-default
+      kernel-livepatch-6_12_0-160000_5-default
+      kernel-livepatch-6_12_0-160000_4-rt
+      kernel-livepatch-6_12_0-160000_5-rt
+      kernel-rt-livepatch
+      kernel-rt-livepatch-devel
+      patterns-base-kernel_livepatching
+  + add to backports_unneeded
+      chrony-pool-openSUSE (conflicts with chrony-pool-suse from SLES)
+      connman-nmcompat (conflicts with NetworkManager from SLES)
+      debuginfod-dummy-client (conflicts with debuginfod-client from SLES)
+      ecryptfs-utils (needs ecryptfs.ko, not provided)
+      elemental (requires systemd-presets-branding-Elemental, not provided)
+      geoipupdate-legacy (requires geolite2legacy, not provided)
+      gio-branding-upstream (conflicts with gio-branding from SLES)
+      libdebuginfod1-dummy (conflicts with libdebuginfod from SLES from SLES)
+      libdebuginfod-dummy-devel (requires libdebuginfod1-dummy, not provided)
+      MozillaFirefox-branding-upstream (conflicts with MozillaFirefox-branding-SLE from SLES)
+      ntpd-rs (conflicts with chrony from SLES)
+      ntpsec (conflicts with chrony from SLES)
+      ntpsec-utils (needs ntpsec)
+      plymouth-branding-upstream (conflicts with plymouth-branding-SLE from SLES)
+      systemd-default-settings-branding-openSUSE (conflicts with systemd-default-settings-branding-SLE from SLES)
+      systemd-default-settings-branding-SLE-Micro (conflicts with systemd-default-settings-branding-SLE from SLES)
+      systemd-default-settings-branding-upstream (conflicts with systemd-default-settings-branding-SLE from SLES)
+      systemd-presets-branding-ALP-transactional (conflicts with systemd-presets-branding-SLE from SLES)
+      systemd-presets-branding-Elemental (conflicts with systemd-presets-branding-SLE from SLES)
+      yum-utils (conflicts with zypper-needs-restarting from SLES)
+  + add to backports_unneeded since 32bit packages are not needed
+      dbus-1-devel-32bit
+      libatk-bridge-2_0-0-32bit
+      libatspi0-32bit
+      libavahi-client3-32bit
+      libcurl4-32bit
+      libdbus-glib-1-2-32bit
+      libdc1394-26-32bit
+      libgusb2-32bit
+      libmanette-0_2-0-32bit
+      libpcap1-32bit
+      libpolkit-agent-1-0-32bit
+      libpq5-32bit
+      libusb-1_0-devel-32bit
+      libwacom9-32bit
+
 -------------------------------------------------------------------
 Tue Sep  2 16:40:20 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
@@ -86,7 +258,7 @@ Thu Aug 21 12:23:55 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 Wed Aug 20 12:02:06 UTC 2025 - Adrian Schröter <adrian@suse.de>
 
 - Backports.productcompose:
-  + prepare some settings for maintenance. 
+  + prepare some settings for maintenance.
     but not enabling it yet
 
 -------------------------------------------------------------------
@@ -153,7 +325,7 @@ Mon Jul 28 18:16:57 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 - Backports.productcompose:
   + add to backports_unneeded (bsc#1247203)
       ALP
-      ALP-dummy-release 
+      ALP-dummy-release
 
 -------------------------------------------------------------------
 Sun Jul 27 14:35:46 UTC 2025 - Nathan Cutler <ncutler@suse.com>
@@ -174,7 +346,7 @@ Fri Jul  4 08:06:42 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - Backports.productcompose:
   + add a bunch of "-mini" packages to the exclude list. These
-    packages are only needed for building. 
+    packages are only needed for building.
   + sync with current state of SLES-16.0 (pre-RC2)
 
 -------------------------------------------------------------------
@@ -190,7 +362,7 @@ Fri May 30 08:11:48 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - Backports.productcompose:
   + fix the build again by excluding the following packages:
-      libopenssl3-32bit 
+      libopenssl3-32bit
       libopenssl-3-devel-32bit
       libopenssl-3-fips-provider-32bit
 
@@ -198,29 +370,29 @@ Fri May 30 08:11:48 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 Thu May 29 12:55:41 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - Backports.productcompose:
-  + sync with current state of SLES-16.0 
+  + sync with current state of SLES-16.0
 
 -------------------------------------------------------------------
 Wed May  7 08:21:19 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - rename default.productcompose to Backports.productcompose
   (we can do this because we are not using pkglistgen, which
-  hardcodes "default.productcompose") 
+  hardcodes "default.productcompose")
 
 -------------------------------------------------------------------
 Tue May  6 14:38:05 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - default.productcompose:
   + fix the x86_64 build again by adding a large number of foo-32bit
-    packages to backports_unneeded_x86_64 
+    packages to backports_unneeded_x86_64
 
 -------------------------------------------------------------------
 Wed Apr 30 09:19:49 UTC 2025 - Nathan Cutler <ncutler@suse.com>
 
 - supportstatus.txt
-  + drop this file because it is needed only when using pkglistgen 
+  + drop this file because it is needed only when using pkglistgen
 - unneeded.yml
-  + drop this file because it is needed only when using pkglistgen 
+  + drop this file because it is needed only when using pkglistgen
 
 -------------------------------------------------------------------
 Thu Apr 24 10:33:13 UTC 2025 - Nathan Cutler <ncutler@suse.com>

0Backports/Backports.productcompose

@@ -14,7 +14,7 @@ scc:
 
 build_options:
 ### For maintenance, otherwise only "the best" version of each package is picked:
-# - take_all_available_versions
+- take_all_available_versions
 - hide_flavor_in_product_directory_name
 
 ### Since the Backports product build is not self-contained in a single repository,
@@ -32,8 +32,8 @@ debug: split
 repodata: all
 
 # has only an effect during maintenance:
-set_updateinfo_from: maint-coord@suse.de
-# set_updateinfo_id_prefix: openSUSE-Leap-16.0-
+set_updateinfo_from: maintenance@opensuse.org
+set_updateinfo_id_prefix: SUSE-PackageHub-16.0-
 
 flavors:
   backports_aarch64:
@@ -57,14 +57,78 @@ packagesets:
   packages:
   - ALP
   - ALP-dummy-release
+  - MozillaFirefox-branding-upstream
+  - NetworkManager-branding-upstream
+  - at-spi2-core-devel-32bit
+  - aws-cli
   - bash-legacybin
+  - busybox-adduser
+  - busybox-attr
+  - busybox-bc
+  - busybox-bind-utils
+  - busybox-bzip2
+  - busybox-coreutils
+  - busybox-cpio
+  - busybox-diffutils
+  - busybox-dos2unix
+  - busybox-ed
+  - busybox-findutils
+  - busybox-gawk
+  - busybox-grep
+  - busybox-gzip
+  - busybox-hexedit
+  - busybox-hostname
+  - busybox-iproute2
+  - busybox-iputils
+  - busybox-kbd
+  - busybox-kmod
+  - busybox-less
+  - busybox-links
+  - busybox-man
+  - busybox-misc
+  - busybox-ncurses-utils
+  - busybox-net-tools
+  - busybox-netcat
+  - busybox-patch
+  - busybox-policycoreutils
+  - busybox-procps
+  - busybox-psmisc
+  - busybox-sed
+  - busybox-selinux-tools
+  - busybox-sendmail
+  - busybox-sh
+  - busybox-sha3sum
+  - busybox-sharutils
+  - busybox-syslogd
+  - busybox-sysvinit-tools
+  - busybox-tar
+  - busybox-telnet
+  - busybox-testsuite
+  - busybox-tftp
+  - busybox-time
+  - busybox-traceroute
+  - busybox-tunctl
+  - busybox-udhcpc
+  - busybox-unzip
+  - busybox-util-linux
+  - busybox-vi
+  - busybox-vlan
+  - busybox-wget
   - busybox-which
+  - busybox-whois
+  - busybox-xz
   - ceph-mgr-diskprediction-local
+  - chrony-pool-openSUSE
   - cluster-md-kmp-azure
   - cluster-md-kmp-rt
+  - connman-nmcompat
   - cmake-mini
+  - dbus-1-devel-32bit
+  - debuginfod-dummy-client
   - dlm-kmp-azure
   - dlm-kmp-rt
+  - ecryptfs-utils
+  - elemental
   - envsubst-mini
   - ffmpeg-7-mini-libs
   - gettext-runtime-mini
@@ -73,39 +137,94 @@ packagesets:
   - gfs2-kmp-rt
   - ghostscript-mini
   - ghostscript-mini-devel
+  - geoipupdate-legacy
   - geolite2legacy
+  - gio-branding-upstream
   - grpc-source
+  - kernel-azure-livepatch-devel
+  - kernel-default-livepatch-devel
+  - kernel-livepatch-6_12_0-160000_4-default
+  - kernel-livepatch-6_12_0-160000_4-rt
+  - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_5-rt
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_6-rt
+  - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_7-rt
+  - kernel-rt-livepatch
+  - kernel-rt-livepatch-devel
   - krb5-mini
   - krb5-mini-devel
   - kselftests-kmp-azure
   - kselftests-kmp-default
   - kselftests-kmp-rt
   - leancrypto-kmp-default
-#  - libcups2-32bit
+  - libatk-bridge-2_0-0-32bit
+  - libatspi0-32bit
+  - libavahi-client3-32bit
+  - libcups2-32bit
   - libcurl-mini4
+  - libcurl4-32bit
+  - libcurl-devel-32bit
   - libdbus-1-3-32bit
+  - libdbus-glib-1-2-32bit
+  - libdc1394-26-32bit
+  - libdns_sd-32bit
+  - libdebuginfod-dummy-devel
+  - libdebuginfod1-dummy
   - libdvbv5-0-32bit
   - libgudev-1_0-0-32bit
+  - libgusb2-32bit
   - libinput10-32bit
   - liblirc_driver0-32bit
+  - libmanette-0_2-0-32bit
+  - libpcap1-32bit
+  - libpcap-devel-32bit
+  - libpolkit-agent-1-0-32bit
   - libpolkit-gobject-1-0-32bit
+  - libpq5-32bit
   - libpxbackend-1_0-mini
+  - libraptor2-0-32bit
   - libressl
   - libressl-devel
   - libressl-devel-doc
 #  - libsybdb5-32bit
   - libsystemd0-mini
 #  - libtdsodbc0-32bit
+  - libtss2-fapi1-32bit
   - libudev-mini1
   - libunbound-devel-mini
   - libusb-1_0-0-32bit
+  - libusb-1_0-devel-32bit
+  - libwacom9-32bit
 #  - libzip5-32bit
+  - ntpd-rs
+  - ntpsec
+  - ntpsec-utils
   - ocfs2-kmp-azure
   - ocfs2-kmp-default
   - ocfs2-kmp-rt
   - openssl_tpm2
   - pam-extra-32bit
+  - patterns-base-kernel_livepatching
+  - patterns-base-transactional_base
+  - patterns-micro-alt_onlyDVD
+  - patterns-micro-cloud
+  - patterns-micro-defaults
+  - patterns-micro-elemental_client
+  - patterns-micro-defaults
+  - patterns-micro-fips
+  - patterns-micro-hardware
+  - patterns-micro-ima-evm
+  - patterns-micro-kvm_host
+  - patterns-micro-onlyDVD
+  - patterns-micro-ra-agent
+  - patterns-micro-ra-verifier
+  - patterns-micro-salt_minion
+  - patterns-micro-sssd-ldap
+  - patterns-sap-bone
   - patterns-base-update_test
+  - plymouth-branding-upstream
   - postgresql17-devel-mini
   - protobuf21-source
   - reproducible-faketools
@@ -131,12 +250,19 @@ packagesets:
   - reproducible-faketools-tar
   - reproducible-faketools-verbose
   - reproducible-faketools-zip
+  - sdbootutil-tukit
   - sddm-branding-openSUSE
   - sddm-qt6-branding-openSUSE
+  - systemd-default-settings-branding-openSUSE
+  - systemd-default-settings-branding-SLE-Micro
+  - systemd-default-settings-branding-upstream
+  - systemd-presets-branding-ALP-transactional
+  - systemd-presets-branding-Elemental
   - systemd-mini
   - systemd-mini-container
   - systemd-mini-devel
   - this-is-only-for-build-envs
+  - toolbox-branding-SLE-16.0
   - udev-mini
   - update-test-32bit-pkg
   - update-test-affects-package-manager
@@ -149,6 +275,14 @@ packagesets:
   - update-test-retracted
   - update-test-security
   - update-test-trivial
+  - xen
+  - xen-devel
+  - xen-libs
+  - xen-doc-html
+  - xen-tools
+  - xen-tools-domU
+  - xen-tools-xendomains-wait-disk
+  - yum-utils
 
 # TODO: unneeded Leap package per architecture
 - name: backports_unneeded_aarch64
@@ -568,6 +702,9 @@ packagesets:
   - cargo-packaging
   - cargo1.87
   - cargo1.88
+  - cargo1.89
+  - cargo1.90
+  - cargo1.91
   - catatonit
   - cblas-devel
   - cblas-devel-static
@@ -1263,22 +1400,18 @@ packagesets:
   - go-doc
   - go-md2man
   - go-race
-  - go1.23
-  - go1.23-doc
-  - go1.23-openssl
-  - go1.23-openssl-doc
-  - go1.23-openssl-race
-  - go1.23-race
   - go1.24
   - go1.24-doc
   - go1.24-openssl
   - go1.24-openssl-race
   - go1.24-race
+  - go1.25
+  - go1.25-doc
+  - go1.25-race
   - gobject-introspection
   - gobject-introspection-devel
   - golang-github-cpuguy83-go-md2man
   - golang-github-google-jsonnet
-  - golang-github-prometheus-prometheus
   - golang-github-prometheus-promu
   - golang-packaging
   - google-errorprone-annotation
@@ -1688,11 +1821,13 @@ packagesets:
   - ibus-gtk3
   - ibus-gtk4
   - ibus-hangul
+  - ibus-kkc
   - ibus-lang
   - ibus-libpinyin
   - ibus-libzhuyin
   - ibus-m17n
   - ibus-rime
+  - ibus-skk
   - ibus-table
   - ibus-table-chinese-array
   - ibus-table-chinese-cangjie
@@ -1708,6 +1843,7 @@ packagesets:
   - ibus-table-chinese-wubi-jidian
   - ibus-table-chinese-yong
   - ibus-table-extraphrase
+  - ibus-unikey
   - ibutils
   - icu
   - icu4j
@@ -1791,6 +1927,27 @@ packagesets:
   - java-21-openjdk-javadoc
   - java-21-openjdk-jmods
   - java-21-openjdk-src
+  - java-22-openjdk
+  - java-22-openjdk-demo
+  - java-22-openjdk-devel
+  - java-22-openjdk-headless
+  - java-22-openjdk-javadoc
+  - java-22-openjdk-jmods
+  - java-22-openjdk-src
+  - java-23-openjdk
+  - java-23-openjdk-demo
+  - java-23-openjdk-devel
+  - java-23-openjdk-headless
+  - java-23-openjdk-javadoc
+  - java-23-openjdk-jmods
+  - java-23-openjdk-src
+  - java-24-openjdk
+  - java-24-openjdk-demo
+  - java-24-openjdk-devel
+  - java-24-openjdk-headless
+  - java-24-openjdk-javadoc
+  - java-24-openjdk-jmods
+  - java-24-openjdk-src
   - java-cup
   - java-cup-manual
   - javacc
@@ -1831,6 +1988,7 @@ packagesets:
   - jdom-javadoc
   - jdom2
   - jdom2-javadoc
+  - jdupes
   - jeos-firstboot
   - jetbrains-annotations
   - jetbrains-annotations-javadoc
@@ -1991,6 +2149,7 @@ packagesets:
   - kiwi-systemdeps-image-validation
   - kiwi-systemdeps-iso-media
   - kiwi-templates-Minimal
+  - kkc-data
   - kmod
   - kpartx
   - krb5
@@ -2571,6 +2730,7 @@ packagesets:
   - libcupsimage2
   - libcurl-devel
   - libcurl-devel-doc
+  - libcurl-mini4
   - libcurl4
   - libdaemon-devel
   - libdaemon0
@@ -3052,6 +3212,7 @@ packagesets:
   - libjcat1
   - libjemalloc2
   - libjitterentropy3
+  - libjodycode3
   - libjpeg-turbo
   - libjpeg62
   - libjpeg62-devel
@@ -3102,6 +3263,7 @@ packagesets:
   - libkeymap1
   - libkeyutils1
   - libkfont0
+  - libkkc2
   - libkmip-devel
   - libkmip-tools
   - libkmip0
@@ -3142,9 +3304,8 @@ packagesets:
   - liblcms2-2
   - liblcms2-devel
   - liblcms2-doc
-  - libldap-2_5-0
+  - libldap-2
   - libldap-data
-  - libldap2
   - libldapcpp-devel
   - libldapcpp0
   - libldb-devel
@@ -3250,6 +3411,7 @@ packagesets:
   - libmpfr6
   - libmpg123-0
   - libmplex2-2_2-0
+  - libmsgpack-c2
   - libmsgraph1-1
   - libmspack-devel
   - libmspack0
@@ -3589,6 +3751,7 @@ packagesets:
   - libsigc++3-devel
   - libsigc-2_0-0
   - libsigc-3_0-0
+  - libskk0
   - libslang2
   - libslirp-devel
   - libslirp0
@@ -4033,6 +4196,7 @@ packagesets:
   - libzypp-devel
   - libzypp-devel-doc
   - libzypp-plugin-appdata
+  - lifecycle-data-sle
   - lilv
   - linux-atm
   - linux-atm-devel
@@ -4223,6 +4387,7 @@ packagesets:
   - maven-wagon-ssh-common
   - maven-wagon-ssh-external
   - mbimcli-bash-completion
+  - mcphost
   - mcstrans
   - md_monitor
   - mdadm
@@ -4563,13 +4728,9 @@ packagesets:
   - openjpeg2
   - openjpeg2-devel
   - openjpeg2-devel-doc
-  - openldap2-client
-  - openldap2-devel
-  - openldap2-devel-static
-  - openldap2-doc
-  - openldap2_5-client
-  - openldap2_5-devel
-  - openldap2_5-doc
+  - openldap2_6-client
+  - openldap2_6-devel
+  - openldap2_6-doc
   - openmpi4
   - openmpi4-config
   - openmpi4-devel
@@ -5114,6 +5275,7 @@ packagesets:
   - permissions-zypp-plugin
   - pesign-obs-integration
   - pgvector-devel
+  - php-composer2
   - php8
   - php8-bcmath
   - php8-bz2
@@ -5294,7 +5456,6 @@ packagesets:
   - postgresql-docs
   - postgresql-jdbc
   - postgresql-jdbc-javadoc
-  - postgresql-llvmjit
   - postgresql-plperl
   - postgresql-plpython
   - postgresql-pltcl
@@ -5304,7 +5465,6 @@ packagesets:
   - postgresql13-contrib
   - postgresql13-devel
   - postgresql13-docs
-  - postgresql13-llvmjit
   - postgresql13-pgaudit
   - postgresql13-pgvector
   - postgresql13-plperl
@@ -5316,7 +5476,6 @@ packagesets:
   - postgresql14-contrib
   - postgresql14-devel
   - postgresql14-docs
-  - postgresql14-llvmjit
   - postgresql14-pgaudit
   - postgresql14-pgvector
   - postgresql14-plperl
@@ -5328,7 +5487,6 @@ packagesets:
   - postgresql15-contrib
   - postgresql15-devel
   - postgresql15-docs
-  - postgresql15-llvmjit
   - postgresql15-pgaudit
   - postgresql15-pgvector
   - postgresql15-plperl
@@ -5340,7 +5498,6 @@ packagesets:
   - postgresql16-contrib
   - postgresql16-devel
   - postgresql16-docs
-  - postgresql16-llvmjit
   - postgresql16-pgaudit
   - postgresql16-pgvector
   - postgresql16-plperl
@@ -5352,7 +5509,6 @@ packagesets:
   - postgresql17-contrib
   - postgresql17-devel
   - postgresql17-docs
-  - postgresql17-llvmjit
   - postgresql17-pgaudit
   - postgresql17-pgvector
   - postgresql17-plperl
@@ -6643,6 +6799,9 @@ packagesets:
   - rhino-engine
   - rhino-javadoc
   - rhino-runtime
+  - rmt-server
+  - rmt-server-config
+  - rmt-server-pubcloud
   - rollback-helper
   - rootlesskit
   - rp-pppoe
@@ -6699,6 +6858,9 @@ packagesets:
   - rust-keylime
   - rust1.87
   - rust1.88
+  - rust1.89
+  - rust1.90
+  - rust1.91
   - samba
   - samba-ad-dc
   - samba-ad-dc-libs
@@ -6716,6 +6878,7 @@ packagesets:
   - samba-tool
   - samba-winbind
   - samba-winbind-libs
+  - sap-convergent-resource-agents
   - sap-suse-cluster-connector
   - sapcontrol-bash-completion
   - saphana-checks
@@ -6736,6 +6899,7 @@ packagesets:
   - sca-patterns-sle12
   - sca-patterns-sle15
   - sca-server-report
+  - scap-security-guide
   - sccache
   - schily-ctags
   - schily-mt
@@ -6786,6 +6950,8 @@ packagesets:
   - sisu-mojos
   - sisu-mojos-javadoc
   - sisu-plexus
+  - skkdic
+  - skkdic-extra
   - skopeo
   - skopeo-bash-completion
   - skopeo-fish-completion
@@ -6923,7 +7089,6 @@ packagesets:
   - system-user-news
   - system-user-nobody
   - system-user-ntp
-  - system-user-prometheus
   - system-user-pulse
   - system-user-qemu
   - system-user-root
@@ -7621,8 +7786,8 @@ packagesets:
   - fwts
   - fwupd-efi
   - gfs2-kmp-64kb
-  - go1.23-libstd
   - go1.24-libstd
+  - go1.25-libstd
   - google-cloud-sap-agent
   - google-dracut-config
   - google-guest-agent
@@ -7762,7 +7927,6 @@ packagesets:
   - shim
   - supportutils-plugin-suse-public-cloud
   - system-group-ne
-  - systemd-boot
   - tftpboot-agama-installer-SUSE_SLE_16-aarch64
   - u-boot-rpi3
   - u-boot-rpi3-doc
@@ -7798,7 +7962,9 @@ packagesets:
   - kernel-default-livepatch
   - kernel-kvmsmall
   - kernel-kvmsmall-devel
-  - kernel-livepatch-6_12_0-160000_20-default
+  - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - libLLVMSPIRVLib19
   - libatopology2
   - libdpdk-25
@@ -7909,7 +8075,9 @@ packagesets:
   - dnsdist
   - grub2-s390x-emu
   - kernel-default-livepatch
-  - kernel-livepatch-6_12_0-160000_20-default
+  - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - kernel-zfcpdump
   - kiwi-settings
   - libHBAAPI2
@@ -7930,8 +8098,6 @@ packagesets:
   - luajit
   - luajit-devel
   - openssl-ibmca
-  - openssl-ibmca-engine
-  - openssl-ibmca-provider
   - orarun
   - osasnmpd
   - pam-doc
@@ -7985,7 +8151,6 @@ packagesets:
   - cloud-regionsrv-client-plugin-azure
   - cloud-regionsrv-client-plugin-ec2
   - cloud-regionsrv-client-plugin-gce
-  - containerized-data-importer-manifests
   - crash-gcore
   - disk-encryption-tool
   - dmidecode
@@ -8014,8 +8179,8 @@ packagesets:
   - gfxboot-devel
   - glibc-livepatches
   - gmmlib-devel
-  - go1.23-libstd
   - go1.24-libstd
+  - go1.25-libstd
   - google-cloud-sap-agent
   - google-dracut-config
   - google-guest-agent
@@ -8051,9 +8216,10 @@ packagesets:
   - kernel-kvmsmall
   - kernel-kvmsmall-devel
   - kernel-kvmsmall-vdso
-  - kernel-livepatch-6_12_0-160000_20-default
+  - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - kiwi-pxeboot
-  - kubevirt-manifests
   - kubevirt-virtctl
   - libFLAC++10-x86-64-v3
   - libFLAC12-x86-64-v3
@@ -8322,7 +8488,6 @@ packagesets:
   - sysctl-logger
   - syslinux
   - system-group-ne
-  - systemd-boot
   - systemd-presets-branding-SLE-SAP
   - tboot
   - tftpboot-agama-installer-SUSE_SLE_16-x86_64

README.md

@@ -1,4 +1,5 @@
-
+## [openSUSE:Backports:SLE-16.0](https://build.opensuse.org/project/show/openSUSE:Backports:SLE-16.0)
+ 
 Adding packages from Factory pool:
 
  # git submodule add ../../pool/FreeCAD FreeCAD

_maintainership.json

@@ -1,3 +1,3 @@
 {
-    "": ["bigironman", "maxlin_factory", "lkocman-factory", "smithfarm"]
+    "": ["maintenance-release-review"]
 }

patchinfo.20251010110535882810.90520734224245/_patchinfo

@@ -0,0 +1,66 @@
+<patchinfo incident="packagehub-1">
+  <issue tracker="bnc" id="1251334">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11213">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11216">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11207">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11211">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11212">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11210">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250780">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11208">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10890">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11206">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11460">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11219">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250472">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11205">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10891">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11458"/>
+  <issue tracker="cve" id="2025-11215">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11209">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10892">VUL-0: chromium: release 140.0.7339.207</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.76:
+
+  * Do not send URLs as AIM input. This is to resolve a privacy
+    concern, around passing urls to AI Mode.
+
+Chromium 141.0.7390.65 (boo#1251334):
+
+  * CVE-2025-11458: Heap buffer overflow in Sync
+  * CVE-2025-11460: Use after free in Storage
+  * CVE-2025-11211: Out of bounds read in WebCodecs
+
+Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
+
+  * CVE-2025-11205: Heap buffer overflow in WebGPU
+  * CVE-2025-11206: Heap buffer overflow in Video
+  * CVE-2025-11207: Side-channel information leakage in Storage
+  * CVE-2025-11208: Inappropriate implementation in Media
+  * CVE-2025-11209: Inappropriate implementation in Omnibox
+  * CVE-2025-11210: Side-channel information leakage in Tab
+  * CVE-2025-11211: Out of bounds read in Media
+  * CVE-2025-11212: Inappropriate implementation in Media
+  * CVE-2025-11213: Inappropriate implementation in Omnibox
+  * CVE-2025-11215: Off by one error in V8
+  * CVE-2025-11216: Inappropriate implementation in Storage
+  * CVE-2025-11219: Use after free in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
+Chromium 141.0.7390.37 (beta released 2025-09-24)
+
+Chromium 140.0.7339.207 (boo#1250472)
+
+  * CVE-2025-10890: Side-channel information leakage in V8
+  * CVE-2025-10891: Integer overflow in V8
+  * CVE-2025-10892: Integer overflow in V8
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251015125625066283.90520734224245/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-3">
+  <issue tracker="bnc" id="1252013">VUL-0: CVE-2025-11756: chromium: Use after free in Safe Browsing</issue>
+  <issue tracker="cve" id="2025-11756"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.107:
+
+* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251016111300220521.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-11">
+  <issue tracker="bnc" id="1250487">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59682">VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()</issue>
+  <issue tracker="cve" id="2025-59681"/>
+  <issue tracker="bnc" id="1250485">VUL-0: CVE-2025-59681: python-Django,python-Django4: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB</issue>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485)
+- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487)
+</description>
+  <package>python-Django</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085122907353.93181000773252/_patchinfo

@@ -0,0 +1,103 @@
+<patchinfo incident="packagehub-4">
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for opi</summary>
+  <description>This update for opi fixes the following issues:
+
+- Version 5.8.8
+  * Fix adding openh264 repo on leap 16.0
+
+This update for opi fixes the following issues:
+
+- Version 5.8.7
+  * Fix ocenaudio url
+  * Add LocalSend plugin
+  * Run all tests in verbose mode
+  * Print written repo files in verbose mode
+  * Increase timeouts in test/06_install_non_interactive.py
+  * Remove DNF references from README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.8.5
+  * add librewolf plugin (#205)
+  * Install .NET 9
+  * Add verbose mode
+  * Change the order of the process in the github module
+  * Add rustdesk plugin
+
+This update for opi fixes the following issues:
+
+- Version 5.8.4
+  * Use arm64 rpm for libation on aarch64
+
+This update for opi fixes the following issues:
+
+- Version 5.8.3
+  * Install dependencies rpm-build and squashfs at runtime if needed
+  * Drop DNF support
+
+This update for opi fixes the following issues:
+
+- Version 5.8.2
+  * Warn about adding staging repos
+  * Gracefully handle zypper exit code 106 (repos without cache present)
+
+This update for opi fixes the following issues:
+
+- Version 5.8.1
+  * Fix SyntaxWarning: invalid escape sequence '\s'
+
+This update for opi fixes the following issues:
+
+- Version 5.8.0
+  * Add mullvad-brower
+
+This update for opi fixes the following issues:
+
+- Version 5.7.0
+  * Add leap-only plugin to install zellij from github release
+  * Don't use subprocess.run user kwarg on 15.6
+  * Fix tests: Use helloworld-opi-tests instead of zfs
+  * Perform search despite locked rpmdb
+  * Simplify backend code
+
+This update for opi fixes the following issues:
+
+- Use no macros in url in .spec for packtrack
+
+This update for opi fixes the following issues:
+
+- Version 5.6.0
+  * Add plugin to install vagrant from hashicorp repo
+
+This update for opi fixes the following issues:
+
+- Version 5.5.0
+  * Update opi/plugins/collabora.py
+  * add collabora office desktop
+  * Omit unsupported cli args on leap in 99_install_opi.py
+  * Switch to PEP517 install
+  * Fix 09_install_with_multi_repos_in_single_file_non_interactive.py
+  * Fix 07_install_multiple.py on tumbleweed
+  * Fix test suite on tumbleweed
+  * Update available apps in opi - README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.4.0
+  * Show key ID when importing or deleting package signing keys
+  * Add option to install google-chrome-canary
+
+This update for opi fixes the following issues:
+
+- Version 5.3.0
+  * Fix tests for new zypper version
+  * fix doblue slash in packman repo url
+  * Add Plugin to install Libation
+
+</description>
+  <package>opi</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085327031166.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo incident="packagehub-5">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for virtme</summary>
+  <description>This update for virtme fixes the following issues:
+
+- Update to 1.38:
+  * Fix the infamous Stale file handle (ESTALE) errors with virtiofsd
+  * Fix for systemctl daemon-reload when systemd support is enabled
+  * Fix for a kernel symlink issue affecting openSUSE/SLE
+  * README/docs improvements
+  * Various coding style cleanups
+</description>
+  <package>virtme</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251020125830692820.93181000773252/_patchinfo

@@ -0,0 +1,55 @@
+<patchinfo incident="packagehub-6">
+  <issue tracker="bnc" id="1206292">[SELinux] Wine/Proton not working reliably with default SELinux configuration</issue>
+  <packager>regularhunter</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for lutris</summary>
+  <description>This update for lutris fixes the following issues:
+
+- Move selinux dependency
+
+- Fix gaming under selinux (bsc#1206292)
+
+- Fix wrong placement of lang_package macro in spec file
+
+- Update to 0.5.19:
+  * Fix Proton integration bugs so Proton-fixes are applied
+  * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions;
+    Proton will handle these.
+  * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton
+  * DXVK's integrated D8VK will be enabled in Proton
+  * Emulator BIOS file location (used by libretro) may be set in Preferences
+  * Obtain the release year from GOG and Itch.io.
+  * MAME Machine setting uses a searchable entry for its enourmous list
+  * Support for importing Commodore 64 ROMs
+
+- Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for
+  Leap, fix for build error: directories not owned by a package:
+  /etc/apparmor.d
+
+- update to 0.5.18:
+  * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed
+  * Use dark theme by default
+  * Display cover-art rather than banners by default
+  * Add 'Uncategorized' view to sidebar
+  * Preference options that do not work on Wayland will be hidden when on Wayland
+  * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip
+  * A new filter button on the search box can build many of these fancy tags for you
+  * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything
+  * Updated the Flathub and Amazon source to new APIs, restoring integration
+  * Itch.io source integration will load a collection named 'Lutris' if present
+  * GOG and Itch.io sources can now offer Linux and Windows installers for the same game
+  * Added support for the 'foot' terminal
+  * Support for DirectX 8 in DXVK v2.4
+  * Support for Ayatana Application Indicators
+  * Additional options for Ruffle runner
+  * Updated download links for the Atari800 and MicroM8 runners
+  * No longer re-download cached installation files even when some are missing
+  * Lutris log is included in the 'System' tab of the Preferences window
+  * Improved error reporting, with the Lutris log included in the error details
+  * Add AppArmor profile for Ubuntu versions &gt;= 23.10
+  * Add Duckstation runner
+</description>
+  <package>lutris</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251022070616351820.90520734224245/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-8">
+  <issue tracker="cve" id="2025-12036">VUL-0: CVE-2025-12036: chromium: Inappropriate implementation in V8</issue>
+  <issue tracker="bnc" id="1252402">VUL-0: CVE-2025-12036: chromium: Inappropriate implementation in V8</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.122:
+
+  * CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402)
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251023113823853491.93181000773252/_patchinfo

@@ -0,0 +1,57 @@
+<patchinfo incident="packagehub-7">
+  <issue tracker="bnc" id="1248768">[warewulf, REGRESSION] None of the disk/partition/filesystem Options to `wwctl profile set` appear to do anything</issue>
+  <issue tracker="bnc" id="1227465">[warewulf, kernel] After updating the Kernel in the Container Image 'wwctl container list' still shows old</issue>
+  <issue tracker="bnc" id="1246082">warewulf4-slurm suggest  slurm only</issue>
+  <issue tracker="bnc" id="1248906">VUL-0: CVE-2025-58058: warewulf4: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="bnc" id="1227686">[warewulf, kernel] Feature: Allow to determine the Kernel to boot - with none set, take latest</issue>
+  <issue tracker="cve" id="2025-58058">cve#2025-58058 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-58058</issue>
+  <packager>mslacken</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for warewulf4</summary>
+  <description>This update for warewulf4 fixes the following issues:
+
+Changes in warewulf4:
+
+- Update to version 4.6.4:
+  * v4.6.4 release updates
+  * Convert disk booleans from wwbool to *bool which allows bools in
+    disk to be set to false via command line (bsc#1248768)
+  * Update NetworkManager Overlay
+    * Disable ipv4 in NetworkManager if no address or route is specified
+  * fix(wwctl): Create overlay edit tempfile in tmpdir
+  * Add default for systemd name for warewulf in warewulf.conf
+  * Atomic overlay file application in wwclient
+  * Simpler names for overlay methods
+  * Fix warewulfd api behavior when deleting distribution overlay
+
+- Update to version 4.6.3:
+  * v4.6.3 release
+  * IPv6 iPXE support
+  * Fix a syntax error in the RPM specfile
+  * Fix a race condition in wwctl overlay edit
+  * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays
+  * Move reexec.Init() to beginning of wwctl
+  * Add documentation for using tmpfs to distribute across numa nodes
+  * added warewuld configure option
+  * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465)
+  * Address copilot review from #1945
+  * Refactor wwapi tests for proper isolation
+  * Bugfix: cloning a site overlay when parent dir does not exist
+  * Clone to a site overlay when adding files in wwapi
+  * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
+  * Support for creating and updating overlay file in wwapi
+  * Only return overlay files that refer to a path within the overlay
+  * add overlay file deletion support
+  * DELETE /api/overlays/{id}?force=true can delete overlays in use
+  * Restore idempotency of PUT /api/nodes/{id}
+  * Simplify overlay mtime api and add tests
+  * add node overlay buildtime
+  * Improved netplan support
+  * Rebuild overlays for discovered nodes
+  * Restrict userdocs from building during pr when not modified
+  * Update to v4.6.2 GitHub release notes
+</description>
+  <package>warewulf4</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251023150135882810.90520734224245/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-9">
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>optional</category>
+  <summary>Optional update for fprintd</summary>
+  <description>
+This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0
+</description>
+  <package>fprintd</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182237146698.93181000773252/_patchinfo

@@ -0,0 +1,129 @@
+<patchinfo incident="packagehub-13">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1761296552.ae7c17aa:
+  * Add tests for file_security_policy
+  * Pass parameter $is_userfile to log_url
+  * Remove redirect and serve files as attachments if necessary
+  * Serve files uploaded by tests via asset domain
+  * Use direct link to subdomain for the test assets
+  * Revert "Don't redirect to asset domain via /needles/ID/(image|json) route"
+  * Revert "Don't redirect screenshots, thumbs and needles to files_domain"
+
+- Update to version 5.1761228068.a3a7f84d:
+  * Dependency cron 2025-10-23
+
+- Update to version 5.1761037330.ad78558e:
+  * Avoid needless check for number of clones
+  * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
+
+- Update to version 5.1760515610.a802d1dd:
+  * Lower the prio of archiving jobs to avoid piling up finalize jobs
+  * Add signatures in Schema::Result::ApiKeys
+
+- Update to version 5.1760245411.e3aeaaec:
+  * Dependency cron 2025-10-12
+
+- Update to version 5.1760108577.fd2f2a48:
+  * Log unavailability due to high load only as warning
+  * Filter job stats of scheduled products also by arch and build
+  * Document how to disable image optimizations
+  * Make image optimization errors stop the job producing an incomplete job
+  * Improve wording in description about job stats API
+  * Run `optipng` for real and handle errors if it fails
+
+- Update to version 5.1759912962.689b31ed:
+  * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
+
+- Update to version 5.1759834744.06a7028a:
+  * parser: ktap: Return earlier if subtest result is SKIP
+  * parser: ktap: Fallback to subtest index if name is not available
+
+- Update to version 5.1759440640.bb989cab:
+  * Don't redirect to asset domain via /needles/ID/(image|json) route
+
+- Update to version 5.1759402042.49e912c3:
+  * Introduce array job settings
+  * Retry `obs_rsync_update_*` tasks if Gru service terminates
+
+- Update to version 5.1759329378.3b8e8685:
+  * Reduce the number of required checks for Mergify again
+  * Ensure a failing cache service is seen as such by the worker/scheduler
+
+- Update to version 5.1759248257.70b23b32:
+  * Increase number of successful checks in Mergify config again
+  * Disable Helm Chart CI checks temporarily
+  * Consider all jobs for cleanup, not just jobs that were executed
+  * Verify job deletion when dependent job present
+
+- Update to version 5.1759149505.49c40b0b:
+  * Use always the latest PostgreSQL image in Compose and documentation
+  * Update the PostgreSQL version in the contributing documentation
+  * Update PostgreSQL data path in Docker Compose file after updating to v18
+  * Specify PostgreSQL version in Docker Compose configuration explicitly
+  * mergify: Allow more time for dependabot update reaction
+  * Remove version property from docker-compose
+  * README: Fix openQA badge after switch to UEFI
+  * build(deps-dev): bump eslint from 9.35.0 to 9.36.0
+
+- Update to version 5.1758910696.7549bb98:
+  * Replace argument assignment with signatures on ObsRsync/Task
+  * Enable automatic dependabot updates again after improvements
+  * docs: Add instructions for a continuous dashboard setup
+  * Replace argument assignment with signatures Folders package
+  * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
+  * script: Also use OPENQA_WEBUI_MODE for related services
+
+- Update to version 5.1758814503.03d923a4:
+  * Use Mojo::File in Worker for is_qemu_running
+  * Use Mojo::File in Worker for meminfo
+  * Document archiving of important jobs
+
+- Update to version 5.1758729450.b88c0b40:
+  * Reject jobs if worker is broken when receiving a new job
+
+- Update to version 5.1758711845.e5c02221:
+  * script: Allow to configure openQA mode
+  * t: run at least once Memorylimit register with max_rss_limit &gt; 0
+  * Replace argument assignation with signatures on MemoryLimit
+
+Changes in os-autoinst:
+
+- Update to version 5.1761036042.c43e4ab:
+  * Update perltidy
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759328765.e7438f7:
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759134946.e08d7c7:
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+  * os-autoinst-setup-multi-machine: Only call zypper when necessary
+  * os-autoinst-setup-multi-machine: Improve network interface check
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251025182836794674.93181000773252/_patchinfo

@@ -0,0 +1,28 @@
+<patchinfo incident="packagehub-18">
+  <packager>jsulig</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for amarok</summary>
+  <description>This update for amarok fixes the following issues:
+
+Changes in amarok:
+
+- Update to version 3.3.1
+  * Enable saving and loading script console items, autocompletion
+    in script console, and re-enable some more scripting functionality
+  * Convert the remaining main UI toolbuttons to use icons from theme
+  * Clear out remnants of the now-discontinued MusicDNS service
+  * Fix example permission grant command in database settings (kde#386004)
+  * Fix equalizer gains not updating when selecting some presets (kde#463908)
+  * Fix continuing playback after timecoded tracks (cue files etc, (kde#270003)
+  * Fix MusicBrainz search
+  * Properly start CD playback if Amarok is not already running (kde#503310)
+  * Also transmit embedded cover art through MPRIS (kde#357620)
+  * Don't show transcoding dialog after canceling download (kde#275840)
+  * Load network information earlier to avoid crashes on startup (kde#507497)
+  * Try to export as-compatible-as-possible playlist files (kde#507329)
+  * Fix some random crashes during playback
+
+</description>
+  <package>amarok</package>
+</patchinfo>

patchinfo.20251027101618101208.187004354831441/_patchinfo

@@ -0,0 +1,32 @@
+<patchinfo incident="packagehub-16">
+  <packager>miska</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for knot</summary>
+  <description>This update for knot fixes the following issues:
+
+Changes in knot:
+
+- disable quic in stable releases due to the missing libraries
+
+update to version 3.5.1, see
+
+  https://www.knot-dns.cz/2025-10-16-version-351.html
+
+update to version 3.5.0, see
+
+  https://www.knot-dns.cz/2025-09-18-version-350.html
+
+update to version 3.4.8, see
+
+  https://www.knot-dns.cz/2025-07-29-version-348.html
+
+Use the libngtcp2_crypto_gnutls-devel instead of libngtcp2-devel
+to account for the openssl and gnutls devel files split in ngtcp2.
+
+update to version 3.4.7, see
+
+  https://www.knot-dns.cz/2025-06-04-version-347.html
+</description>
+  <package>knot</package>
+</patchinfo>

patchinfo.20251027101939269288.187004354831441/_patchinfo

@@ -0,0 +1,48 @@
+<patchinfo incident="packagehub-10">
+  <issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
+  <issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.3.0 ESR:
+
+  * Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
+    draft subject
+  * Thunderbird could crash on startup
+  * Thunderbird could crash when importing mail
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+  MFSA 2025-78 (bsc#1249391)
+  * CVE-2025-10527
+    Sandbox escape due to use-after-free in the Graphics:
+    Canvas2D component
+  * CVE-2025-10528
+    Sandbox escape due to undefined behavior, invalid pointer in
+    the Graphics: Canvas2D component
+  * CVE-2025-10529
+    Same-origin policy bypass in the Layout component
+  * CVE-2025-10532
+    Incorrect boundary conditions in the JavaScript: GC component
+  * CVE-2025-10533
+    Integer overflow in the SVG component
+  * CVE-2025-10536
+    Information disclosure in the Networking: Cache component
+  * CVE-2025-10537
+    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
+    ESR 140.3, Firefox 143 and Thunderbird 143
+
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251027103924170417.187004354831441/_patchinfo

@@ -0,0 +1,27 @@
+<patchinfo incident="packagehub-17">
+  <issue tracker="cve" id="2025-59438">VUL-0: CVE-2025-59438: TRACKERBUG: mbedtls: padding oracle attack possible through timing of cipher error reporting</issue>
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
+
+Version 1.26.0:
+
+  * Added machine.I2CTarget for creating I2C target devices on multiple ports.
+  * New MCU support: STM32N6xx (800 MHz, ML accel) &amp; ESP32-C2 (WiFi + BLE).
+  * Major float accuracy boost (~28% → ~98%), constant folding in compiler.
+  * Optimized native/Viper emitters; reduced heap use for slices.
+  * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr.
+  * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY.
+  * RP2: compressed errors, better lightsleep, hard IRQ timers.
+  * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support.
+  * mpremote adds fs tree, improved df, portable config paths.
+  * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests.
+</description>
+  <package>micropython</package>
+</patchinfo>

patchinfo.20251030080843825030.187004354831441/_patchinfo

@@ -0,0 +1,56 @@
+<patchinfo incident="packagehub-12">
+  <issue tracker="cve" id="2025-12441"/>
+  <issue tracker="cve" id="2025-12429"/>
+  <issue tracker="cve" id="2025-12431"/>
+  <issue tracker="cve" id="2025-12444"/>
+  <issue tracker="cve" id="2025-12428"/>
+  <issue tracker="cve" id="2025-12438"/>
+  <issue tracker="cve" id="2025-12435"/>
+  <issue tracker="cve" id="2025-12437"/>
+  <issue tracker="cve" id="2025-12443"/>
+  <issue tracker="cve" id="2025-12430"/>
+  <issue tracker="cve" id="2025-12440"/>
+  <issue tracker="cve" id="2025-12445"/>
+  <issue tracker="cve" id="2025-12446"/>
+  <issue tracker="cve" id="2025-12432"/>
+  <issue tracker="cve" id="2025-12436"/>
+  <issue tracker="cve" id="2025-12434"/>
+  <issue tracker="cve" id="2025-54874">VUL-0: CVE-2025-54874: TRACKERBUG: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of-bounds heap</issue>
+  <issue tracker="cve" id="2025-12433"/>
+  <issue tracker="bnc" id="1252881">VUL-0: chromium: release 142.0.7444.59</issue>
+  <issue tracker="cve" id="2025-12439"/>
+  <issue tracker="cve" id="2025-12447"/>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.59, the stable channel promotion of 142.
+
+Security fixes (boo#1252881):
+
+  * CVE-2025-12428: Type Confusion in V8
+  * CVE-2025-12429: Inappropriate implementation in V8
+  * CVE-2025-12430: Object lifecycle issue in Media
+  * CVE-2025-12431: Inappropriate implementation in Extensions
+  * CVE-2025-12432: Race in V8
+  * CVE-2025-12433: Inappropriate implementation in V8
+  * CVE-2025-12434: Race in Storage
+  * CVE-2025-12435: Incorrect security UI in Omnibox
+  * CVE-2025-12436: Policy bypass in Extensions
+  * CVE-2025-12437: Use after free in PageInfo
+  * CVE-2025-12438: Use after free in Ozone
+  * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
+  * CVE-2025-12440: Inappropriate implementation in Autofill
+  * CVE-2025-12441: Out of bounds read in V8
+  * CVE-2025-12443: Out of bounds read in WebXR
+  * CVE-2025-12444: Incorrect security UI in Fullscreen UI
+  * CVE-2025-12445: Policy bypass in Extensions
+  * CVE-2025-12446: Incorrect security UI in SplitView
+  * CVE-2025-12447: Incorrect security UI in Omnibox
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251030134459405257.187004354831441/_patchinfo

@@ -0,0 +1,24 @@
+<patchinfo incident="packagehub-14">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.16:
+
+  - merge updateinfo's with same id into one
+  - error out on updateinfo with same id, but non-mergable content
+
+Update to version 0.6.15:
+
+  * Support updateinfo handling in arch specific meta data
+
+Update to version 0.6.14:
+
+  * option to disable joliet extensions on media
+  * no joliet extensions on source and debug media anymore
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251104153107003768.187004354831441/_patchinfo

@@ -0,0 +1,63 @@
+<patchinfo incident="packagehub-15">
+  <issue tracker="cve" id="2025-11710"/>
+  <issue tracker="cve" id="2025-11709"/>
+  <issue tracker="cve" id="2025-11715"/>
+  <issue tracker="bnc" id="1247774">[SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x</issue>
+  <issue tracker="cve" id="2025-11712"/>
+  <issue tracker="cve" id="2025-11708"/>
+  <issue tracker="cve" id="2025-11714"/>
+  <issue tracker="cve" id="2025-11713"/>
+  <issue tracker="cve" id="2025-11711"/>
+  <issue tracker="bnc" id="1251263">VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr</issue>
+  <packager>MSirringhaus</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Mozilla Thunderbird 140.4:
+
+  * changed: Account Hub is now disabled by default for second
+    email account
+  * changed: Flatpak runtime has been updated to Freedesktop SDK
+    24.08
+  * fixed: Users could not read mail signed with OpenPGP v6 and
+    PQC keys
+  * fixed: Image preview in Insert Image dialog failed with CSP
+    error for web resources
+  * fixed: Emptying trash on exit did not work with some
+    providers
+  * fixed: Thunderbird could crash when applying filters
+  * fixed: Users were unable to override expired mail server
+    certificate
+  * fixed: Opening Website header link in RSS feed incorrectly
+    re-encoded URL parameters
+  * fixed: Security fixes
+
+MFSA 2025-85 (bsc#1251263):
+
+  * CVE-2025-11708
+    Use-after-free in MediaTrackGraphImpl::GetInstance()
+  * CVE-2025-11709
+    Out of bounds read/write in a privileged process triggered by
+    WebGL textures
+  * CVE-2025-11710
+    Cross-process information leaked due to malicious IPC
+    messages
+  * CVE-2025-11711
+    Some non-writable Object properties could be modified
+  * CVE-2025-11712
+    An OBJECT tag type attribute overrode browser behavior on web
+    resources without a content-type
+  * CVE-2025-11713
+    Potential user-assisted code execution in “Copy as cURL”
+    command
+  * CVE-2025-11714
+    Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
+    140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
+  * CVE-2025-11715
+    Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
+    ESR 140.4, Firefox 144 and Thunderbird 144
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20251106083153138720.187004354831441/_patchinfo

@@ -0,0 +1,23 @@
+<patchinfo incident="packagehub-19">
+  <issue tracker="bnc" id="1253089">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12727"/>
+  <issue tracker="cve" id="2025-12725"/>
+  <issue tracker="cve" id="2025-12729">VUL-0: chromium: release 142.0.7444.134</issue>
+  <issue tracker="cve" id="2025-12728"/>
+  <issue tracker="cve" id="2025-12726"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.134 (boo#1253089):
+
+  * CVE-2025-12725: Out of bounds write in WebGPU
+  * CVE-2025-12726: Inappropriate implementation in Views
+  * CVE-2025-12727: Inappropriate implementation in V8
+  * CVE-2025-12728: Inappropriate implementation in Omnibox
+  * CVE-2025-12729: Inappropriate implementation in Omnibox
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251111094408723997.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-20">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Update to version 0.6.17:
+
+  - fix multiarch media handling of updateinfo id's
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251112154630847363.187004354831441/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-21">
+  <issue tracker="bnc" id="1253267">VUL-0: chromium: release 142.0.7444.162</issue>
+  <issue tracker="cve" id="2025-13042">VUL-0: chromium: release 142.0.7444.162</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 142.0.7444.162 (boo#1253267):
+
+  * CVE-2025-13042: Inappropriate implementation in V8
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251112155258859667.187004354831441/_patchinfo

@@ -0,0 +1,571 @@
+<patchinfo incident="packagehub-30">
+  <issue tracker="cve" id="2025-0377">VUL-0: CVE-2025-0377: TRACKERBUG: go-slug: improper validation of paths when extracting tar files containing Terraform configuration files can lead to arbitrary file writes</issue>
+  <issue tracker="cve" id="2024-45338">VUL-0: CVE-2024-45338: TRACKERBUG: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
+  <packager>manfred-h</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for helmfile</summary>
+  <description>This update for helmfile fixes the following issues:
+
+Changes in helmfile:
+
+Update to version 1.1.9:
+
+  * feat: update strategy for reinstall by @simbou2000 in #2019
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3
+    from 1.88.7 to 1.89.0 by @dependabot[bot] in #2239
+  * Fix: Handle empty helmBinary in base files with environment
+    values by @Copilot in #2237
+
+Update to version 1.1.8:
+
+  * build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to
+    1.8.1 by @dependabot[bot] in #2194
+  * fix typos in both comment and error message by @d-fal in #2199
+  * cleanup disk in release ci by @yxxhero in #2203
+  * Migrate AWS SDK from v1 to v2 to resolve deprecation warnings
+    by @Copilot in #2202
+  * build(deps): bump github.com/helmfile/vals from 0.42.1 to 0.42.2
+    by @dependabot[bot] in #2200
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.2 to 1.88.3 by @dependabot[bot] in #2206
+  * Bump Alpine to 3.22 in Dockerfile by @orishamir in #2205
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.10 to 1.31.12 by @dependabot[bot] in #2207
+  * Add yq to Dockerfile by @orishamir in #2208
+  * fix: skip chartify for build command jsonPatches by @sstarcher
+    in #2212
+  * build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to
+    1.8.2 by @dependabot[bot] in #2210
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.3 to 1.88.4 by @dependabot[bot] in #2213
+  * build(deps): bump golang.org/x/term from 0.35.0 to 0.36.0 by
+    @dependabot[bot] in #2214
+  * Avoid fetching same chart/version multiple times by @Copilot
+    in #2197
+  * build(deps): bump github.com/helmfile/vals from 0.42.2 to
+    0.42.4 by @dependabot[bot] in #2217
+  * docs: add zread badge to README by @yxxhero in #2219
+  * Bump helm-diff to v3.13.1 by @Copilot in #2223
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.4 to 1.88.5 by @dependabot[bot] in #2226
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.12 to 1.31.13 by @dependabot[bot] in #2225
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.5 to 1.88.6 by @dependabot[bot] in #2230
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from
+    1.88.6 to 1.88.7 by @dependabot[bot] in #2232
+  * build(deps): bump github.com/aws/aws-sdk-go-v2/config from
+    1.31.13 to 1.31.15 by @dependabot[bot] in #2233
+  * Fix helmBinary and kustomizeBinary being ignored when using
+    bases by @Copilot in #2228
+
+Update to version 1.1.7:
+
+  What's Changed
+
+  * fix pflag error by @zhaque44 in #2164
+  * build(deps): bump actions/setup-go from 5 to 6 by
+    @dependabot[bot] in #2166
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to
+    1.7.10 by @dependabot[bot] in #2165
+  * build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10
+    by @dependabot[bot] in #2163
+  * Add helm diff installation to README by @nwneisen in #2170
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.10
+    to 1.8.0 by @dependabot[bot] in #2175
+  * build(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 by
+    @dependabot[bot] in #2174
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.4 to
+    1.17.0 by @dependabot[bot] in #2173
+  * Fix panic when helm isn't installed by @nwneisen in #2169
+  * build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by
+    @dependabot[bot] in #2172
+  * ci: update minikube and kubernetes versions by @yxxhero in #2181
+  * build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1 by
+    @dependabot[bot] in #2180
+  * Remove deprecated --wait-retries flag support to fix Helm
+    compatibility error by @Copilot in #2179
+  * build(deps): bump go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3 by
+    @dependabot[bot] in #2183
+  * build: update Helm to v3.19.0 across all components by @yxxhero
+    in #2187
+  * build: update helm-diff plugin to v3.13.0 by @yxxhero in #2189
+  * feat: Implement caching for pulling OCI charts by @mustdiechik
+    in #2171
+  * build(deps): bump github.com/helmfile/chartify from 0.24.7 to
+    0.25.0 by @dependabot[bot] in #2190
+
+- Update to version 1.1.6:
+  What's Changed
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to
+    1.7.9 by @dependabot[bot] in #2139
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.3 to
+    1.16.4 by @dependabot[bot] in #2145
+  * build: update helm to v3.18.6 by @yxxhero in #2144
+  * build(deps): bump github.com/stretchr/testify from 1.10.0 to
+    1.11.0 by @dependabot[bot] in #2150
+  * Add missing --timeout flag to helmfile sync command with
+    documentation by @Copilot in #2148
+  * Fix enableDNS flag missing in diff command and refactor
+    duplicate logic by @Copilot in #2147
+  * build(deps): bump github.com/stretchr/testify from 1.11.0 to
+    1.11.1 by @dependabot[bot] in #2151
+  * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14
+    by @dependabot[bot] in #2154
+  * Bump github.com/ulikunitz/xz from v0.5.14 to v0.5.15 by @Copilot
+    in #2159
+  * build(deps): bump github.com/helmfile/vals from 0.42.0 to
+    0.42.1 by @dependabot[bot] in #2161
+  * build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9
+    by @dependabot[bot] in #2160
+  * build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
+    by @dependabot[bot] in #2162
+  * Fix error propagation in helmfile diff when Kubernetes is
+    unreachable by @Copilot in #2149
+
+- Update to version 1.1.5:
+  What's Changed
+  * build(deps): bump actions/checkout from 4 to 5 by
+    @dependabot[bot] in #2128
+  * Update recommended Helm versions in init.go and run.sh by
+    @yxxhero in #2129
+  * Add comprehensive .github/copilot-instructions.md for coding
+    agents by @Copilot in #2131
+  * refactor(state): extract getMissingFileHandler method for
+    clarity by @yxxhero in #2133
+  * Fix parseHelmVersion to handle helm versions without 'v'
+    prefix by @Copilot in #2132
+  * build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.4
+    by @dependabot[bot] in #2136
+  * build(deps): bump github.com/helmfile/chartify from 0.24.6 to
+    0.24.7 by @dependabot[bot] in #2135
+
+- Update to version 1.1.4:
+  What's Changed
+  * build(deps): bump github.com/helmfile/vals from 0.41.2 to
+    0.41.3 by @dependabot[bot] in #2100
+  * build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3
+    by @dependabot[bot] in #2101
+  * fix: update Helm version to v3.17.4 in CI and init.go by
+    @yxxhero in #2102
+  * build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7
+    by @dependabot[bot] in #2104
+  * feat(state): add missingFileHandlerConfig and related logic
+    by @yxxhero in #2105
+  * refactor(filesystem): add CopyDir method and optimize Fetch
+    function by @yxxhero in #2111
+  * Allow caching of remote files to be disabled by @jess-sol in
+    #2112
+  * refactor(yaml): switch yaml library import paths from gopkg.in
+    to go.yaml.in by @yxxhero in #2114
+  * build(deps): bump actions/download-artifact from 4 to 5 by
+    @dependabot[bot] in #2121
+  * build(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 by
+    @dependabot[bot] in #2123
+
+- Update to version 1.1.3:
+  What's Changed
+  * build: update Helm to v3.18.3 and related dependencies by
+    @yxxhero in #2082
+  * Expose release version as .Release.ChartVersion for templating
+    by @Simske in #2080
+  * build(deps): bump github.com/helmfile/chartify from 0.24.3 to
+    0.24.4 by @dependabot[bot] in #2083
+  * build(deps): bump k8s.io/apimachinery from 0.33.1 to 0.33.2
+    by @dependabot[bot] in #2086
+  * build(deps): bump github.com/helmfile/chartify from 0.24.4 to
+    0.24.5 by @dependabot[bot] in #2087
+  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.1
+    to 3.4.0 by @dependabot[bot] in #2089
+  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to
+    2.24.0 by @dependabot[bot] in #2092
+  * build: update Helm and plugin versions to v3.18.4 and v3.12.3
+    by @yxxhero in #2093
+  * docs: update status section with May 2025 release information
+    by @yxxhero in #2096
+  * build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by
+    @dependabot[bot] in #2099
+  * build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by
+    @dependabot[bot] in #2098
+
+- Update to version 1.1.2:
+  What's Changed
+  * build(deps): bump github.com/helmfile/chartify from 0.24.2 to
+    0.24.3 by @dependabot in #2065
+  * build: update Helm to v3.18.2 and adjust related configurations
+    by @yxxhero in #2064
+  * build(deps): bump github.com/helmfile/vals from 0.41.1 to
+    0.41.2 by @dependabot in #2067
+  * build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0
+    by @dependabot in #2068
+  * fix-insecure-flag by @anontrex in #2072
+  * build(deps): bump github.com/cloudflare/circl from 1.4.0 to
+    1.6.1 by @dependabot in #2074
+  * fix: update helm-diff to version 3.12.2 in CI and Dockerfiles
+    by @yxxhero in #2073
+  * fix: TestToYaml not working with 32-bit architectures by
+    @ProbstDJakob in #2075
+
+- Update to version 1.1.1:
+  What's Changed
+  * Update README.md by @mumoshu in #2046
+  * build(deps): bump github.com/helmfile/vals from 0.41.0 to
+    0.41.1 by @dependabot in #2048
+  * build(helm) update to v3.18.0 by @yxxhero in #2044
+  * build(deps): bump github.com/helmfile/chartify from 0.23.0 to
+    0.24.1 by @dependabot in #2049
+  * build: update Helm and plugin versions in CI and Dockerfiles
+    by @yxxhero in #2059
+
+- Update to version 1.1.0:
+  What's Changed
+  * chore: fix typo in create_test.go by @sadikkuzu in #2025
+  * build(deps): bump golangci/golangci-lint-action from 7 to 8 by
+    @dependabot in #2029
+  * build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by
+    @dependabot in #2028
+  * build(deps): bump github.com/helmfile/chartify from 0.22.0 to
+    0.23.0 by @dependabot in #2027
+  * chore: remove test data files by @yxxhero in #2026
+  * build(deps): bump golang.org/x/term from 0.31.0 to 0.32.0 by
+    @dependabot in #2033
+  * build(deps): bump github.com/helmfile/vals from 0.40.1 to
+    0.41.0 by @dependabot in #2032
+  * build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 by
+    @dependabot in #2035
+  * feat(tmpl): enhance ToYaml test with multiple scenarios by
+    @yxxhero in #2031
+  * [sops, age] update to have SSH key support with sops by
+    @itscaro in #2036
+  * feat(yaml): add JSON style encoding option to NewEncoder by
+    @yxxhero in #2038
+  * refactor(yaml): upgrade from gopkg.in/yaml.v2 to v3 by @yxxhero
+    in #2039
+  * Update readme &amp; documentation with 2025 status of helmfile
+    project by @zhaque44 in #2040
+  * build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.33.1 by
+    @dependabot in #2041
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.2 to
+    1.16.3 by @dependabot in #2043
+
+- Update to version 1.0.0:
+  PLEASE READ
+  https://github.com/helmfile/helmfile/blob/main/docs/proposals/towards-1.0.md
+
+  What's Changed:
+  * build(deps): bump github.com/helmfile/vals from 0.39.0 to 0.39.1
+    by @dependabot in #1926
+  * Bump kubectl to current version (1.32.1) by @DerDaku in #1924
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.21 to 1.15.22
+    by @dependabot in #1925
+  * build: update Helm to v3.17.1 and related dependencies by
+    @yxxhero in #1928
+  * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2 by
+    @dependabot in #1931
+  * feat: inject cli state values (--state-values-set) into environment
+    templating context by @Vince-Chenal in #1917
+  * docs: add skipSchemaValidation to index.md and update related
+    structs by @yxxhero in #1935
+  * refactor(state): optimize HelmState flags handling by @yxxhero
+    in #1937
+  * Update vals package to v0.39.2 by @aditmeno in #1938
+  * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by
+    @dependabot in #1940
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23
+    by @dependabot in #1941
+  * build(deps): bump github.com/helmfile/chartify from 0.20.8 to
+    0.20.9 by @dependabot in #1942
+  * feat: colorized DELETED by @yurrriq in #1944
+  * feat(docs): add proposal to remove charts and delete subcommands
+    by @yxxhero in #1936
+  * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
+    by @dependabot in #1945
+  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to
+    4.0.5 by @dependabot in #1946
+  * build: update golang version to 1.24 and golangci-lint to
+    v1.64.5 by @yxxhero in #1949
+  * build(deps): bump github.com/helmfile/vals from 0.39.2 to 0.39.3
+    by @dependabot in #1951
+  * build(deps): bump github.com/helmfile/chartify from 0.20.9 to
+    0.21.0 by @dependabot in #1950
+  * build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by
+    @dependabot in #1955
+  * build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs by
+    @dependabot in #1956
+  * Don't warn if this and the needed release set installed: false
+    by @jayme-github in #1958
+  * build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by
+    @dependabot in #1959
+  * Remove all v0.x references by @yxxhero in #1919
+  * build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3
+    by @dependabot in #1960
+  * build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 by
+    @dependabot in #1961
+  * build(deps): bump github.com/helmfile/vals from 0.39.3 to 0.39.4
+    by @dependabot in #1962
+  * build: update Helm to v3.17.2 and related dependencies by
+    @yxxhero in #1965
+  * build: update yaml.v3 dependency and remove colega/go-yaml-yaml
+    by @yxxhero in #1929
+  * build(deps): bump github.com/containerd/containerd from 1.7.24
+    to 1.7.27 by @dependabot in #1966
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.23 to
+    1.16.0 by @dependabot in #1967
+  * build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to
+    5.2.2 by @dependabot in #1969
+  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to
+    4.5.2 by @dependabot in #1970
+  * build(deps): bump golangci/golangci-lint-action from 6 to 7
+    by @dependabot in #1975
+  * build(deps): bump github.com/helmfile/vals from 0.39.4 to
+    0.40.0 by @dependabot in #1978
+  * build(deps): bump github.com/helmfile/chartify from 0.21.0 to
+    0.21.1 by @dependabot in #1979
+  * docs(fix): correct typo in 'tier=fronted' to 'tier=frontend'
+    by @yxxhero in #1980
+  * feat: add labels for helm release by @yxxhero in #1046
+  * build(deps): bump github.com/helmfile/vals from 0.40.0 to
+    0.40.1 by @dependabot in #1981
+  * build(deps): bump github.com/goccy/go-yaml from 1.16.0 to 1.17.1
+    by @dependabot in #1982
+  * fix: Check needs with context and namespace by @aarnq in #1986
+  * build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by
+    @dependabot in #1991
+  * build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 by
+    @dependabot in #1990
+  * fix(state): enhance error message for missing .gotmpl extension
+    in helmfile v1 by @yxxhero in #1989
+  * build(deps): bump github.com/helmfile/chartify from 0.21.1 to
+    0.22.0 by @dependabot in #1996
+  * build: update Helm plugin versions in CI and Dockerfiles by
+    @yxxhero in #1995
+  * build: update Helm to v3.17.3 and update related Dockerfiles
+    by @yxxhero in #1993
+  * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by
+    @dependabot in #2010
+  * feat: add helmfile archive configuration in goreleaser by
+    @yxxhero in #2000
+  * docs: add more complex examples section in README by @yxxhero
+    in #2013
+  * Feat: setting reuseValues flag in release by @blaskoa in #2004
+  * build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.32.4 by
+    @dependabot in #2016
+  * build(deps): bump github.com/aws/aws-sdk-go from 1.55.6 to
+    1.55.7 by @dependabot in #2015
+  * chore: support parsing any type with fromYaml by @ProbstDJakob
+    in #2017
+  * build(deps): bump k8s.io/apimachinery from 0.32.4 to 0.33.0 by
+    @dependabot in #2018
+  * feat: add --take-ownership flag to helm diff and related config
+    by @yxxhero in #1992
+
+- Update to version 0.171.0:
+  * feat: execute templates against postRendererHooks by @allanger
+    in #1839
+  * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
+    by @dependabot in #1897
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.15 to
+    1.15.16 by @dependabot in #1901
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.16 to
+    1.15.17 by @dependabot in #1905
+  * Use a regex to match --state-values-set-string arguments
+    by @gllb in #1902
+  * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
+    by @dependabot in #1911
+  * Chartify v0.20.8 update by @scodeman in #1908
+  * cleanup: remove all about v0.x by @yxxhero in #1903
+  * build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0
+    by @dependabot in #1913
+  * chore: update babel to resolve CVEs by @zhaque44 in #1916
+  * remove deprecated charts.yaml by @yxxhero in #1437
+  * Revert "cleanup: remove all about v0.x" by @yxxhero in #1918
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.17 to
+    1.15.19 by @dependabot in #1920
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.19 to
+    1.15.20 by @dependabot in #1921
+  * feat: Add support for --wait-retries flag. by @connyay in #1922
+  * build: update go-yaml to v1.15.21 by @yxxhero in #1923
+
+- Update to version 0.170.1:
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.14 to
+    1.15.15 by @dependabot in #1882
+  * build(deps): bump github.com/hashicorp/go-slug from 0.15.0 to
+    0.16.3 by @dependabot in #1886 (CVE-2025-0377)
+  * Ensure 'helm repo add' is also not pollute on helmfile template
+    by @baurmatt in #1887
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.1 to
+    1.16.2 by @dependabot in #1888
+  * fix: using correct option for takeOwnership flag by @blaskoa
+    in #1892
+  * fix typo in docs by @adamab48 in #1889
+
+- Update to version 0.170.0:
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.7
+    by @dependabot in #1818
+  * build(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 by
+    @dependabot in #1817
+  * chore(doc): fix the indent of the selector usage sample yaml by
+    @Ladicle in #1819
+  * feat(state): add support for setString in ReleaseSpec and
+    HelmState by @yxxhero in #1821
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.7 to 1.15.8
+    by @dependabot in #1822
+  * test(state): add TestHelmState_setStringFlags for setStringFlags
+    method by @yxxhero in #1823
+  * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.31.4 by
+    @dependabot in #1826
+  * build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by
+    @dependabot in #1828
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.8 to
+    1.15.9 by @dependabot in #1831
+  * build(deps): bump k8s.io/apimachinery from 0.31.4 to 0.32.0 by
+    @dependabot in #1830
+  * feat: updating sops version to 3.9.2 by @zhaque44 in #1834
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.9 to
+    1.15.10 by @dependabot in #1835
+  * build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by
+    @dependabot in #1836
+  * build: update Helm version to v3.16.4 in CI and Dockerfiles by
+    @yxxhero in #1837
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.10 to
+    1.15.11 by @dependabot in #1838
+  * build(deps): bump filippo.io/age from 1.2.0 to 1.2.1 by
+    @dependabot in #1840
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.11 to
+    1.15.12 by @dependabot in #1843
+  * build: update helm-diff to v3.9.13 in Dockerfiles and init.go
+    by @yxxhero in #1841
+  * build(deps): bump github.com/helmfile/chartify from 0.20.4 to
+    0.20.5 by @dependabot in #1845
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.12 to
+    1.15.13 by @dependabot in #1844
+  * build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /docs by
+    @dependabot in #1846
+  * CVE-2024-45338: updating golang.org/x/net: to version: v0.33.0
+    by @zhaque44 in #1849
+  * build(deps): bump github.com/zclconf/go-cty from 1.15.1 to
+    1.16.0 by @dependabot in #1851
+  * build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0
+    by @dependabot in #1852
+  * update sops versions to 3.9.3 by @zhaque44 in #1861
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.6
+    to 1.7.7 by @dependabot in #1862
+  * feat: add --take-ownership flag to apply and sync commands by
+    @yxxhero in #1863
+  * fix: ensure plain http is supported across all helmfile
+    commands by @purpleclay in #1858
+  * fix: ensure development versions of charts can be used across
+    helmfile commands by @purpleclay in #1865
+  * build(deps): bump github.com/helmfile/chartify from 0.20.5 to
+    0.20.6 by @dependabot in #1866
+  * update kubectl version (1.30) to stay up to date with new
+    releases by @zhaque44 in #1867
+  * build(deps): bump github.com/zclconf/go-cty from 1.16.0 to
+    1.16.1 by @dependabot in #1870
+  * build(deps): bump github.com/hashicorp/go-getter from 1.7.7 to
+    1.7.8 by @dependabot in #1869
+  * feat: Add "--no-hooks" to helmfile template by @jwlai in #1813
+  * update helm and k8s versions in ci, dockerfiles, and go.mod by
+    @yxxhero in #1872
+  * build(deps): bump github.com/helmfile/vals from 0.38.0 to 0.39.0
+    by @dependabot in #1876
+  * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 by
+    @dependabot in #1873
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.13 to
+    1.15.14 by @dependabot in #1874
+  * build: update helm-diff to v3.9.14 in Dockerfiles and init.go
+    by @yxxhero in #1877
+
+- Update to version 0.169.2:
+  * build(deps): bump github.com/helmfile/vals from 0.37.6 to 0.37.7
+    by @dependabot in #1747
+  * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by
+    @dependabot in #1754
+  * Reset extra args before running 'dependency build' by @baurmatt
+    in #1751
+  * Introducing Helmfile Guru on Gurubase.io by @kursataktas in #1748
+  * feat: add skip json schema validation during the install /upgrade
+    of a Chart by @zhaque44 in #1737
+  * fix(maputil): prevent nil value overwrite by @ban11111 in #1755
+  * build(deps): bump github.com/goccy/go-yaml from 1.12.0 to
+    1.13.0 by @dependabot in #1759
+  * fix: this url doesn't work anymore by @zekena2 in #1760
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.0 to
+    1.13.1 by @dependabot in #1762
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.1 to
+    1.13.2 by @dependabot in #1763
+  * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to
+    4.5.1 by @dependabot in #1767
+  * build(deps): bump github.com/helmfile/vals from 0.37.7 to
+    0.37.8 by @dependabot in #1764
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.2 to
+    1.13.4 by @dependabot in #1765
+  * fix(integration-tests): read correct minikube status (#1768)
+    by @ceriath in #1769
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.4 to
+    1.13.5 by @dependabot in #1770
+  * Add integration tests for #1749 by @baurmatt in #1766
+  * fix: update acme chart URL in input.yaml by @yxxhero in #1773
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.5 to
+    1.13.6 by @dependabot in #1771
+  * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by
+    @dependabot in #1775
+  * build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0
+    by @dependabot in #1774
+  * Revive dead badge links by @eggplants in #1776
+  * feat: refactor label creation in state.go by @yxxhero in #1758
+  * docs: Add Gurubase badge to README-zh_CN by @yxxhero in #1777
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.6 to
+    1.13.9 by @dependabot in #1781
+  * build(deps): bump github.com/goccy/go-yaml from 1.13.9 to
+    1.14.0 by @dependabot in #1782
+  * build(deps): bump github.com/goccy/go-yaml from 1.14.0 to
+    1.14.3 by @dependabot in #1788
+  * build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by
+    @dependabot in #1786
+  * fix: update helm-diff to version 3.9.12 in CI and Dockerfiles
+    by @yxxhero in #1792
+  * build: update Helm version to v3.16.3 in CI and Dockerfiles
+    by @yxxhero in #1791
+  * feat: add HELMFILE_INTERACTIVE env var to enable interactive
+    mode by @thevops in #1787
+  * build(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to
+    2.23.0 by @dependabot in #1793
+  * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.0
+    to 3.3.1 by @dependabot in #1795
+  * chore: update with testify/assert assertion and table driven
+    tests for fs.go by @zhaque44 in #1794
+  * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3
+    by @dependabot in #1798
+  * build(deps): bump github.com/stretchr/testify from 1.9.0 to
+    1.10.0 by @dependabot in #1800
+  * build(deps): bump github.com/goccy/go-yaml from 1.14.3 to
+    1.15.0 by @dependabot in #1804
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.0 to
+    1.15.1 by @dependabot in #1807
+  * build(deps): bump github.com/zclconf/go-cty from 1.15.0 to
+    1.15.1 by @dependabot in #1806
+  * update example chart URL in remote-secrets doc by @daveneeley
+    in #1809
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.1 to
+    1.15.3 by @dependabot in #1811
+  * build(deps): bump github.com/goccy/go-yaml from 1.15.3 to
+    1.15.6 by @dependabot in #1812
+  * fix: inject global values in Chartify by @xabufr in #1805
+  * build(deps): bump github.com/helmfile/vals from 0.37.8 to
+    0.38.0 by @dependabot in #1814
+  * build(deps): bump github.com/helmfile/chartify from 0.20.3 to
+    0.20.4 by @dependabot in #1815
+  * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by
+    @dependabot in #1816
+
+- Update to version 0.169.1:
+  * feat: update sops version to 3.9.1 by @zhaque44 in #1742
+  * chore: improve test assertions and descriptions for file
+    download test by @zhaque44 in #1745
+  * feat: add 'hide-notes' flag to helm in sync and apply commands
+    by @yxxhero in #1746
+</description>
+  <package>helmfile</package>
+</patchinfo>

patchinfo.20251113160751974202.187004354831441/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-28">
+  <packager>adrianSuSE</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for product-composer</summary>
+  <description>This update for product-composer fixes the following issues:
+
+Changes in product-composer:
+
+Update to version 0.6.18:
+
+  - Fix filtering of not used rpms in updateinfo
+</description>
+  <package>product-composer</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251113161402184432.187004354831441/_patchinfo

@@ -0,0 +1,140 @@
+<patchinfo incident="packagehub-29">
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gramps</summary>
+  <description>This update for gramps fixes the following issues:
+
+Changes in gramps:
+
+Update to version 6.0.3:
+
+  * Revert “Pass an object rather than a handle to the note editor callback”.
+    Fixes #13884.
+  * Update translations.
+
+Update to version 6.0.2;
+
+  * Fix date modifiers for lt.
+  * Update translation template for new release.
+  * Add optimization to HasIdOf rules.
+  * Connect the Help button in the repository reference editor. Fixes #13352.
+  * Pass an object rather than a handle to the note editor callback. Fixes
+    #13702.
+  * Fix broken compound dates with bce year in XML import. Fixes #13631.
+  * Avoid multiple copies of Rules after Plugin manager reload. Fixes #13844.
+  * Fix bad surname list after upgrade from bsddb. Fixes #13807.
+  * Fix narrated web when two places have same name but a different type. Fixes
+    #13841.
+  * Fix crash in citation view due to wrong filter_info. Fixes #13796.
+  * Don’t attempt to call set_orientation if self.pui is None. Fixes #13820.
+  * Don’t crash in search_changed if self.search_list has no active item. Fixes
+    #13793.
+  * Fix incorrect addons project after upgrade from Gramps 5.2. Fixes #13789.
+  * Respect user choice of CSS files for existing narrated web site. Fixes
+    #13792.
+  * Ensure that the spell checker gets removed with the editor. Fixes #13795.
+  * Fix Optimizer class when combining sub-filters. Fixes #13799.
+  * Remove check for Gtk translations in Snap packages.
+  * Update translations.
+
+Update to version 6.0.1:
+
+  * Update translations: ar, br, ca, cs, de, de_AT, el, en_GB, es, fi, fr, ga,
+    he, it, ja, ko, nb, nl, pl, pt_PT, ro, sk, sv, tr, uk, zh_CN.
+  * Update translation template for new release.
+  * Extend SearchBar so that it supports text search and filters. Fixes #13720.
+  * Fix patronymic in name display. Fixes #13764.
+  * Update links in the README to v6.0.
+  * Update the INSTALL file. Issue #13717.
+
+    + Change install from setup.py to pip.
+    + Update typical installation locations.
+    + Remove the --resourcepath option which no longer exists.
+
+  * Fix wiki help link in the Addon Manager. Fixes #13735.
+  * Remove the outer progress meter from the filter prepare phase. Fixes #13725.
+  * Fix error when importing a GEDCOM file into an existing tree. Fixes #13726.
+  * Avoid empty metadata fields. Fixes #13721.
+  * Update Italian date modifiers.
+
+Update to version 6.0.0:
+
+  * Full changelog available at
+    https://gramps-project.org/blog/2025/03/gramps-6-0-0-released/
+  * Reports
+
+    + The narrative web report has four main improvements:
+
+      - New indexes for big databases.
+      - Add heatmap.
+      - Improve language and hamburger menus.
+      - Show other roles for an event.
+
+    + Other report changes:
+
+      - Add gender symbol option to the detailed descendant, detailed ancestral
+        and descendant report.
+      - Add Gramps ID option to Kinship Report.
+      - Tree reports convert images to thumbnails for embedding. This allows
+        cropped rectangles selected in the media references to be displayed.
+      - Report options are now memorised on a per family tree (database) level.
+
+  * Gramplets
+
+    + Improvements to the backlinks (References) gramplets:
+    + Allow an object to be made active from within the backlinks gramplet.
+    + Add a context menu to make “Edit” and “Make Active” more discoverable.
+    + Allow objects in the backlinks gramplets to be dragged to the clipboard.
+    + Add edit capability to the notes gramplets.
+    + Enhanced version of the Filter gramplet.
+
+  * Selector dialogs
+    + A standard search bar has been added to the person selector dialog. It
+      may default to selecting men or women by default, but selecting on other
+      columns is possible.
+    + It is now possible to select multiple media objects in the media selector
+      and gallery tabs.
+    + The media selector has a new path column.
+
+  * Other changes
+
+    + Improvements to the Probably Alive code.
+    + New rules: “Has Event”, “Has Source” and “Having Note of Type”.
+    + New Gedcom 7.0 event roles: “Father”, Mother”, “Parent”, “Child”, “Multiple”, Friend”, “Neighbour” and “Officiator”.
+    + Allow web-accessible file references in media objects.
+    + Add a preference option for the selection of the toolbar style.
+    + Enhancements to the help display. This is ongoing though.
+    + Enable Web Connection menu in all list views.
+
+Update to version 5.2.4:
+
+  * Fix Citations gramplet to recognize event reference citations. Fixes #13555.
+  * Fix exception when finding relationship to home person. Fixes #13495.
+  * Fix mouse scroll direction in pedigree view.
+  * Fix incorrect usage of exec. As of PEP558, locals() is not populated by
+    exec(). This change means that this call is broken on Python 3.13.
+  * Remove some usage of globals().
+  * Remove unnecessary use of exec.
+  * Test current_date being an empty date in probably alive function. Fixes #13431.
+  * Improve warning message in date_test.py when 3 tests are skipped.
+  * Correctly assign sortval = 0 when a date is EMPTY. Fixes #13415, #13423.
+  * Fix unicode conversion bug when upgrading from schema 16 to 17.
+  * Correct the documentation for the match() method of the Date class. Also
+    added more detail to documentation in 3 other cases. Fixes #13428.
+  * Gramps version output now reports OS rather than Platform. Fixes #12285.
+  * Downgrade upgrade messages from warning to informational level. Fixes #13464.
+  * Fix list size option in the top surnames gramplet. Allow users to specify
+    how many surnames appear in the list from 10 to 1000. Fixes #13448.
+  * Correct misleading description of GUI element placement.
+  * Use the preferred calendar for new dates only in the date editor. Fixes #13403.
+  * Fix docs typo in INSTALL file.
+  * Fix printing of Books. Fixes #12804.
+  * Render reports with styled notes containing subscript and strikethrough. Fixes #13417.
+  * Remove broken link to svn2cl package in the About dialog. Fixes #13152.
+  * Improve media performance in the narrative web report. Fixes #13370.
+  * Updated translations.
+</description>
+  <package>gramps</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251114110535882810.90520734224245/_patchinfo

@@ -0,0 +1,16 @@
+<patchinfo incident="packagehub-22">
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for certbot</summary>
+  <description>This update for certbot fixes the following issues:
+
+This update adds the certbot stack. (python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339).
+</description>
+<package>python-ConfigArgParse</package>
+<package>python-acme</package>
+<package>python-certbot</package>
+<package>python-certbot-nginx</package>
+<package>python-josepy</package>
+<package>python-pyRFC3339</package>
+</patchinfo>

patchinfo.20251117131911819330.187004354831441/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-36">
+  <issue tracker="bnc" id="1252722">Evolution crashes when opening JPEG attachments after webkit2gtk3 security update</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for evolution</summary>
+  <description>This update for evolution fixes the following issues:
+
+Changes in evolution:
+
+- Fix JavaScript dictionary objects creation. Needed for WebKitGTK &gt;= 2.50
+  (bsc#1252722 glgo#GNOME/evolution#3124).
+</description>
+  <package>evolution</package>
+</patchinfo>

patchinfo.20251117132013106524.187004354831441/_patchinfo

@@ -0,0 +1,31 @@
+<patchinfo incident="packagehub-23">
+  <issue tracker="bnc" id="1238516">quilt: cannot refresh patches for non-x86 code</issue>
+  <issue tracker="bnc" id="1236907">rpm,quilt: update to rpm 4.20 breaks many "quilt setup" invocations</issue>
+  <packager>jdelvare</packager>
+  <rating>important</rating>
+  <category>recommended</category>
+  <summary>Recommended update for quilt</summary>
+  <description>This update for quilt fixes the following issues:
+
+Changes in quilt:
+
+Update to version 0.69:
+
+  * Fix escaping of % and backslash in patch names
+  * new: Stop claiming support of option -p ab
+  * patches: Several performance optimizations
+  * series: Simplify the code
+
+- Make it possible to run "quilt setup" on a spec file which excludes the local
+  architecture (boo#1238516).
+
+- Fix building noarch packages with rpm &gt;= 4.20 (boo#1236907).
+- Make it possible to preprocess spec files which do not comply with the standard. Most
+  notably multibuild OBS spec files need to be preprocessed. Use
+  option "--spec-filter=obs" for these (boo#1236907).
+- Detect the change of build root path hierarchy introduced by rpm 4.20 (boo#1236907).
+- Install the bash completion file to the right directory (reported
+  by rpmlint).
+</description>
+  <package>quilt</package>
+</patchinfo>

patchinfo.20251117132509463589.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-49">
+  <packager>okurz</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Mojolicious-Plugin-Webpack</summary>
+  <description>This update for perl-Mojolicious-Plugin-Webpack fixes the following issues:
+
+Changes in perl-Mojolicious-Plugin-Webpack:
+
+- See https://github.com/jhthorsen/mojolicious-plugin-webpack/pull/17
+</description>
+  <package>perl-Mojolicious-Plugin-Webpack</package>
+  
+</patchinfo>

patchinfo.20251118105940725571.187004354831441/_patchinfo

@@ -0,0 +1,19 @@
+<patchinfo incident="packagehub-24">
+  <issue tracker="bnc" id="1253698">(CVE-2025-13223) (CVE-2025-13224) VUL-0 chromium: release 142.0.7444.175</issue>
+  <issue tracker="cve" id="2025-13224">(CVE-2025-13223) (CVE-2025-13224) VUL-0 chromium: release 142.0.7444.175</issue>
+  <issue tracker="cve" id="2025-13223"/>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+Chromium 142.0.7444.175 (boo#1253698):
+
+  * CVE-2025-13223: Type Confusion in V8
+  * CVE-2025-13224: Type Confusion in V8
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20251118110024655567.187004354831441/_patchinfo

@@ -0,0 +1,67 @@
+<patchinfo incident="packagehub-27">
+  <issue tracker="cve" id="2025-13016">firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component</issue>
+  <issue tracker="cve" id="2025-13019">firefox: Same-origin policy bypass in the DOM: Workers component</issue>
+  <issue tracker="cve" id="2025-13020">firefox: Use-after-free in the WebRTC: Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13017">firefox: Same-origin policy bypass in the DOM: Notifications component</issue>
+  <issue tracker="cve" id="2025-13015">firefox: Spoofing issue in Firefox</issue>
+  <issue tracker="cve" id="2025-13012">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <issue tracker="cve" id="2025-13018">firefox: Mitigation bypass in the DOM: Security component</issue>
+  <issue tracker="cve" id="2025-13014">firefox: Use-after-free in the Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13013">firefox: Mitigation bypass in the DOM: Core &amp; HTML component</issue>
+  <issue tracker="bnc" id="1253188">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.5.0 ESR
+
+MFSA 2025-91 (bsc#1253188):
+
+  * CVE-2025-13012
+    Race condition in the Graphics component
+  * CVE-2025-13016
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * CVE-2025-13017
+    Same-origin policy bypass in the DOM: Notifications component
+  * CVE-2025-13018
+    Mitigation bypass in the DOM: Security component
+  * CVE-2025-13019
+    Same-origin policy bypass in the DOM: Workers component
+  * CVE-2025-13013
+    Mitigation bypass in the DOM: Core &amp; HTML component
+  * CVE-2025-13020
+    Use-after-free in the WebRTC: Audio/Video component
+  * CVE-2025-13014
+    Use-after-free in the Audio/Video component
+  * CVE-2025-13015
+    Spoofing issue in Thunderbird
+  * fixed: Could not drag and drop ICS file to Today Pane
+  * fixed: With Thunderbird closed, clicking a 'mailto:' link to
+    send signed message failed
+  * fixed: Upgrade from 128.x-&gt;140.x broke authentication for
+    @att.net using Yahoo backend
+
+Mozilla Thunderbird 140.4.0 ESR
+
+  * Account Hub is now disabled by default for second email account
+  * Users could not read mail signed with OpenPGP v6 and PQC keys
+  * Image preview in Insert Image dialog failed with CSP error for web resources
+  * Emptying trash on exit did not work with some providers
+  * Thunderbird could crash when applying filters
+  * Users were unable to override expired mail server certificate
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+
+Mozilla Thunderbird 140.3.1 ESR:
+
+  * several bugfixes listed here
+    https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes
+-------------------------------------------------------------------
+</description>
+  <package>MozillaThunderbird</package>
+</patchinfo>

patchinfo.20251119124936938893.187004354831441/_patchinfo

@@ -0,0 +1,25 @@
+<patchinfo incident="packagehub-26">
+  <packager>cfconrad</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for synce4l</summary>
+  <description>This update for synce4l fixes the following issues:
+
+synce4l was updated to 1.1.1:
+
+  * fix possible resource leak
+  * fix requested thread stack size
+  * fix scorecard.yml
+  * initialize pin ID to -1
+  * fix crash in dpll_rt_recv()
+  * create scorecard.yml
+  * unlink smc_socket_path before binding
+  * check smc_socket_path length
+  * change default smc_socket_path to /run/synce4l_socket
+  * fix more compiler warnings
+
+- Initial packaging of version 1.0.0.
+</description>
+  <package>synce4l</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251119130842836205.187004354831441/_patchinfo

@@ -0,0 +1,54 @@
+<patchinfo incident="packagehub-25">
+  <issue tracker="bnc" id="1247368">nmon does not support max cpu configuration</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for nmon</summary>
+  <description>This update for nmon fixes the following issues:
+
+Changes in nmon:
+
+- Increase CPU MAX to 2048 (bsc#1247368)
+
+update to 16q:
+
+  * bugfixes
+  * POWER pool_capacity now correctly divided by 100.
+  * Online view POWER Welcome panel on POWER reports the top MHz
+  Small changes only:
+  * Boottime shown online in the Kernel "k" panel
+  * Utilisation stats: /proc/stat now reports 10 Utilisation stats
+  * Bug caused Seg Faults core dumps fixed while collecting to a
+  * Fix: Improved memory handling for extreme numbers of processes
+    (1000's) or rapid exec of processes  (100's in a millisecond)
+    for large Linux servers. We have examples on Intel of 80 CPU
+  * Online Dot "." command no longer also changes what is displayed
+    as users said it was confusing.
+  * Minor online start-up flash screen text changes to include C
+    concise CPU stats and U for full  Utilisation stats (all 10 of
+    them) instead of a file.
+  * Copyright and GPL v3 notice in the code plus online "h" and
+  * Source code re-indented.
+  * Fixes for Welcome screen on Mainframe
+  * Fixed for Curses handling when collecting data to file - big
+    bug for main frame and x86.
+  * Fixes for Welcome screen on Mainframe
+  * Fixed for Curses handling when collecting data to file - big
+    bug for main frame and x86.
+    + You need a S822LC With NVIDIA GPU(s) and Nvidia Library
+      installed libnvidia-ml.so
+  * CPU Wide View - online view for up to 192 CPUs
+  * CPU MHz per Core ratings for machine that allow cores with
+    different MHz - online &amp; saved to file
+  * lscpu stats capture - online &amp; to file
+  * Z experiment mode showing CPU interrupts - Renamed U stats in
+    version 16b - online only
+  * Online colourising stats to aid usability - online only
+  * Massive improvement in help information: nmon -? and nmon -h
+  * Code change to alphabetic order for getopt() and key input
+  * New nmon logo on flash screen - online only
+  * Extra kernel stats - online only
+</description>
+  <package>nmon</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251126115242783292.93181000773252/_patchinfo

@@ -0,0 +1,54 @@
+<patchinfo incident="packagehub-35">
+  <issue tracker="cve" id="2023-43279">cve#2023-43279 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2023-43279</issue>
+  <issue tracker="bnc" id="1248964">VUL-0: CVE-2025-9649: tcpreplay: division-by-zero in the `calc_sleep_time` function of file send_packets.c when processing malformed PPS parameters</issue>
+  <issue tracker="bnc" id="1243845">VUL-0: CVE-2024-22654: tcpreplay: Infinite loop in tcpreplay with malformed ipv6 headers</issue>
+  <issue tracker="cve" id="2025-9649">cve#2025-9649 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-9649</issue>
+  <issue tracker="cve" id="2025-8746">cve#2025-8746 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-8746</issue>
+  <issue tracker="bnc" id="1248596">VUL-0: CVE-2025-9385: A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restri ...</issue>
+  <issue tracker="cve" id="2023-4256">cve#2023-4256 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2023-4256</issue>
+  <issue tracker="bnc" id="1247919">VUL-0: CVE-2025-8746: tcpreplay: autogen: improper input validation and memory bounds checking when processing certain malformed configuration files</issue>
+  <issue tracker="cve" id="2025-9385">cve#2025-9385 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-9385</issue>
+  <issue tracker="bnc" id="1222131">VUL-0: CVE-2024-3024: tcpreplay: heap-based buffer overflow</issue>
+  <issue tracker="cve" id="2025-9157">cve#2025-9157 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-9157</issue>
+  <issue tracker="bnc" id="1218249">VUL-0: CVE-2023-4256: tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c</issue>
+  <issue tracker="cve" id="2025-9386">cve#2025-9386 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-9386</issue>
+  <issue tracker="bnc" id="1248595">VUL-0: CVE-2025-9384: A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible w ...</issue>
+  <issue tracker="cve" id="2025-9384">cve#2025-9384 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-9384</issue>
+  <issue tracker="cve" id="2025-51006">cve#2025-51006 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-51006</issue>
+  <issue tracker="bnc" id="1248597">VUL-0: CVE-2025-9386: A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must b ...</issue>
+  <issue tracker="cve" id="2024-22654">cve#2024-22654 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2024-22654</issue>
+  <issue tracker="bnc" id="1221324">VUL-0: CVE-2023-43279: tcpreplay: null pointer dereference in mask_cidr6 component at cidr.c</issue>
+  <issue tracker="bnc" id="1248322">VUL-0: CVE-2025-9157: tcpreplay: The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite.</issue>
+  <issue tracker="bnc" id="1250356">VUL-0: CVE-2025-51006: tcpreplay: double free in tcprewrite via a crafted pcap file</issue>
+  <issue tracker="cve" id="2024-3024">cve#2024-3024 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2024-3024</issue>
+  <packager>mkubecek</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for tcpreplay</summary>
+  <description>This update for tcpreplay fixes the following issues:
+
+- update to 4.5.2:
+  * features added since 4.4.4
+    - fix/recalculate header checksum for ipv6-frag
+    - IPv6 frag checksum support
+    - AF_XDP socket support
+    - tcpreplay -w (write into a pcap file)
+    - tcpreplay --fixhdrlen
+    - --include and --exclude options
+    - SLL2 support
+    - Haiku support
+  * security fixes reported for 4.4.4 fixed in 4.5.2
+    - CVE-2023-4256  / bsc#1218249
+    - CVE-2023-43279 / bsc#1221324
+    - CVE-2024-3024  / bsc#1222131 (likely)
+    - CVE-2024-22654 / bsc#1243845
+    - CVE-2025-9157  / bsc#1248322
+    - CVE-2025-9384  / bsc#1248595
+    - CVE-2025-9385  / bsc#1248596
+    - CVE-2025-9386  / bsc#1248597
+    - CVE-2025-9649  / bsc#1248964
+    - CVE-2025-51006 / bsc#1250356
+</description>
+  <package>tcpreplay</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251126115642933537.93181000773252/_patchinfo

@@ -0,0 +1,86 @@
+<patchinfo incident="packagehub-34">
+  <issue tracker="bnc" id="1251471">VUL-0: CVE-2025-47911: gitea-tea: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1251663">VUL-0: CVE-2025-58190: gitea-tea: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="cve" id="2025-58190">cve#2025-58190 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-58190</issue>
+  <issue tracker="cve" id="2025-47911">cve#2025-47911 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-47911</issue>
+  <packager>olh</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for gitea-tea</summary>
+  <description>This update for gitea-tea fixes the following issues:
+
+Changes in gitea-tea:
+
+- update to 0.11.1:
+  * 61d4e57 Fix Pr Create crash (#823)
+  * 4f33146 add test for matching logins (#820)
+  * 08b8398 Update README.md (#819)
+
+- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663)
+- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471)
+
+- update to 0.11.0:
+  * Fix yaml output single quote (#814)
+  * generate man page (#811)
+  * feat: add validation for object-format flag in repo create
+    command (#741)
+  * Fix release version (#815)
+  * update gitea sdk to v0.22 (#813)
+  * don't fallback login directly (#806)
+  * Check duplicated login name in interact mode when creating new
+    login (#803)
+  * Fix bug when output json with special chars (#801)
+  * add debug mode and update readme (#805)
+  * update go.mod to retract the wrong tag v1.3.3 (#802)
+  * revert completion scripts removal (#808)
+  * Remove pagination from context (#807)
+  * Continue auth when failed to open browser (#794)
+  * Fix bug (#793)
+  * Fix tea login add with ssh public key bug (#789)
+  * Add temporary authentication via environment variables (#639)
+  * Fix attachment size (#787)
+  * deploy image when tagging (#792)
+  * Add Zip URL for release list (#788)
+  * Use bubbletea instead of survey for interacting with TUI (#786)
+  * capitalize a few items
+  * rm out of date comparison file
+  * README: Document logging in to gitea (#790)
+  * remove autocomplete command (#782)
+  * chore(deps): update ghcr.io/devcontainers/features/git-lfs
+    docker tag to v1.2.5 (#773)
+  * replace arch package url (#783)
+  * fix: Reenable -p and --limit switches (#778)
+
+- Update to 0.10.1+git.1757695903.cc20b52:
+  - feat: add validation for object-format flag in repo create
+    command (see gh#openSUSE/openSUSE-git#60)
+  - Fix release version
+  - update gitea sdk to v0.22
+  - don't fallback login directly
+  - Check duplicated login name in interact mode when creating
+    new login
+  - Fix bug when output json with special chars
+  - add debug mode and update readme
+  - update go.mod to retract the wrong tag v1.3.3
+  - revert completion scripts removal
+  - Remove pagination from context
+  - Continue auth when failed to open browser
+  - Fix bug
+  - Fix tea login add with ssh public key bug
+  - Add temporary authentication via environment variables
+  - Fix attachment size
+  - deploy image when tagging
+  - Add Zip URL for release list
+  - Use bubbletea instead of survey for interacting with TUI
+  - capitalize a few items
+  - rm out of date comparison file
+  - README: Document logging in to gitea
+  - remove autocomplete command
+  - chore(deps): update ghcr.io/devcontainers/features/git-lfs
+    docker tag to v1.2.5
+  - replace arch package url
+  - fix: Reenable `-p` and `--limit` switches
+</description>
+  <package>gitea-tea</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251126120323268597.93181000773252/_patchinfo

@@ -0,0 +1,62 @@
+<patchinfo incident="packagehub-37">
+  <issue tracker="cve" id="2025-46817">cve#2025-46817 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46817</issue>
+  <issue tracker="cve" id="2025-62507">cve#2025-62507 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-62507</issue>
+  <issue tracker="cve" id="2025-49844">cve#2025-49844 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-49844</issue>
+  <issue tracker="cve" id="2025-46818">cve#2025-46818 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46818</issue>
+  <issue tracker="bnc" id="1250995">VUL-0: CVE-2025-49844,CVE-2025-46817,CVE-2025-46818,CVE-2025-46819: valkey,redis,redis7: multiple LUA issues</issue>
+  <issue tracker="bnc" id="1252996">VUL-0: CVE-2025-62507: redis,redis7,valkey: XACKDEL - potential stack overflow and RCE</issue>
+  <issue tracker="cve" id="2025-46819">cve#2025-46819 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-46819</issue>
+  <packager>ateixeira</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for redis</summary>
+  <description>This update for redis fixes the following issues:
+
+- Updated to 8.2.3 (boo#1252996 CVE-2025-62507)
+  * https://github.com/redis/redis/releases/tag/8.2.3
+  - Security fixes
+    - (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow
+      and potential RCE
+  - Bug fixes
+    - `HGETEX`: A missing `numfields` argument when `FIELDS` is
+      used can lead to Redis crash
+    - An overflow in `HyperLogLog` with 2GB+ entries may result in
+      a Redis crash
+    - Cuckoo filter - Division by zero in Cuckoo filter insertion
+    - Cuckoo filter - Counter overflow
+    - Bloom filter - Arbitrary memory read/write with invalid
+      filter
+    - Bloom filter - Out-of-bounds access with empty chain
+    - Top-k - Out-of-bounds access
+    - Bloom filter - Restore invalid filter [We thank AWS security
+      for responsibly disclosing the security bug]
+
+- Updated to 8.2.2 (boo#1250995)
+  * https://github.com/redis/redis/releases/tag/8.2.2
+  * Fixed Lua script may lead to remote code execution (CVE-2025-49844).
+  * Fixed Lua script may lead to integer overflow (CVE-2025-46817).
+  * Fixed Lua script can be executed in the context of another user
+    (CVE-2025-46818).
+  * Fixed LUA out-of-bound read (CVE-2025-46819).
+  * Fixed potential crash on Lua script or streams and HFE defrag.
+  * Fixed potential crash when using ACL rules.
+  * Added VSIM: new EPSILON argument to specify maximum distance.
+  * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.
+  * Added RESP3 serialization performance.
+  * Added INFO SEARCH: new SVS-VAMANA metrics.
+
+- Updated to 8.2.1
+  * https://github.com/redis/redis/releases/tag/8.2.1
+  - Bug fixes
+    * #14240 INFO KEYSIZES - potential incorrect histogram updates
+      on cluster mode with modules
+    * #14274 Disable Active Defrag during flushing replica
+    * #14276 XADD or XTRIM can crash the server after loading RDB
+    * #Q6601 Potential crash when running FLUSHDB (MOD-10681)
+  * Performance and resource utilization
+    * Query Engine - LeanVec and LVQ proprietary Intel
+      optimizations were removed from Redis Open Source
+    * #Q6621 Fix regression in INFO (MOD-10779)
+</description>
+  <package>redis</package>
+</patchinfo>

patchinfo.20251126122954168954.187004354831441/_patchinfo

@@ -0,0 +1,713 @@
+<patchinfo incident="packagehub-33">
+  <issue tracker="bnc" id="1250625">VUL-0: CVE-2025-11065: trivy: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs</issue>
+  <issue tracker="cve" id="2025-30204">VUL-0: CVE-2025-30204: TRACKERBUG: github.com/golang-jwt/jwt/v4,github.com/golang-jwt/jwt/v5: jwt-go allows excessive memory allocation during header parsing</issue>
+  <issue tracker="cve" id="2024-3817">VUL-0: CVE-2024-3817: TRACKERBUG: hashicorp/go-getter: argument injection when fetching remote default git branches</issue>
+  <issue tracker="bnc" id="1234512">VUL-0: CVE-2024-45337: trivy: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
+  <issue tracker="cve" id="2025-46569">VUL-0: CVE-2025-46569: TRACKERBUG: github.com/open-policy-agent/opa/server: HTTP request path can be crafted to inject Rego code into a constructed query when a virtual document is requested through the Data API</issue>
+  <issue tracker="bnc" id="1240466">VUL-0: CVE-2025-30204: trivy: github.com/golang-jwt/jwt/v4,github.com/golang-jwt/jwt/v5: jwt-go allows excessive memory allocation during header parsing</issue>
+  <issue tracker="cve" id="2024-51744">VUL-0: CVE-2024-51744: TRACKERBUG: github.com/golang-jwt/jwt/v4: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations</issue>
+  <issue tracker="cve" id="2025-53547">VUL-0: CVE-2025-53547: TRACKERBUG: helm,helm.sh/helm/v3: Helm Chart Code Execution</issue>
+  <issue tracker="bnc" id="1232948">VUL-0: CVE-2024-51744: trivy: github.com/golang-jwt/jwt/v4: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt</issue>
+  <issue tracker="cve" id="2025-22872">VUL-0: CVE-2025-22872: TRACKERBUG: golang.org/x/net/html: tags incorrectly interpreted by tokenizer can lead to content being placed in the wrong scope during</issue>
+  <issue tracker="cve" id="2025-27144">VUL-0: CVE-2025-27144: TRACKERBUG: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service</issue>
+  <issue tracker="bnc" id="1239225">VUL-0: CVE-2025-22868: trivy: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2</issue>
+  <issue tracker="cve" id="2025-47291">VUL-0: CVE-2025-47291: TRACKERBUG: github.com/containerd/containerd/v2,containerd: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.</issue>
+  <issue tracker="cve" id="2025-58058">VUL-0: CVE-2025-58058: TRACKERBUG: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="cve" id="2024-45338">VUL-0: CVE-2024-45338: TRACKERBUG: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
+  <issue tracker="bnc" id="1243633">VUL-0: CVE-2025-47291: trivy: github.com/containerd/containerd/v2: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.</issue>
+  <issue tracker="bnc" id="1235265">VUL-0: CVE-2024-45338: trivy: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
+  <issue tracker="cve" id="2025-21613">VUL-0: CVE-2025-21613: TRACKERBUG: github.com/go-git/go-git/v5: argument injection via the URL field</issue>
+  <issue tracker="bnc" id="1241724">VUL-0: CVE-2025-22872: trivy: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
+  <issue tracker="cve" id="2025-22868">VUL-0: CVE-2025-22868: TRACKERBUG: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2</issue>
+  <issue tracker="bnc" id="1246151">VUL-0: CVE-2025-53547: trivy: helm.sh/helm/v3: Helm Chart Code Execution</issue>
+  <issue tracker="bnc" id="1227010">VUL-0: CVE-2024-3817: trivy: hashicorp/go-getter: argument injection when fetching remote default git branches</issue>
+  <issue tracker="bnc" id="1248897">VUL-0: CVE-2025-58058: trivy: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="cve" id="2025-11065">VUL-0: TRACKERBUG: CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs</issue>
+  <issue tracker="bnc" id="1248937">VUL-0: CVE-2025-58058: hauler: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="bnc" id="1237618">VUL-0: CVE-2025-27144: trivy: gopkg.in/go-jose/go-jose.v2: Go JOSE's Parsing Vulnerable to Denial of Service</issue>
+  <issue tracker="bnc" id="1239385">VUL-0: CVE-2025-22869: trivy: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
+  <issue tracker="cve" id="2025-22869">VUL-0: CVE-2025-22869: TRACKERBUG: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
+  <issue tracker="cve" id="2025-21614">CVE-2025-21614 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies</issue>
+  <issue tracker="bnc" id="1246730">VUL-0: CVE-2025-46569: trivy: github.com/open-policy-agent/opa: HTTP request path can be crafted to inject Rego code into a constructed query when a virtual document is requested through the Data API</issue>
+  <issue tracker="cve" id="2024-45337">VUL-0: CVE-2024-45337: TRACKERBUG: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
+  <packager>dirkmueller</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+Changes in trivy:
+
+Update to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058):
+
+  * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638)
+  * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631)
+  * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629)
+  * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615)
+  * fix(vex): don't use reused BOM [backport: release/v0.67] (#9612)
+  * fix(vex): don't  suppress vulns for packages with infinity loop (#9465)
+  * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436)
+  * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282)
+  * docs: clarify inline ignore limitations for resource-less checks (#9537)
+  * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)
+  * fix(misconf): handle tofu files in module detection (#9486)
+  * feat(seal): add seal support (#9370)
+  * docs: fix modules path and update code example (#9539)
+  * fix: close file descriptors and pipes on error paths (#9536)
+  * feat: add documentation URL for database lock errors (#9531)
+  * fix(db): Dowload database when missing but metadata still exists (#9393)
+  * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515)
+  * fix(misconf): unmark cty values before access (#9495)
+  * feat(cli): change --list-all-pkgs default to true (#9510)
+  * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518)
+  * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302)
+  * refactor: remove google/wire dependency and implement manual DI (#9509)
+  * chore(deps): bump the aws group with 6 updates (#9481)
+  * chore(deps): bump the common group across 1 directory with 24 updates (#9507)
+  * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497)
+  * docs: move info about `detection priority` into coverage section (#9469)
+  * feat(sbom): added support for CoreOS (#9448)
+  * fix(misconf): strip build metadata suffixes from image history (#9498)
+  * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439)
+  * docs: Fix typo in terraform docs (#9492)
+  * feat(redhat): add os-release detection for RHEL-based images (#9458)
+  * ci(deps): add 3-day cooldown period for Dependabot updates (#9475)
+  * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422)
+  * fix(vuln): compare `nuget` package names in lower case (#9456)
+  * chore: Update release flow to include chocolatey (#9460)
+  * docs: document eol supportability (#9434)
+  * docs(report): add nuanses about secret/license scanner in summary table (#9442)
+  * ci: use environment variables in GitHub Actions for improved security (#9433)
+  * chore: bump Go to 1.24.7 (#9435)
+  * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330)
+  * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425)
+
+Update to version 0.66.0 (bsc#1248937, CVE-2025-58058):
+
+  * chore(deps): bump the aws group with 7 updates (#9419)
+  * refactor(secret): clarify secret scanner messages (#9409)
+  * fix(cyclonedx): handle multiple license types (#9378)
+  * fix(repo): sanitize git repo URL before inserting into report metadata (#9391)
+  * test: add HTTP basic authentication to git test server (#9407)
+  * fix(sbom): add support for `file` component type of `CycloneDX` (#9372)
+  * fix(misconf): ensure module source is known (#9404)
+  * ci: migrate GitHub Actions from version tags to SHA pinning (#9405)
+  * fix: create temp file under composite fs dir (#9387)
+  * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403)
+  * refactor: switch to stable azcontainerregistry SDK package (#9319)
+  * chore(deps): bump the common group with 7 updates (#9382)
+  * refactor(misconf): migrate from custom Azure JSON parser (#9222)
+  * fix(repo): preserve RepoMetadata on FS cache hit (#9389)
+  * refactor(misconf): use atomic.Int32 (#9385)
+  * chore(deps): bump the aws group with 6 updates (#9383)
+  * docs: Fix broken link to "Built-in Checks" (#9375)
+  * fix(plugin): don't remove plugins when updating index.yaml file (#9358)
+  * fix: persistent flag option typo (#9374)
+  * chore(deps): bump the common group across 1 directory with 26 updates (#9347)
+  * fix(image): use standardized HTTP client for ECR authentication (#9322)
+  * refactor: export `systemFileFiltering` Post Handler (#9359)
+  * docs: update links to Semaphore pages (#9352)
+  * fix(conda): memory leak by adding closure method for `package.json` file (#9349)
+  * feat: add timeout handling for cache database operations (#9307)
+  * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296)
+  * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324)
+  * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301)
+  * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277)
+  * chore: fix some function names in comment (#9314)
+  * chore(deps): bump the aws group with 7 updates (#9311)
+  * docs: add explanation for how to use non-system certificates (#9081)
+  * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962)
+  * fix(misconf): preserve original paths of remote submodules from .terraform (#9294)
+  * refactor(terraform): make Scan method of Terraform plan scanner private (#9272)
+  * fix: suppress debug log for context cancellation errors (#9298)
+  * feat(secret): implement streaming secret scanner with byte offset tracking (#9264)
+  * fix(python): impove package name normalization  (#9290)
+  * feat(misconf): added audit config attribute (#9249)
+  * refactor(misconf): decouple input fs and track extracted files with fs references (#9281)
+  * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291)
+  * refactor: simplify Detect function signature (#9280)
+  * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288)
+  * fix(fs): avoid shadowing errors in file.glob (#9286)
+  * test(misconf): move terraform scan tests to integration tests (#9271)
+  * test(misconf): drop gcp iam test covered by another case (#9285)
+  * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283)
+
+Update to version 0.65.0:
+
+  * fix(cli): ensure correct command is picked by telemetry (#9260)
+  * feat(flag): add schema validation for `--server` flag (#9270)
+  * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274)
+  * ci: skip undefined labels in discussion triage action (#9175)
+  * feat(repo): add git repository metadata to reports (#9252)
+  * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232)
+  * chore: add modernize tool integration for code modernization (#9251)
+  * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253)
+  * chore: implement process-safe temp file cleanup (#9241)
+  * fix: prevent graceful shutdown message on normal exit (#9244)
+  * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237)
+  * feat: add graceful shutdown with signal handling (#9242)
+  * chore: update template URL for brew formula (#9221)
+  * test: add end-to-end testing framework with image scan and proxy tests (#9231)
+  * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239)
+  * ci: specify repository for `gh cache delete` in canary worklfow (#9240)
+  * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236)
+  * fix(misconf): fix log bucket in schema (#9235)
+  * chore(deps): bump the common group across 1 directory with 24 updates (#9228)
+  * ci: move runner.os context from job-level env to step-level in canary workflow (#9233)
+  * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214)
+  * feat(misconf): added logging and versioning to the gcp storage bucket (#9226)
+  * fix(server): add HTTP transport setup to server mode (#9217)
+  * chore: update the rpm download Update (#9202)
+  * feat(alma): add AlmaLinux 10 support (#9207)
+  * fix(nodejs): don't use prerelease logic for compare npm constraints  (#9208)
+  * fix(rootio): fix severity selection (#9181)
+  * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194)
+  * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) &lt; 2 (#9206)
+  * fix(misconf): correctly adapt azure storage account (#9138)
+  * feat(misconf): add private ip google access attribute to subnetwork (#9199)
+  * feat(report): add CVSS vectors in sarif report (#9157)
+  * fix(terraform): `for_each` on a map returns a resource for every key (#9156)
+  * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151)
+  * chore: migrate protoc setup from Docker to buf CLI (#9184)
+  * ci: delete cache after artifacts upload in canary workflow (#9177)
+  * refactor: remove aws flag helper message (#9080)
+  * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183)
+  * ci: add auto-ready-for-review workflow (#9179)
+  * feat(image): add Docker context resolution (#9166)
+  * ci: optimize golangci-lint performance with cache-based strategy (#9173)
+  * feat: add HTTP request/response tracing support (#9125)
+  * fix(aws): update amazon linux 2 EOL date (#9176)
+  * chore: Update release workflow to trigger version updates (#9162)
+  * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164)
+  * fix: also check `filepath` when removing duplicate packages (#9142)
+  * chore: add debug log to show image source location (#9163)
+  * docs: add section on customizing default check data (#9114)
+  * chore(deps): bump the common group across 1 directory with 9 updates (#9153)
+  * docs: partners page content updates (#9149)
+  * chore(license): add missed spdx exceptions: (#9147)
+  * docs: trivy partners page updates (#9133)
+  * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131)
+  * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135)
+  * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126)
+  * fix(misconf): skip rewriting expr if attr is nil (#9113)
+  * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116)
+  * fix(cli): Add more non-sensitive flags to telemetry (#9110)
+  * fix(alma): parse epochs from rpmqa file (#9101)
+  * fix(rootio): check full version to detect `root.io` packages (#9117)
+  * chore: drop FreeBSD 32-bit support (#9102)
+  * fix(sbom): use correct field for licenses in CycloneDX reports (#9057)
+  * fix(secret): fix line numbers for multiple-line secrets (#9104)
+  * feat(license): observe pkg types option in license scanner (#9091)
+  * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107)
+- (CVE-2025-53547, bsc#1246151)
+
+- Update to version 0.64.1 (bsc#1243633, CVE-2025-47291,
+                           (bsc#1246730, CVE-2025-46569):
+
+  * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)
+  * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)
+  * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120)
+  * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)
+  * docs(python): fix type with METADATA file name (#9090)
+  * feat: reject unsupported artifact types in remote image retrieval (#9052)
+  * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)
+  * refactor(misconf): rewrite Rego module filtering using functional filters (#9061)
+  * feat(terraform): add partial evaluation for policy templates (#8967)
+  * feat(vuln): add Root.io support for container image scanning (#9073)
+  * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)
+  * fix(cli): add some values to the telemetry call (#9056)
+  * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)
+  * refactor: centralize HTTP transport configuration (#9058)
+  * test: include integration tests in linting and fix all issues (#9060)
+  * chore(deps): bump the common group across 1 directory with 26 updates (#9063)
+  * feat(java): dereference all maven settings.xml env placeholders (#9024)
+  * fix(misconf): reduce log noise on incompatible check (#9029)
+  * fix(misconf): .Config.User always takes precedence over USER in .History (#9050)
+  * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)
+  * docs(misconf): simplify misconfiguration docs (#9030)
+  * fix(misconf): move disabled checks filtering after analyzer scan (#9002)
+  * docs: add PR review policy for maintainers (#9032)
+  * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)
+  * test: improve and extend tests for iac/adapters/arm (#9028)
+  * chore: bump up Go version to 1.24.4 (#9031)
+  * feat(cli): add version constraints to annoucements (#9023)
+  * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)
+  * feat(ubuntu): add eol date for 20.04-ESM (#8981)
+  * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549)
+  * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998)
+  * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)
+  * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)
+  * feat(misconf): add OpenTofu file extension support (#8747)
+  * refactor(misconf): set Trivy version by default in Rego scanner (#9001)
+  * docs: fix assets with versioning (#8996)
+  * docs: add partners page (#8988)
+  * chore(alpine): add EOL date for Alpine 3.22 (#8992)
+  * fix: don't show corrupted trivy-db warning for first run (#8991)
+  * Update installation.md (#8979)
+  * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)
+  * chore(k8s): update comments with deprecated command format (#8964)
+  * chore: fix errors and typos in docs (#8963)
+  * fix: Add missing version check flags (#8951)
+  * feat(redhat): Add EOL date for RHEL 10. (#8910)
+  * fix: Correctly check for semver versions for trivy version check (#8948)
+  * refactor(server): change custom advisory and vulnerability data types fr… (#8923)
+  * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)
+  * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)
+  * chore(deps): Bump trivy-checks (#8934)
+  * fix(julia): add `Relationship` field support (#8939)
+  * feat(minimos): Add support for MinimOS (#8792)
+  * feat(alpine): add maintainer field extraction for APK packages (#8930)
+  * feat(echo): Add Echo Support (#8833)
+  * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)
+  * fix(wolfi): support new APK database location (#8937)
+  * feat(k8s): get components from namespaced resources (#8918)
+  * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)
+  * refactor(terraform): remove result sorting from scanner (#8928)
+  * feat(misconf): Add support for `Minimum Trivy Version` (#8880)
+  * docs: improve skipping files documentation (#8749)
+  * feat(cli): Add available version checking (#8553)
+  * feat(nodejs): add a bun.lock analyzer (#8897)
+  * feat: terraform parser option to set current working directory (#8909)
+  * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)
+  * feat(misconf): export raw Terraform data to Rego (#8741)
+  * refactor(terraform): simplify AllReferences method signature in Attribute (#8906)
+  * fix: check post-analyzers for StaticPaths (#8904)
+  * feat: add Bottlerocket OS package analyzer (#8653)
+  * feat(license): improve work text licenses with custom classification (#8888)
+  * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)
+  * chore(deps): bump the common group across 1 directory with 9 updates (#8887)
+  * refactor(license): simplify compound license scanning (#8896)
+  * feat(license): Support compound licenses (licenses using SPDX operators) (#8816)
+  * fix(k8s): use in-memory cache backend during misconfig scanning (#8873)
+  * feat(nodejs): add bun.lock parser (#8851)
+  * feat(license): improve work with custom classification of licenses from config file (#8861)
+  * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886)
+  * fix: julia parser panicing (#8883)
+  * refactor(db): change logic to detect wrong DB (#8864)
+  * fix(cli): don't use allow values for `--compliance` flag (#8881)
+  * docs(misconf): Reorganize misconfiguration scan pages (#8206)
+  * fix(server): add missed Relationship field for `rpc` (#8872)
+  * feat: add JSONC support for comments and trailing commas (#8862)
+  * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858)
+  * feat(go): support license scanning in both GOPATH and vendor (#8843)
+  * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)
+  * fix: filter all files when processing files installed from package managers (#8842)
+  * feat(misconf): add misconfiguration location to junit template (#8793)
+  * docs(vuln): remove OSV for Python from data sources (#8841)
+  * chore: add an issue template for maintainers (#8838)
+  * chore: enable staticcheck (#8815)
+  * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)
+  * feat(license): scan vendor directory for license for go.mod files (#8689)
+  * docs(java):  Update info about dev deps in gradle lock (#8830)
+  * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)
+  * fix(java): exclude dev dependencies in gradle lockfile (#8803)
+  * fix: octalLiteral from go-critic (#8811)
+  * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)
+  * chore(deps): bump the common group across 1 directory with 10 updates (#8817)
+  * fix: use-any from revive (#8810)
+  * fix: more revive rules (#8814)
+  * docs: change in java.md: fix the Trity -to-&gt; Trivy typo (#8813)
+  * fix(misconf): check if for-each is known when expanding dyn block (#8808)
+  * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)
+
+- Update to version 0.62.1 (bsc#1239225, CVE-2025-22868,
+                            bsc#1241724, CVE-2025-22872):
+
+  * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)
+  * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)
+  * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)
+  * feat(nodejs): add root and workspace for `yarn` packages (#8535)
+  * fix: unused-parameter rule from revive (#8794)
+  * chore(deps): Update trivy-checks (#8798)
+  * fix: early-return, indent-error-flow and superfluous-else rules from revive  (#8796)
+  * fix(k8s): remove using `last-applied-configuration` (#8791)
+  * refactor(misconf): remove unused methods from providers (#8781)
+  * refactor(misconf): remove unused methods from iac types (#8782)
+  * fix(misconf): filter null nodes when parsing json manifest (#8785)
+  * fix: testifylint last issues (#8768)
+  * fix(misconf): perform operations on attribute safely (#8774)
+  * refactor(ubuntu): update time handling for fixing time (#8780)
+  * chore(deps): bump golangci-lint to v2.1.2 (#8766)
+  * feat(image): save layers metadata into report (#8394)
+  * feat(misconf): convert AWS managed policy to document (#8757)
+  * chore(deps): bump the docker group across 1 directory with 3 updates (#8762)
+  * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)
+  * ci(helm): create a helm branch for patches from main (#8673)
+  * fix(terraform): hcl object expressions to return references (#8271)
+  * chore(terraform): option to pass in instanced logger  (#8738)
+  * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740)
+  * chore(terraform): remove os.OpenPath call from terraform file functions (#8737)
+  * chore(deps): bump the common group across 1 directory with 23 updates (#8733)
+  * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676)
+  * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)
+  * fix(misconf): populate context correctly for module instances (#8656)
+  * fix(misconf): check if metadata is not nil (#8647)
+  * refactor(misconf): switch to x/json  (#8719)
+  * fix(report): clean buffer after flushing (#8725)
+  * ci: improve PR title validation workflow (#8720)
+  * refactor(flag): improve flag system architecture and extensibility (#8718)
+  * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555)
+  * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591)
+  * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)
+  * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702)
+  * refactor: add hook interface for extended functionality (#8585)
+  * fix(misconf): add missing variable as unknown (#8683)
+  * docs: Update maintainer docs (#8674)
+  * ci(vuln): reduce github action script injection attack risk (#8610)
+  * fix(secret): ignore .dist-info directories during secret scanning (#8646)
+  * fix(server): fix redis key when trying to delete blob (#8649)
+  * chore(deps): bump the testcontainers group with 2 updates (#8650)
+  * test: use `aquasecurity` repository for test images (#8677)
+  * chore(deps): bump the aws group across 1 directory with 5 updates (#8652)
+  * fix(k8s): skip passed misconfigs for the summary report (#8684)
+  * fix(k8s): correct compare artifact versions (#8682)
+  * chore: update Docker lib (#8681)
+  * refactor(misconf): remove unused terraform attribute methods (#8657)
+  * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)
+  * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643)
+  * docs: Add info about helm charts release (#8640)
+  * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)
+
+Update to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204):
+
+  * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)
+  * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)
+  * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698)
+  * fix(misconf): Improve logging for unsupported checks (#8634)
+  * feat(k8s): add support for controllers (#8614)
+  * fix(debian): don't include empty licenses for `dpkgs` (#8623)
+  * fix(misconf): Check values wholly prior to evalution (#8604)
+  * chore(deps): Bump trivy-checks (#8619)
+  * fix(k8s): show report for `--report all` (#8613)
+  * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)
+  * refactor: rename scanner to service (#8584)
+  * fix(misconf): do not skip loading documents from subdirectories (#8526)
+  * refactor(misconf): get a block or attribute without calling HasChild (#8586)
+  * fix(misconf): identify the chart file exactly by name (#8590)
+  * test: use table-driven tests in Helm scanner tests (#8592)
+  * refactor(misconf): Simplify misconfig checks bundle parsing (#8533)
+  * chore(deps): bump the common group across 1 directory with 10 updates (#8566)
+  * fix(misconf): do not use cty.NilVal for non-nil values (#8567)
+  * docs(cli): improve flag value display format (#8560)
+  * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)
+  * docs: remove slack (#8565)
+  * fix: use `--file-patterns` flag for all post analyzers (#7365)
+  * docs(python): Mention pip-compile (#8484)
+  * feat(misconf): adapt aws_opensearch_domain (#8550)
+  * feat(misconf): adapt AWS::EC2::VPC (#8534)
+  * docs: fix a broken link (#8546)
+  * fix(fs): check postAnalyzers for StaticPaths (#8543)
+  * refactor(misconf): remove unused methods for ec2.Instance (#8536)
+  * feat(misconf): adapt aws_default_security_group (#8538)
+  * feat(fs): optimize scanning performance by direct file access for known paths (#8525)
+  * feat(misconf): adapt AWS::DynamoDB::Table (#8529)
+  * style: Fix MD syntax in self-hosting.md (#8523)
+  * perf(misconf): retrieve check metadata from annotations once (#8478)
+  * feat(misconf): Add support for aws_ami (#8499)
+  * fix(misconf): skip Azure CreateUiDefinition (#8503)
+  * refactor(misconf): use OPA v1 (#8518)
+  * fix(misconf): add ephemeral block type to config schema (#8513)
+  * perf(misconf): parse input for Rego once (#8483)
+  * feat: replace TinyGo with standard Go for WebAssembly modules (#8496)
+  * chore: replace deprecated tenv linter with usetesting (#8504)
+  * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502)
+  * chore(deps): bump the common group across 1 directory with 13 updates (#8491)
+  * chore: use go.mod for managing Go tools (#8493)
+  * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)
+  * fix(sbom): improve logic for binding direct dependency to parent component (#8489)
+  * chore(deps): remove missed replace of `trivy-db` (#8492)
+  * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)
+  * chore(deps): update Go to 1.24 and switch to go-version-file (#8388)
+  * docs: add abbreviation list (#8453)
+  * chore(terraform): assign *terraform.Module 'parent' field (#8444)
+  * feat: add report summary table (#8177)
+  * chore(deps): bump the github-actions group with 3 updates (#8473)
+  * refactor(vex): improve SBOM reference handling with project standards (#8457)
+  * ci: update GitHub Actions cache to v4 (#8475)
+  * feat: add `--vuln-severity-source` flag (#8269)
+  * fix(os): add mapping OS aliases (#8466)
+  * chore(deps): bump the aws group across 1 directory with 7 updates (#8468)
+  * chore(deps): Bump trivy-checks to v1.7.1 (#8467)
+  * refactor(report): write tables after rendering all results (#8357)
+  * docs: update VEX documentation index page (#8458)
+  * fix(db): fix case when 2 trivy-db were copied at the same time (#8452)
+  * feat(misconf): render causes for Terraform (#8360)
+  * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)
+  * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)
+  * chore(deps): update go-rustaudit location (#8450)
+  * fix: update all documentation links (#8045)
+  * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)
+  * chore(deps): bump the common group with 6 updates (#8411)
+  * fix(k8s): add missed option `PkgRelationships` (#8442)
+  * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)
+  * feat(go): fix parsing main module version for go &gt;= 1.24 (#8433)
+  * refactor(misconf): make Rego scanner independent of config type (#7517)
+  * fix(image): disable AVD-DS-0007 for history scanning (#8366)
+  * fix(server): secrets inspectation for the config analyzer in client server mode (#8418)
+  * chore: remove mockery (#8417)
+  * test(server): replace mock driver with memory cache in server tests (#8416)
+  * test: replace mock with memory cache and fix non-deterministic tests (#8410)
+  * test: replace mock with memory cache in scanner tests (#8413)
+  * test: use memory cache (#8403)
+  * fix(spdx): init `pkgFilePaths` map for all formats (#8380)
+  * chore(deps): bump the common group across 1 directory with 11 updates (#8381)
+  * docs: correct Ruby documentation (#8402)
+  * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)
+  * fix: don't use `scope` for `trivy registry login` command (#8393)
+  * fix(go): merge nested flags into string for ldflags for Go binaries (#8368)
+  * chore(terraform): export module path on terraform modules (#8374)
+  * fix(terraform): apply parser options to submodule parsing (#8377)
+  * docs: Fix typos in documentation (#8361)
+  * docs: fix navigate links (#8336)
+  * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)
+  * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)
+  * chore: remove debug prints (#8347)
+  * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)
+  * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)
+  * chore(deps): bump Go to `v1.23.5` (#8341)
+  * fix(python): add `poetry` v2 support (#8323)
+  * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)
+  * fix(misconf): ecs include enhanced for container insights (#8326)
+  * fix(sbom): preserve OS packages from multiple SBOMs (#8325)
+  * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)
+  *  (bsc#1237618, CVE-2025-27144)
+
+Update to version 0.59.1:
+
+  * fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)
+  * chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343)
+  * fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335)
+  * fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)
+
+Update to version 0.59.0:
+
+  * feat(image): return error early if total size of layers exceeds limit (#8294)
+  * chore(deps): Bump trivy-checks (#8310)
+  * chore(terraform): add accessors to underlying raw hcl values (#8306)
+  * fix: improve conversion of image config to Dockerfile (#8308)
+  * docs: replace short codes with Unicode emojis (#8296)
+  * feat(k8s): improve artifact selections for specific namespaces (#8248)
+  * chore: update code owners (#8303)
+  * fix(misconf): handle heredocs in dockerfile instructions (#8284)
+  * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)
+  * chore(deps): bump the aws group with 7 updates (#8299)
+  * chore(deps): bump the common group with 12 updates (#8301)
+  * chore: enable int-conversion from perfsprint (#8194)
+  * feat(fs): use git commit hash as cache key for clean repositories (#8278)
+  * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)
+  * chore: use require.ErrorContains when possible (#8291)
+  * feat(image): prevent scanning oversized container images (#8178)
+  * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)
+  * fix(fs): fix cache key generation to use UUID (#8275)
+  * fix(misconf): correctly handle all YAML tags in K8S templates (#8259)
+  * feat: add support for registry mirrors (#8244)
+  * chore(deps): bump the common group across 1 directory with 29 updates (#8261)
+  * refactor(license): improve license expression normalization (#8257)
+  * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)
+  * feat: add a examples field to check metadata (#8068)
+  * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)
+  * ci: add workflow to restrict direct PRs to release branches (#8240)
+  * fix(suse): SUSE - update OSType constants and references for compatility (#8236)
+  * ci: fix path to main dir for canary builds (#8231)
+  * chore(secret): add reported issues related to secrets in junit template (#8193)
+  * refactor: use trivy-checks/pkg/specs package (#8226)
+  * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)
+  * fix(misconf): allow null values only for tf variables (#8112)
+  * feat(misconf): support for ignoring by inline comments for Helm (#8138)
+  * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)
+  * chore(alpine): add EOL date for Alpine 3.21 (#8221)
+  * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)
+  * fix(misconf): disable git terminal prompt on tf module load (#8026)
+  * chore: remove aws iam related scripts (#8179)
+  * docs: Updated JSON schema version 2 in the trivy documentation (#8188)
+  * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)
+  * refactor: use slices package instead of custom function (#8172)
+  * chore(deps): bump the common group with 6 updates (#8162)
+  * feat(python): add support for uv dev and optional dependencies (#8134)
+  * feat(python): add support for poetry dev dependencies (#8152)
+  * fix(sbom): attach nested packages to Application (#8144)
+  * docs(vex): use debian minor version in examples (#8166)
+  * refactor: add generic Set implementation (#8149)
+  * chore(deps): bump the aws group across 1 directory with 6 updates (#8163)
+  * fix(python): skip dev group's deps for poetry (#8106)
+  * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)
+  * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)
+  * chore(vex): suppress CVE-2024-45338 (#8137)
+  * feat(python): add support for uv (#8080)
+  * chore(deps): bump the docker group across 1 directory with 3 updates (#8127)
+  * chore(deps): bump the common group across 1 directory with 14 updates (#8126)
+  * chore: bump go to 1.23.4 (#8123)
+  * test: set dummy value for NUGET_PACKAGES (#8107)
+  * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)
+  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)
+  * fix: wasm module test (#8099)
+  * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)
+  * chore(vex): suppress CVE-2024-45337 (#8101)
+  * fix(license): always trim leading and trailing spaces for licenses (#8095)
+  * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)
+  * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)
+  * fix: enable err-error and errorf rules from perfsprint linter (#7859)
+  * chore(deps): bump the aws group across 1 directory with 6 updates (#8074)
+  * perf: avoid heap allocation in applier findPackage (#7883)
+  * fix: Updated twitter icon (#7772)
+  * docs(k8s): add a note about multi-container pods (#7815)
+  * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)
+  * fix(oracle): add architectures support for advisories (#4809)
+  * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)
+  * feat(misconf): generate placeholders for random provider resources (#8051)
+  * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)
+  * fix(flag): skip hidden flags for `--generate-default-config` command (#8046)
+  * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)
+  * feat(nodejs): respect peer dependencies for dependency tree (#7989)
+  * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
+  * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
+  * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
+  * fix(misconf): use log instead of fmt for logging (#8033)
+  * docs: add commercial content (#8030)
+
+- Update to version 0.58.2 (
+      bsc#1234512, CVE-2024-45337,
+      bsc#1235265, CVE-2024-45338,
+      bsc#1232948, CVE-2024-51744):
+
+  * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
+  * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
+  * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)
+  * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)
+  * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
+  * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)
+  * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)
+  * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)
+  * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)
+  * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)
+  * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)
+  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)
+  * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)
+  * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)
+  * fix(misconf): wrap AWS EnvVar to iac types (#7407)
+  * chore(deps): Upgrade trivy-checks (#8018)
+  * refactor(misconf): Remove unused options (#7896)
+  * docs: add terminology page to explain Trivy concepts (#7996)
+  * feat: add `workspaceRelationship` (#7889)
+  * refactor(sbom): simplify relationship generation (#7985)
+  * chore: remove Go checks (#7907)
+  * docs: improve databases documentation (#7732)
+  * refactor: remove support for custom Terraform checks (#7901)
+  * docs: fix dead links (#7998)
+  * docs: drop AWS account scanning (#7997)
+  * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
+  * fix(cli): Handle empty ignore files more gracefully (#7962)
+  * fix(misconf): load full Terraform module (#7925)
+  * fix(misconf): properly resolve local Terraform cache (#7983)
+  * refactor(k8s): add v prefix for Go packages (#7839)
+  * test: replace Go checks with Rego (#7867)
+  * feat(misconf): log causes of HCL file parsing errors (#7634)
+  * chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
+  * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
+  * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
+  * chore: downgrade the failed block expand message to debug (#7964)
+  * fix(misconf): do not erase variable type for child modules (#7941)
+  * feat(go): construct dependencies of `go.mod` main module in the parser (#7977)
+  * feat(go): construct dependencies in the parser (#7973)
+  * feat: add cvss v4 score and vector in scan response (#7968)
+  * docs: add `overview` page for `others` (#7972)
+  * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)
+  * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
+  * chore(deps): bump the common group with 4 updates (#7949)
+  * feat(oracle): add `flavors` support (#7858)
+  * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953)
+  * chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
+  * fix(k8s): check all results for vulnerabilities (#7946)
+  * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)
+  * feat(secret): Add built-in secrets rules for Private Packagist (#7826)
+  * docs: Fix broken links (#7900)
+  * docs: fix mistakes/typos (#7942)
+  * feat: Update registry fallbacks (#7679)
+  * fix(alpine): add `UID` for removed packages (#7887)
+  * chore(deps): bump the aws group with 6 updates (#7902)
+  * chore(deps): bump the common group with 6 updates (#7904)
+  * fix(debian): infinite loop (#7928)
+  * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912)
+  * docs: add note about temporary podman socket (#7921)
+  * docs: combine trivy.dev into trivy docs (#7884)
+  * test: change branch in spdx schema link to check in integration tests (#7935)
+  * docs: add Headlamp to the Trivy Ecosystem page (#7916)
+  * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898)
+  * chore(k8s): enhance k8s scan log (#6997)
+  * fix(terraform): set null value as fallback for missing variables (#7669)
+  * fix(misconf): handle null properties in CloudFormation templates (#7813)
+  * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
+  * chore(deps): bump the common group across 1 directory with 20 updates (#7876)
+  * chore: bump containerd to v2.0.0 (#7875)
+  * fix: Improve version comparisons when build identifiers are present (#7873)
+  * feat(k8s): add default commands for unknown platform (#7863)
+  * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)
+  * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)
+  * test: save `containerd` image into archive and use in tests (#7816)
+  * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)
+  * chore: bump golangci-lint to v1.61.0 (#7853)
+
+Update to version 0.57.1:
+
+  * feat: Update registry fallbacks [backport: release/v0.57] (#7944)
+  * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939)
+  * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940)
+  * release: v0.57.0 [main] (#7710)
+  * chore: lint `errors.Join` (#7845)
+  * feat(db): append errors (#7843)
+  * docs(java): add info about supported scopes (#7842)
+  * docs: add example of creating whitelist of checks (#7821)
+  * chore(deps): Bump trivy-checks (#7819)
+  * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
+  * fix(k8s): skip resources without misconfigs (#7797)
+  * fix(sbom):  use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811)
+  * fix(cli): add config name to skip-policy-update alias (#7820)
+  * fix(helm): properly handle multiple archived dependencies (#7782)
+  * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776)
+  * fix(k8s)!: support k8s multi container (#7444)
+  * fix(k8s): support kubernetes v1.31 (#7810)
+  * docs: add Windows install instructions (#7800)
+  * ci(helm): auto public Helm chart after PR merged (#7526)
+  * feat: add end of life date for Ubuntu 24.10 (#7787)
+  * feat(report): update gitlab template to populate operating_system value (#7735)
+  * feat(misconf): Show misconfig ID in output (#7762)
+  * feat(misconf): export unresolvable field of IaC types to Rego (#7765)
+  * refactor(k8s): scan config files as a folder (#7690)
+  * fix(license): fix license normalization for Universal Permissive License (#7766)
+  * fix: enable usestdlibvars linter (#7770)
+  * fix(misconf): properly expand dynamic blocks (#7612)
+  * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)
+  * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)
+  * refactor(misconf): simplify k8s scanner (#7717)
+  * feat(parser): ignore white space in pom.xml files (#7747)
+  * test: use forked images (#7755)
+  * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541)
+  * fix(misconf): check if property is not nil before conversion (#7578)
+  * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)
+  * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
+  * test: define constants for test images (#7739)
+  * docs: add note about disabled DS016 check (#7724)
+  * feat(misconf): public network support for Azure Storage Account (#7601)
+  * feat(cli): rename `trivy auth` to `trivy registry` (#7727)
+  * docs: apt-transport-https is a transitional package (#7678)
+  * refactor(misconf): introduce generic scanner (#7515)
+  * fix(cli): `clean --all` deletes only relevant dirs (#7704)
+  * feat(cli): add `trivy auth` (#7664)
+  * fix(sbom): add options for DBs in private registries (#7660)
+  * docs(report): fix reporting doc format (#7671)
+  * fix(repo): `git clone` output to Stderr (#7561)
+  * fix(redhat): include arch in PURL qualifiers (#7654)
+  * fix(report): Fix invalid URI in SARIF report (#7645)
+  * docs(report): Improve SARIF reporting doc (#7655)
+  * fix(db): fix javadb downloading error handling (#7642)
+  * feat(cli): error out when ignore file cannot be found (#7624)
+
+Update to version 0.56.2:
+
+  * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
+  * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
+
+- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817):
+</description>
+  <package>trivy</package>
+</patchinfo>

patchinfo.20251126142654688873.93181000773252/_patchinfo

@@ -0,0 +1,18 @@
+<patchinfo incident="packagehub-32">
+  <issue tracker="bnc" id="1253957">VUL-0: CVE-2025-13470,CVE-2025-13402: rnp: rnp PKESK session keys generated as all‑zero</issue>
+  <issue tracker="cve" id="2025-13470">cve#2025-13470 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-13470</issue>
+  <issue tracker="cve" id="2025-13402">cve#2025-13402 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-13402</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for rnp</summary>
+  <description>This update for rnp fixes the following issues:
+
+- update to 0.18.1:
+  * CVE-2025-13470: PKESK (public-key encrypted) session keys were
+    generated as all-zero, allowing trivial decryption of messages
+    encrypted with public keys only (boo#1253957, CVE-2025-13402)
+</description>
+  <package>rnp</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251127113212085239.93181000773252/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-40">
+  <issue tracker="cve" id="2025-61659"/>
+  <issue tracker="bnc" id="1247489">VUL-0: CVE-2025-61659: bash-git-prompt: uses predictable file in /tmp for a copy of the git index</issue>
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for bash-git-prompt</summary>
+  <description>This update for bash-git-prompt fixes the following issues:
+
+- CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index (bsc#1247489)
+</description>
+  <package>bash-git-prompt</package>
+</patchinfo>

patchinfo.20251127122850445245.93181000773252/_patchinfo

@@ -0,0 +1,65 @@
+<patchinfo incident="packagehub-38">
+  <issue tracker="bnc" id="1243954">VUL-0: CVE-2025-29785: shadowsocks-v2ray-plugin: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference</issue>
+  <issue tracker="cve" id="2025-47911">cve#2025-47911 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-47911</issue>
+  <issue tracker="bnc" id="1243946">VUL-0: CVE-2025-29785: v2ray-core: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference</issue>
+  <issue tracker="cve" id="2025-297850">cve#2025-297850 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-297850</issue>
+  <issue tracker="bnc" id="1251404">VUL-0: CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1235164">VUL-0: CVE-2023-49295: v2ray-core: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism</issue>
+  <packager>hillwood</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for shadowsocks-v2ray-plugin, v2ray-core</summary>
+  <description>This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues:
+
+Changes in shadowsocks-v2ray-plugin:
+
+- Update version to 5.25.0
+  * Update v2ray-core to v5.25.0
+- Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850)
+
+Changes in v2ray-core:
+
+- Fix CVE-2025-47911 and boo#1251404
+  * Add fix-CVE-2025-47911.patch
+  * Update golang.org/x/net to 0.45.0 in vendor
+
+- Update version to 5.38.0
+  * TLSMirror Connection Enrollment System
+  * Add TLSMirror Sequence Watermarking
+  * LSMirror developer preview protocol is now a part of mainline V2Ray
+  * proxy dns with NOTIMP error
+  * Add TLSMirror looks like TLS censorship resistant transport protocol
+    as a developer preview transport
+  * proxy dns with NOTIMP error
+  * fix false success from SOCKS server when Dispatch() fails
+  * HTTP inbound: Directly forward plain HTTP 1xx response header
+  * add a option to override domain used to query https record
+  * Fix bugs
+  * Update vendor
+
+- Update version to 5.33.0
+  * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850)
+  * Update other vendor source
+
+- Update version to 5.31.0
+  * Add Dns Proxy Response TTL Control
+  * Fix call newError Base with a nil value error
+  * Update vendor (boo#1235164)
+
+- Update version to 5.29.3
+  * Enable restricted mode load for http protocol client
+  * Correctly implement QUIC sniffer when handling multiple initial packets
+  * Fix unreleased cache buffer in QUIC sniffing
+  * A temporary testing fix for the buffer corruption issue
+  * QUIC Sniffer Restructure
+
+- Update version to 5.22.0
+  * Add packetEncoding for Hysteria
+  * Add ECH Client Support
+  * Add support for parsing some shadowsocks links
+  * Add Mekya Transport
+  * Fix bugs
+</description>
+  <package>shadowsocks-v2ray-plugin</package>
+  <package>v2ray-core</package>
+</patchinfo>

patchinfo.20251127153254678434.93181000773252/_patchinfo

@@ -0,0 +1,90 @@
+<patchinfo incident="packagehub-39">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1763743683.1da97aa2:
+  * Optimize Job Group dropdown database query
+  * Split dependency handling out of create_from_settings
+  * Give jobs with high MAX_JOB_TIME a priority malus
+  * Make the number of builds per group on the front page configurable
+  * docs: Feature auto-generated deepwiki less prominently
+  * apparmor: Additional perms for tests in osado to run
+
+- Update to version 5.1763153079.b36ac754:
+  * Skip a build if there are no jobs
+  * Remove unused variable
+
+- Update to version 5.1762879267.52145e9a:
+  * Avoid installing unwanted package versions
+  * Fix check in git_clone for dirty git dir
+  * Prevent `t/24-worker-webui-connection.t` from running into timeout
+  * Be explicit about certain aspects of archiving in the documentation
+  * Fix sporadic failures in `t/ui/10-tests_overview.t`
+  * Adapt os-autoinst-scripts reference after rename
+  * Properly conclude scheduling if there are no jobs
+
+- Update to version 5.1762193001.2f6e71ca:
+  * Potentially improve stability of `t/ui/16-tests_job_next_previous.t`
+  * Avoid failing check in `t/16-utils-runcmd.t`
+  * README: Add deepwiki badge
+  * Dependency cron 2025-10-27
+  * Retry image optimizations
+
+Changes in os-autoinst:
+
+- Update to version 5.1763561851.03e049d:
+  * Avoid `Can't exec "ffmpeg"` if ffmpeg isn't present
+  * Fix syntax errors in nft due to multiple interfaces in $ethernet
+  * README: Feature auto-generated deepwiki less prominently
+  * Install NetworkManager-ovs in os-autoinst-setup-multi-machine
+  * Add disconnect_usb (qemu only, for now)
+
+- Update to version 5.1763048144.30f43a0:
+  * Configure ftables in os-autoinst-setup-multi-machine
+  * Makefile: Fix reruns on incomplete build dir generations
+  * Propagate C++ exceptions to Perl in image write function
+  * Add support NICPCIADDR variable to QEMU backend
+  * Remove test which causes unhandled output
+  * Improve includes in tinycv library
+  * Handle OpenCV exceptions when writing an image
+  * Avoid ignoring errors silently when writing images
+  * Avoid saving test results referring to non-existent screenshots
+
+- Update to version 5.1762250353.5150272:
+  * Makefile: Fix reruns on incomplete build dir generations
+  * Propagate C++ exceptions to Perl in image write function
+  * Add support NICPCIADDR variable to QEMU backend
+  * Remove test which causes unhandled output
+  * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b
+  * Improve includes in tinycv library
+
+- Update to version 5.1761723693.2b88807:
+  * Propagate C++ exceptions to Perl in image write function
+  * Add support NICPCIADDR variable to QEMU backend
+  * Remove test which causes unhandled output
+  * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b
+  * Improve includes in tinycv library
+  * Handle OpenCV exceptions when writing an image
+  * Avoid ignoring errors silently when writing images
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1763743683.1da97aa28:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>