Update submodules from pool/openQA#22, pool/os-autoinst#16, pool/openQA-devel-container#12 and create patchinfo.20260219152850183014.93181000773252/_patchinfo

PR: products/PackageHub!463

.gitmodules

@@ -15466,6 +15466,10 @@
 	path = python-PyKCS11
 	url = ../../pool/python-PyKCS11
 	branch = leap-16.0
+[submodule "python-pynetbox"]
+	path = python-pynetbox
+	url = ../../pool/python-pynetbox
+	branch = leap-16.0
 [submodule "python-PyPDF2"]
 	path = python-PyPDF2
 	url = ../../pool/python-PyPDF2
@@ -16086,6 +16090,10 @@
 	path = python-makefun
 	url = ../../pool/python-makefun
 	branch = leap-16.0
+[submodule "python-mando"]
+	path = python-mando
+	url = ../../pool/python-mando
+	branch = leap-16.0
 [submodule "python-mathics-pygments"]
 	path = python-mathics-pygments
 	url = ../../pool/python-mathics-pygments
@@ -16702,6 +16710,10 @@
 	path = python-qtwebengine-qt5
 	url = ../../pool/python-qtwebengine-qt5
 	branch = leap-16.0
+[submodule "python-radon"]
+	path = python-radon
+	url = ../../pool/python-radon
+	branch = leap-16.0
 [submodule "python-rapidfuzz"]
 	path = python-rapidfuzz
 	url = ../../pool/python-rapidfuzz
@@ -16862,6 +16874,10 @@
 	path = python-tcolorpy
 	url = ../../pool/python-tcolorpy
 	branch = leap-16.0
+[submodule "python-tenacity"]
+	path = python-tenacity
+	url = ../../pool/python-tenacity
+	branch = leap-16.0
 [submodule "python-textile"]
 	path = python-textile
 	url = ../../pool/python-textile
@@ -26094,10 +26110,6 @@
 	path = nextcloud-desktop
 	url = ../../pool/nextcloud-desktop
 	branch = leap-16.0
-[submodule "nmap"]
-	path = nmap
-	url = ../../pool/nmap
-	branch = leap-16.0
 [submodule "hplip"]
 	path = hplip
 	url = ../../pool/hplip

0Backports/Backports.productcompose

@@ -1414,7 +1414,14 @@ packagesets:
   - go1.24-race
   - go1.25
   - go1.25-doc
+  - go1.25-openssl
+  - go1.25-openssl-race
   - go1.25-race
+  - go1.26
+  - go1.26-doc
+  - go1.26-race
+  - go1.26-openssl
+  - go1.26-openssl-race
   - gobject-introspection
   - gobject-introspection-devel
   - golang-github-cpuguy83-go-md2man
@@ -4678,9 +4685,13 @@ packagesets:
   - nodejs22
   - nodejs22-devel
   - nodejs22-docs
+  - nodejs24
+  - nodejs24-devel
+  - nodejs24-docs
   - novnc
   - npm-default
   - npm22
+  - npm24
   - npth-devel
   - nss-mdns
   - nss_synth
@@ -7983,6 +7994,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - libLLVMSPIRVLib19
   - libatopology2
   - libdpdk-25
@@ -8096,6 +8109,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - kernel-zfcpdump
   - kiwi-settings
   - libHBAAPI2
@@ -8237,6 +8252,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - kiwi-pxeboot
   - kubevirt-virtctl
   - libFLAC++10-x86-64-v3

patchinfo.20260213163213815955.255638743075857/_patchinfo

@@ -0,0 +1,61 @@
+<patchinfo incident="packagehub-134">
+  <issue tracker="cve" id="2026-2319"/>
+  <issue tracker="cve" id="2026-2322"/>
+  <issue tracker="cve" id="2026-2313"/>
+  <issue tracker="cve" id="2026-2318"/>
+  <issue tracker="cve" id="2026-2441"/>
+  <issue tracker="cve" id="2026-2316"/>
+  <issue tracker="bnc" id="1258185">VUL-0: CVE-2026-2441: chromium: Use after free in CSS (fixed in 145.0.7632.75)</issue>
+  <issue tracker="cve" id="2026-2323"/>
+  <issue tracker="cve" id="2026-2321"/>
+  <issue tracker="cve" id="2026-2317"/>
+  <issue tracker="bnc" id="1258116">VUL-0: chromium: release 145.0.7632.45</issue>
+  <issue tracker="cve" id="2026-2315"/>
+  <issue tracker="cve" id="2026-2320"/>
+  <issue tracker="cve" id="2026-2314"/>
+  <issue tracker="bnc" id="1258199">chromium desktop icon shows @@MENUNAME</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- more fixes for desktop file, some variables were lowercased,
+  further adaptions in INSTALL script (boo#1258199)
+
+- also copy rollup into third_party/node/node_modules
+- stay on llvm-10 for swiftshader but bring a similar patch
+
+- drop use of rollup binaries and use rollup-3.x which does not
+  use prebuilt binaries (that fail at least on older ppc64le)
+  follow the approach of the debian packaging
+
+- update/resync ppc64le patches from fedora
+
+- fix INSTALL.sh again to replace the tags in desktop file,
+  appdata and manpage (boo#1258199) 
+
+- Chromium 145.0.7632.75:
+  * CVE-2026-2441: Use after free in CSS (boo#1258185)
+
+- Chromium 145.0.7632.67:
+  * Revert a change in url_fixer that may have caused crashes
+
+- Chromium 145.0.7632.45 (boo#1258116)
+  * jpeg-xl support has been readded
+  * CVE-2026-2313: Use after free in CSS
+  * CVE-2026-2314: Heap buffer overflow in Codecs
+  * CVE-2026-2315: Inappropriate implementation in WebGPU
+  * CVE-2026-2316: Insufficient policy enforcement in Frames
+  * CVE-2026-2317: Inappropriate implementation in Animation
+  * CVE-2026-2318: Inappropriate implementation in PictureInPicture
+  * CVE-2026-2319: Race in DevTools
+  * CVE-2026-2320: Inappropriate implementation in File input
+  * CVE-2026-2321: Use after free in Ozone
+  * CVE-2026-2322: Inappropriate implementation in File input
+  * CVE-2026-2323: Inappropriate implementation in Downloads
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260217100155183262.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-132">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-pynetbox</summary>
+  <description>This update for python-pynetbox fixes the following issues:
+
+Introduce python-pynetbox.
+</description>
+  <package>python-pynetbox</package>
+</patchinfo>

patchinfo.20260217101420747614.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-131">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-tenacity</summary>
+  <description>This update for python-tenacity fixes the following issues:
+
+Introduce python-tenacity.
+</description>
+  <package>python-tenacity</package>
+</patchinfo>

patchinfo.20260217101729385493.255638743075857/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo incident="packagehub-133">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-radon, python-mando</summary>
+  <description>This update for python-radon, python-mando fixes the following issues:
+
+Introduce python-radon and dependency python-mando.
+</description>
+  <package>python-radon</package>
+  <package>python-mando</package>
+</patchinfo>

patchinfo.20260217102701782018.255638743075857/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo>
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for nmap</summary>
-  <description>This update for nmap fixes the following issues:
-
-Add nmap.
-</description>
-  <package>nmap</package>
-</patchinfo>

patchinfo.20260217103144656312.255638743075857/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-130">
+  <packager>rrahl0</packager>
+  <rating>low</rating>
+  <category>recommended</category>
+  <summary>Recommended update for neovim</summary>
+  <description>This update for neovim fixes the following issues:
+
+Changes in neovim:
+
+- Update license header in the spec file template
+</description>
+  <package>neovim</package>
+</patchinfo>

patchinfo.20260217132152201956.255638743075857/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-129">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gitea-tea</summary>
+  <description>This update for gitea-tea fixes the following issues:
+
+Changes in gitea-tea:
+
+- Fix terminal rendering errors
+</description>
+  <package>gitea-tea</package>
+</patchinfo>

patchinfo.20260219090959320014.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-135">
+  <issue tracker="bnc" id="1256414">VUL-0: CVE-2025-68158: python-Authlib: 1-click account takeover in applications that use the Authlib library</issue>
+  <issue tracker="cve" id="2025-68158">VUL-0: CVE-2025-68158: python-Authlib: 1-click account takeover in applications that use the Authlib library</issue>
+  <packager>nkrapp</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for python-Authlib</summary>
+  <description>This update for python-Authlib fixes the following issues:
+
+Changes in python-Authlib:
+
+- CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414)
+</description>
+  <package>python-Authlib</package>
+</patchinfo>

patchinfo.20260219152850183014.93181000773252/_patchinfo

@@ -0,0 +1,123 @@
+<patchinfo>
+  <issue tracker="cve" id="2026-25547">VUL-0: CVE-2026-25547: TRACKERBUG: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Nod</issue>
+  <issue tracker="bnc" id="1257852">VUL-0: CVE-2026-25547: openQA: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process</issue>
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1771422749.560a3b26:
+  * fix(mcp): set navbar check expression to read-only
+  * feat: support inverted result filters in /tests/overview
+  * fix(test): Enable helm install-chart test again
+  * git subrepo pull (merge) --force external/os-autoinst-common
+  * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable
+  * test: Consider everything under `lib/OpenQA/Shared/` covered
+  * fix: Provide specific error message if job was removed `enqueue_…_track`
+  * refactor: Remove useless error message in `enqueue_and_keep_track`
+  * test: Cover case of successful executing in `enqueue_and_keep_track`
+  * refactor: Simplify error handling of `enqueue_and_keep_track`
+  * test: Cover error handling of `enqueue_and_keep_track`
+  * test: Consider shared session controller fully covered
+  * refactor: Avoid duplications in sessions controller
+  * refactor: Use signatures in session controller code
+  * test: Cover error handling in case of a bad CRSF token
+  * test: Cover test route for session
+  * fix(worker): reject jobs explicitly when worker is stopping
+  * feat: Remove workaround for codecov and gpg
+  * feat: Switch to Leap 16 in Helm charts
+  * feat: Switch to Leap 16.0 in openqa_data container
+  * feat: Replace all Leap 15.6 with 16.0 in docs and scripts
+  * test: Cover showing special image when backend has terminated
+  * fix: Use new apachectl command
+  * Update openQA containers to Leap 16.0
+  * test: Extend tests for controller handling live view
+  * refactor: Move throttling into its own function
+  * feat(throttling): throttle jobs resources based on parameters size
+  * refactor: Avoid repeated use of `$t-&gt;app-&gt;minion` in gru tasks tests
+  * feat: Allow archiving jobs with infinite important storage durations
+  * feat: Flag jobs without results as archived for consistency
+  * feat: Remove one corner case preventing jobs from being archived
+
+- Update to version 5.1770718745.ce2072d3:
+  * feat(ui): use clickable test overview summary counts for quick filtering
+  * build(Makefile): fix uninterruptable tests
+  * docs: Mention caveats of `…_cleanup_max_free_percentage` setting
+  * test(25-cache-service): fix race conditions
+  * test(ui/21-admin-needles): properly wait for modal dialog and deletion
+  * test(ui/13-admin): properly wait for API key deletion
+  * test(40-openqa-clone-job): properly isolate from system config
+  * test(15-asset): bump timeout to current runtime
+  * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch
+  * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0
+  * fix(eslint): correct style to be eslint-9.38 compliant
+  * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2
+  * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1
+  * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7
+  * refactor: Improve variable names in function to determine expired jobs
+  * test: Improve name of subtest for archiving
+  * test: Verify that archiving works regardless of logs/results present
+  * Dependency cron 2026-02-06
+  * Bump js-yaml from 4.1.0 to 4.1.1
+  * build(deps): bump ace-builds from 1.43.3 to 1.43.4
+
+- Update to version 5.1770308102.12dfd0e4:
+  * fix: Configure sudoers correctly in Leap 16
+  * Also use devel:openQA/16.0 in dependency bot workflow
+  * test: Consider all controller code covered
+  * refactor: Remove unused "group connect" endpoints
+  * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint
+  * test: Cover all cases of search of audit log table
+  * refactor: Simplify function to render audit log index page
+  * test: Add test for `eventid` parameter of audit log page
+  * test: Cover remaining lines of `Asset.pm`
+
+- Update to version 5.1769644379.ef069e9d:
+
+Changes in os-autoinst:
+
+- Update to version 5.1771353921.c8005c9:
+  * git subrepo pull (merge) --force external/os-autoinst-common
+  * style: Fix crop.py style issues
+  * workaround: Remove "get_mempolicy" warning from qemu-img output
+  * parse_extra_log: Allow passing additional args to upload_logs
+  * refactor: Distinguish tests by the script path in `loadtest`
+  * refactor: Simplify approach for avoiding redefine warnings
+
+- Update to version 5.1770715824.6a80a85:
+  * style: Fix crop.py style issues
+  * workaround: Remove "get_mempolicy" warning from qemu-img output
+  * parse_extra_log: Allow passing additional args to upload_logs
+  * refactor: Distinguish tests by the script path in `loadtest`
+  * refactor: Simplify approach for avoiding redefine warnings
+  * test: Allow running tests with `Test::Warnings&lt;0.033`
+  * test: Format test of `loadtestdir` in a more compact way
+
+- Update to version 5.1770127521.c249fe9:
+  * refactor: Distinguish tests by the script path in `loadtest`
+  * refactor: Simplify approach for avoiding redefine warnings
+  * test: Allow running tests with `Test::Warnings&lt;0.033`
+  * test: Format test of `loadtestdir` in a more compact way
+  * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite
+  * feat: Allow enabling strict/warnings/signatures globally
+  * fix: Improve wrong comment about enablement of modern Perl features
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1771422749.560a3b26b:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>