Update submodules from pool/yt-dlp#2 and create patchinfo.20260204160233168297.93181000773252/_patchinfo

.gitmodules

@@ -3070,10 +3070,6 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
-[submodule "doomsday"]
-	path = doomsday
-	url = ../../pool/doomsday
-	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7178,10 +7174,6 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
-[submodule "gnucobol"]
-	path = gnucobol
-	url = ../../pool/gnucobol
-	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
@@ -13762,10 +13754,6 @@
 	path = perl-Mojolicious-Plugin-OAuth2
 	url = ../../pool/perl-Mojolicious-Plugin-OAuth2
 	branch = leap-16.0
-[submodule "perl-Mojolicious-Plugin-OpenAPI"]
-	path = perl-Mojolicious-Plugin-OpenAPI
-	url = ../../pool/perl-Mojolicious-Plugin-OpenAPI
-	branch = leap-16.0
 [submodule "perl-Mojolicious-Plugin-Webpack"]
 	path = perl-Mojolicious-Plugin-Webpack
 	url = ../../pool/perl-Mojolicious-Plugin-Webpack

patchinfo.20260204115012215375.93181000773252/_patchinfo

@@ -1,30 +0,0 @@
-<patchinfo incident="packagehub-113">
-  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
-  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
-  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
-  <issue tracker="cve" id="2026-1207"/>
-  <issue tracker="cve" id="2026-1312"/>
-  <issue tracker="cve" id="2026-1287"/>
-  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
-  <issue tracker="cve" id="2025-13473"/>
-  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
-  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
-  <issue tracker="cve" id="2025-14550"/>
-  <issue tracker="cve" id="2026-1285"/>
-  <packager>mcalabkova</packager>
-  <rating>important</rating>
-  <category>security</category>
-  <summary>Security update for python-Django</summary>
-  <description>This update for python-Django fixes the following issues:
-
-Changes in python-Django:
-
-- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
-- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
-- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
-- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
-- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
-- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
-</description>
-  <package>python-Django</package>
-</patchinfo>

patchinfo.20260204115510991084.93181000773252/_patchinfo

@@ -1,22 +0,0 @@
-<patchinfo incident="packagehub-112">
-  <issue tracker="cve" id="2026-1862"/>
-  <issue tracker="cve" id="2026-1861"/>
-  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
-  <packager>oertel</packager>
-  <rating>important</rating>
-  <category>security</category>
-  <summary>Security update for chromium</summary>
-  <description>This update for chromium fixes the following issues:
-
-Changes in chromium:
-
-- Chromium 144.0.7559.132 (boo#1257650)
-  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
-    prior to 144.0.7559.132 allowed a remote attacker to potentially
-    exploit heap corruption via a crafted HTML page.
-  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
-    144.0.7559.132 allowed a remote attacker to potentially exploit
-    heap corruption via a crafted HTML page.
-</description>
-  <package>chromium</package>
-</patchinfo>

patchinfo.20260204115645891071.93181000773252/_patchinfo

@@ -1,14 +0,0 @@
-<patchinfo incident="packagehub-109">
-  <packager>letsfindaway</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for OpenBoard</summary>
-  <description>This update for OpenBoard fixes the following issues:
-
-Changes in OpenBoard:
-
-- add AppData in metainfo.xml
-- update to release version 1.7.5
-</description>
-  <package>OpenBoard</package>
-</patchinfo>

patchinfo.20260204120853139168.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-111">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for perl-Mojolicious-Plugin-OpenAPI</summary>
-  <description>This update for perl-Mojolicious-Plugin-OpenAPI fixes the following issues:
-
-Introduce perl-Mojolicious-Plugin-OpenAPI.
-</description>
-  <package>perl-Mojolicious-Plugin-OpenAPI</package>
-</patchinfo>

patchinfo.20260204160233168297.93181000773252/_patchinfo

@@ -0,0 +1,202 @@
+<patchinfo>
+  <issue tracker="bnc" id="1242186">yt-dlp is outdated</issue>
+  <packager>rrahl0</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for yt-dlp</summary>
+  <description>This update for yt-dlp fixes the following issues:
+
+Changes in yt-dlp:
+
+- Update to release 2026.01.31
+  * yt: Add `web_embedded` fallback for `android_vr` client
+  * yt: Remove broken `ios_downgraded` and `tv_embedded` player
+    clients
+
+- added quickjs recommends as a lighter alternative to deno and nodejs
+
+- Update to release 2026.01.29
+  * Accept float values for command-line option `--sleep-subtitles`
+  * Add `--format-sort-reset` option
+  * yt: Support comment subthreads
+
+- Update to release 2025.12.08
+  * cookies: Fix --cookies-from-browser for new installs of
+    Firefox 147+
+  * floatplane: add subtitle support
+  * yt: detect AI-upscaled formats
+
+- Relax JS runtime requirement from required to recommended,
+  some formats can be downloaded without either runtime.
+- Recommend nodejs as an alternative to deno
+  (Leap 15.6 has just nodejs).
+
+- Update to release 2025.11.12
+  * An external JavaScript runtime is now used for full YouTube
+    support (e.g. deno).
+
+- Use the pythons macro to reduce the amount of suse_version usage
+
+- Update to version 2025.10.22
+  * A stopgap release with a TEMPORARY partial fix for YouTube
+    support. Some formats may still be unavailable, especially if
+    cookies are passed to yt-dlp. The NEXT release, expected very
+    soon, will require an external JS runtime (e.g. Deno) in
+    order for YouTube downloads to work properly.
+  * The minimum required Python version has been raised to 3.10
+    (Python 3.9 has reached its end-of-life as of October 2025).
+
+- Update to release 2025.10.14
+  * yt: Detect experiment binding GVS PO Token to video id
+  * yt: Fix approximate timestamp extraction for feeds
+
+- Use Python 3.13 in 15.7, due to lack of 3.12
+
+- Update to release 2025.09.26
+  * twitch: vod: Fix live_status detection
+  * yt: Fix player JS overrides
+  * yt: Improve PO token logging
+  * yt: Player client maintenance
+  * yt: Replace tv_simply with web_safari in default clients
+- Fix Leap 15.6 build
+
+- Update to release 2025.09.23
+  * youtube: Force player 0004de42
+
+- Update to version 2025.09.05
+  * Fix --id deprecation warning
+  * charlierose: Fix extractor
+  * googledrive: Fix subtitles extraction
+  * itvbtcc: Fix extractor
+  * kick: vod: Support ongoing livestream VODs
+  * lrt: Fix extractors
+  * tver: Extract more metadata
+  * vevo: Restore extractors
+  * build: Overhaul Linux builds and refactor release workflow
+
+- Update to release 2025.08.27
+  * Add tcc player JS variant
+  * Deprioritize web_safari m3u8 formats
+  * Use alternative tv user-agent when authenticated
+
+- Update to release 2025.08.22
+  * cookies: Fix --cookies-from-browser with Firefox 142+
+
+- Update to release 2025.08.20
+  * Warn against use of `-f mp4`
+  * yt: Add es5 and es6 player JS variants
+  * yt: Default to main player JS variant
+  * yt: Extract title and description from initial data
+  * yt: Handle required preroll waiting period
+
+- Update to release 2025.08.11
+  * yt: Add player params to mweb client
+  * dash: Re-extract if using --load-info-json with
+    --live-from-start
+
+- Update to release 2025.07.21
+  * Default behaviour changed from --mtime to --no-mtime
+  * yt: Do not require PO Token for premium accounts
+  * yt: Extract global nsig helper functions
+  * yt: tab: Fix subscriptions feed extraction
+
+- Update to release 2025.06.30
+  * youtube: Fix premium formats extraction
+
+- Update to release 2025.06.25
+  * yt: Check any ios m3u8 formats prior to download
+  * yt: Improve player context payloads
+
+- Update to release 2025.06.09
+  * adobepass: add Fubo MSO, fix Philo MSO authentication
+  * yt: Add tv_simply player client
+  * yt: Extract srt subtitles
+  * yt: Rework nsig function name extraction
+
+- Update to release 2025.05.22
+  * yt: Add PO token support for subtitles
+  * yt: Add web_embedded client for age-restricted videos
+  * yt: Add a PO Token Provider Framework
+  * yt: Extract media_type for all videos
+  * yt: Fix --live-from-start support for premieres
+  * yt: Fix geo-restriction error handling
+
+- Update to release 2025.04.30 [boo#1242186]
+  * New option --preset-alias/-t has been added
+
+- Update to release 2025.03.31
+  * yt: add player_js_variant extractor-arg
+  * yt/tab: Fix playlist continuation extraction
+
+- Update to release 2025.03.27
+  * youtube: Make signature and nsig extraction more robust
+
+- Update to release 2025.03.26
+  * youtube: fix signature and nsig extraction for player 4fcd6e4a
+
+- Update to release 2025.03.21
+  * Fix external downloader availability when using
+    ``--ffmpeg-location``
+  * youtube: fix nsig and signature extraction for player 643afba4.
+
+- Require same version between yt-dlp -&gt; python-yt-dlp
+
+- Update to release 2025.02.19
+  * NSIG workaround for tce player JS
+
+- Update to release 2025.01.26
+  * bilibili: Support space video list extraction without login
+  * crunchyroll: Remove extractors
+  * youtube: Download tv client Innertube config
+  * youtube: Use different PO token for GVS and Player
+
+- Update to release 2025.01.15
+  * youtube: Do not use web_creator as a default client
+
+- Update to release 2025.01.12
+  * yt: fix DASH formats incorrectly skipped in some situations
+  * yt: refactor cookie auth
+
+- Fix 15.6 build
+
+- Update to release 2024.12.23
+  * yt: add age-gate workaround for some embeddable videos
+
+- Update to release 2024.12.13
+  * yt: fix signature function extraction for 2f1832d2
+  * yt: prioritize original language over auto-dubbed audio
+
+- Update to release 2024.12.06
+  * yt: fix ``n`` sig extraction for player 3bb1f723
+  * yt: fix signature function extraction
+  * yt: player client maintenance
+
+- Update to release 2024.12.03
+  * bilibili: Always try to extract HD formats
+  * youtube: Adjust player clients for site changes
+
+- Update to release 2024.11.18
+  * cloudflarestream: Avoid extraction via videodelivery.net
+  * youtube: remove broken OAuth support
+
+- Update to release 2024.11.04
+  * Prioritize AV1
+  * Remove Python &lt;= 3.8 support
+  * youtube: Adjust OAuth refresh token handling
+
+- Update to release 2024.10.22
+  * yt: Remove broken android_producer client
+  * yt: Remove broken age-restriction workaround
+  * yt: Support logging in with OAuth
+
+- Update to release 2024.10.07
+  * Fix cookie load error handling
+  * youtube: Change default player clients to ios,mweb
+  * patreon: Extract all m3u8 formats for locked posts
+
+- Update to release 2024.09.27
+  * Support excluding player_clients in extractor-arg
+  * clip: Prioritize https formats
+</description>
+  <package>yt-dlp</package>
+</patchinfo>

patchinfo.20260204160351183292.93181000773252/_patchinfo

@@ -1,14 +0,0 @@
-<patchinfo incident="packagehub-110">
-  <issue tracker="bnc" id="1256465">Week numbers are off by one in Evolution's calendar (Year view)</issue>
-  <packager>mgorse</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for evolution</summary>
-  <description>This update for evolution fixes the following issues:
-
-Changes in evolution:
-
-- Fix incorrect week numbers in calendar year view (bsc#1256465).
-</description>
-  <package>evolution</package>
-</patchinfo>

patchinfo.20260206094000823685.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-115">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for gnucobol</summary>
-  <description>This update for gnucobol fixes the following issues:
-
-Introduce gnucobol.
-</description>
-  <package>gnucobol</package>
-</patchinfo>

patchinfo.20260209123942988001.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-116">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for doomsday</summary>
-  <description>This update for doomsday fixes the following issues:
-
-Introduce doomsday.
-</description>
-  <package>doomsday</package>
-</patchinfo>

patchinfo.20260209151441438275.93181000773252/_patchinfo

@@ -1,26 +0,0 @@
-<patchinfo>
-  <issue tracker="cve" id="2026-1998"/>
-  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
-  <packager>dheidler</packager>
-  <rating>low</rating>
-  <category>security</category>
-  <summary>Security update for micropython</summary>
-  <description>This update for micropython fixes the following issues:
-
-Changes in micropython:
-
-- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
-
-- Version 1.26.1
-  * esp32: update esp_tinyusb component to v1.7.6
-  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
-  * esp32: add IDF Component Lockfiles to git repo
-  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
-  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
-  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
-
-- Fix building on single core systems
-  * Skip tests/thread/stress_schedule.py when single core system detected
-</description>
-  <package>micropython</package>
-</patchinfo>

patchinfo.20260209155200377268.93181000773252/_patchinfo

@@ -1,14 +0,0 @@
-<patchinfo incident="packagehub-114">
-  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
-  <packager>favogt</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for messagelib</summary>
-  <description>This update for messagelib fixes the following issues:
-
-Changes in messagelib:
-
-- Fix links sometimes not opening (boo#1257869, kde#493325):
-</description>
-  <package>messagelib</package>
-</patchinfo>