{"old": "/home/jenkins/agent/workspace/multiarch/src-openeuler/x86-64/cockpit-machines/old_rpms/", "new": "/home/jenkins/agent/workspace/multiarch/src-openeuler/x86-64/cockpit-machines/new_rpms/", "compare_result": "not pass", "compare_details": {"same": {"same_details": {"old": [], "new": []}, "same_num": 0}, "diff": {"diff_details": {"cockpit-machines": {"name": {"old": "cockpit-machines-320-1.oe2403.noarch.rpm", "new": "cockpit-machines-320-2.oe1.noarch.rpm"}, "RPM Level": "level4", "rpm requires": {"less": ["rpmlib(PayloadIsXz) <= 5.2"], "more": ["rpmlib(PayloadIsZstd) <= 5.4.18"]}, "rpm provides": {}, "rpm files": {}}}, "diff_num": 1}, "less": {"less_details": {}, "less_num": 0}, "more": {"more_details": {}, "more_num": 0}}, "pr_link": "https://gitcode.com/src-openeuler/cockpit-machines/pull/8", "pr_changelog": "* Mon Apr 20 2026 zwjsec <zhaiwenjiesec@163.com> - 320-2\n- Fix CVE-2026-2950: bundled lodash updated version tracking\n  The bundled lodash version is 4.17.21 which is affected by CVE-2026-2950.\n  However, cockpit-machines does not use lodash's _.unset or _.omit functions,\n  so the actual impact is minimal. Monitoring for upstream release with\n  lodash 4.18.0+ (fixed version)."}