Packages changed:
  MicroOS-release (20260613 -> 20260615)
  grub2
  mozilla-nss (3.123.1 -> 3.124)
  python-SQLAlchemy (2.0.49 -> 2.0.50)
  python-certifi (2026.4.22 -> 2026.5.20)
  python-decorator (5.3.0 -> 5.3.1)
  python-tornado6 (6.5.5 -> 6.5.7)

=== Details ===

==== MicroOS-release ====
Version update (20260613 -> 20260615)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== grub2 ====
Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin

- Fix the potential crash when enabling hardware acceleration for
  libgcrypt
  * 0001-lib-hwfeatures-gcry-Fix-write_cr0-writing-to-CR4.patch
- Fix 00-grub script deletes snapshot directory (bsc#1267884)
  * grub2-snapper-plugin.sh

==== mozilla-nss ====
Version update (3.123.1 -> 3.124)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.124
  * bmo#2032562 - Add test for PKCS7 digest array alignment.
  * bmo#2030093 - Add test for rejection of excessively large ASN.1
    SEQUENCE OF in quickder.
  * bmo#2030994 - Add test for CMS content size validation.
  * bmo#2030995 - Add regression tests for DSAU signature decoding.
  * bmo#2031030 - Add test for S/MIME profile lookup on temp certs.
  * bmo#2031343 - Test case for post-handshake auth and many certificate
    requests.
  * bmo#2019233 - Add test for intra-arena ASan redzones.
  * bmo#2033058 - update nss_status flags one at a time.
  * bmo#2029803 - add defensive info->len check in PK11_HPKE_SetupS and
    PK11_HPKE_SetupR.
  * bmo#2029403 - avoid PORT_Strdup in ssl_DecodeResumptionToken.
  * bmo#2020596 - add runtime check on decoded resumption token session id.
  * bmo#2035882 - improve mach try error handling.
  * bmo#2030798 - clang format.
  * bmo#2030798 - add comprehensive SECItem and SECItemArray tests.
  * bmo#2033058 - add bugzilla_cf_status_nss.py script.
  * bmo#2033057 - regenerate some recent release notes.
  * bmo#2033057 - fix bug list output by release note and email scripts.
  * bmo#2031190 - test removal from trust domain email cache.
  * bmo#2033208 - fix "testing if key corruption is detected in attribute"
    failures with sqlite-3.53.0.
  * bmo#2035348 - build sqlite3 shell for Windows CI runners.
  * bmo#2030366 - avoid race with module unloading in NSSTrustDomain_FindTokensByURI
  * bmo#2030192 - add ImportEd25519WithNonEmptyAlgorithmParams test.
  * bmo#2034258 - add CLAUDE.md and .mcp.json.
  * bmo#2034244 - add a mach try command.
  * bmo#2031042 - remove dead condition in sec_asn1d_check_and_subtract_length
  * bmo#2030374 - avoid integer truncation in nssCKObject_GetAttributes
  * bmo#2030564 - add defensive input validation to sftk_compute_ANSI_X9_63_kdf
  * bmo#2029765 - avoid refcount over-release in nssTokenObjectCache
    error path [@ nssToken_Destroy].
  * bmo#2029883 - sdb: enforce that metaData's id key is unique when reading
  * bmo#2023478 - improve handling of escape sequences in pk11uri_ParseAttributes
  * bmo#2030570 - use correct data for ID comparison in
    transfer_uri_certs_to_collection
  * bmo#2030573 - fix truncation of ulValueLen in sdb_FindObjectsInit.
  * bmo#2033783 - reject DTLS 1.3 Server Hello after HVR without capping
    ss->vrange.max.
  * bmo#2034157 - set previous-nss-release for abicheck.
  * bmo#2032389 - Skip `PR_Sleep` yield for non-blocking sockets in
    `ssl3_SendApplicationData`.
  * bmo#2033650 - consistently protect PK11SlotInfo::maxKeyCount with freeListLock
  * bmo#2030985 - Remove CRMF from testing and manifests.
  * bmo#2026711 - Remove unused RSA blind signature implementation from freebl
- add explicit sqlite3 BuildRequires to fix tests

==== python-SQLAlchemy ====
Version update (2.0.49 -> 2.0.50)

- update to 2.0.50:
  * https://docs.sqlalchemy.org/en/21/changelog/changelog_20.html#change-2.0.50

==== python-certifi ====
Version update (2026.4.22 -> 2026.5.20)

- update to 2026.5.20:
  * remove O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority

==== python-decorator ====
Version update (5.3.0 -> 5.3.1)

- update to 5.3.1:
  * Added license SPDX identifier to pyproject.toml (reported by
  * Christian Lackas).

==== python-tornado6 ====
Version update (6.5.5 -> 6.5.7)

- Update to 6.5.7:
  [#]# Security fixes
  * CurlAsyncHTTPClient now fully resets the curl object before reusing it.
    This prevents incorrectly reusing options from a previous request,
    specifically including client SSL and credentials used for accessing
    proxies.
  * SimpleAsyncHTTPClient now strips the Authorization and Cookie headers
    from the request when following a redirect to a different origin. This
    matches the default behavior of CurlAsyncHTTPClient. Applications that
    need different behavior here can set follow_redirects=False and handle
    redirects manually. CVE-2026-49853
  * SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size
    of the response, rather than the compressed size. This prevents a
    denial-of-service attack via a very large compressed response.
    CVE-2026-49855
  * Fixed a bug in the C extension that could have read up to three bytes
    past the end of an input array. CVE-2026-49854
  * OpenIDMixin has improved parsing for the check_authentication response.
  [#]# Bug fixes
  * CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding
    deprecation warnings with recent versions of pycurl.
- Refreshed patch ignore-resourcewarning-doctests.patch
- Drop patch fix-tests-with-curl-8-19.patch, merged upstream.