Fedora 43 openQA Critical CVE-2025-13465 Prototype Pollution Advisory

openQA is a testing framework that allows you to test GUI applications on one

hand and bootloader and kernel on the other. In both cases, it is difficult to

script tests and verify the output. Output can be a popup window or it can be

an error in early boot even before init is executed.

openQA is an automated test tool that makes it possible to test the whole

installation process of an operating system. It uses virtual machines to

reproduce the process, check the output (both serial console and screen) in

every step and send the necessary keystrokes and commands to proceed to the

next. openQA can check whether the system can be installed, whether it works

properly in 'live' mode, whether applications work or whether the system

responds as expected to different installation options and commands.

Even more importantly, openQA can run several combinations of tests for every

revision of the operating system, reporting the errors detected for each

combination of hardware configuration, installation options and variant of the

operating system.

This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.