gnu: Remove gupnp-1.4.

* gnu/packages/gnome.scm (gupnp-1.4): Delete variable.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>

gnu: packages: Avoid libxml2@2.9 propagation.

libxml2@2.9 has CVEs, we don't want it in user profiles.

* gnu/packages/augeas.scm (augeas)
* gnu/packages/bioinformatics.scm (libsbml)
* gnu/packages/elf.scm (libabigail)
* gnu/packages/freedesktop.scm (telepathy-logger)
* gnu/packages/glib.scm (libaccounts-glib)
* gnu/packages/gtk.scm (gtksourceview)
* gnu/packages/image-processing.scm (vips)
* gnu/packages/mate.scm (libmateweather)
* gnu/packages/messaging.scm (libgnt)
* gnu/packages/virtualization.scm (libvirt-glib)
* gnu/packages/vpn.scm (openconnect)
* gnu/packages/xml.scm (xmlsec)
[propagated-inputs]: Replace libxml2 by libxml2-next.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>

gnu: gnome: Avoid libxml2@2.9 propagation.

This package has CVEs, we don't want that in user profiles.  I
removed a few cases where it lead to massive rebuilds, this should be
pretty much under control.

* gnu/packages/gnome.scm (libgrss, phodav, gupnp, libgdata, libgsf)
(libglade, libbonoboui, libxklavier, rest, libsoup-minimal)
(libgweather, totem-pl-parser, mutter, libxml++, libgda)
[propagated-inputs]: Replace libxml2 by libxml2-next.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>

gnu: libreoffice: Avoid libxml2@2.9 propagation.

libxml2@2.9 has CVEs, we don't want it in user profiles.  If the
following libraries end up in a user profile, then this vulnerable
libxml2 is propagated.

* gnu/packages/libreoffice.scm (libe-book, libcmis, libabw, libetonyek)
[propagated-inputs]: Replace libxml2 by libxml2-next.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>

gnu: igraph-for-r-rigraphlib: Hide package.

* gnu/packages/graph.scm (igraph-for-r-rigraphlib): Hide package.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>

gnu: qtbase: Revert to 6.8.2.

Commit a2b082bbdce updated qtbase to 6.8.3, but apparently even a patch number
increase causes breakage in Qt: qtdeclarative would no longer pass its test
suite. Revert to 6.8.2.

* gnu/packages/qt.scm (qtbase): Downgrade to 6.8.2.

Change-Id: I0fb36756de168d288157103dd30002f0aea8b4d6

teams: Add entry for Saku Laesvuori

* etc/teams.scm ("Saku Laesvuori"): New member.

Change-Id: I7127d74b743ba3cedd83b85e77e25e0ee276370b

gnu: qtbase: Update to 6.8.3 and disable qthread test.

* gnu/packages/qt.scm (qtbase): Update to 6.8.3.
[#:phases] {check}: Skip tst_qthread.

Fixes: #2467
Change-Id: Ie2691f94f9e3d7ddb96be55d5026a0b08b2d8d1d

gnu: trealla: Update to 2.82.30.

* gnu/packages/prolog.scm (trealla): Update to 2.82.30.

Change-Id: I5887ce4bb86a3f90fc88637b7efeda20099a9318

gnu: python-django: Update to 4.2.23.

* gnu/packages/django.scm (python-django): Update to 4.2.23.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: poco: Update to 1.13.3.

Fixes CVE-2023-52389.

* gnu/packages/cpp.scm (poco): Update to 1.13.3.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: podman: Hide CVE-2022-2989.

This issue seems to be properly adressed since version v4.3.0-rc1.

* gnu/packages/containers.scm (podman)[properties]<lint-hidden-cve>:
Hide CVE-2022-2989.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: podman: Update to 5.6.0.

* gnu/packages/containers.scm (podman): Update to 5.6.0.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: nemo: Hide wrong CPE vendor.

* gnu/packages/cinnamon.scm (nemo)[properties]: Add lint-hidden-cpe-vendors.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: nemo: Update to 6.4.5.

* gnu/packages/cinnamon.scm (nemo): Update to 6.4.5.
[inputs]: Add json-glib.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: dpkg: Update to 1.22.21.

Fixes CVE-2025-6297.

* gnu/packages/debian.scm (dpkg): Update to 1.22.21.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: clamav: Update to 1.4.3.

Fixes CVE-2025-20234, CVE-2025-20260.

* gnu/packages/antivirus.scm (clamav): Update to 1.4.3.

Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

build-system/tree-sitter: Build with -std=c11.

* guix/build/tree-sitter-build-system.scm (install): Switch to
building with -std=c11.

Fixes: guix/guix#2215
Change-Id: I04f3ede07aeaaa9cf95272611d6346295f603b69
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

gnu: go-connectrpc-com-connect: Enable tests.

* gnu/packages/golang-web.scm (go-connectrpc-com-connect) [source]
<snippet>: Delete submodules with their own go.mod.
[arguments] <tests?>: Run short unit tests.
<test-flags>: Skip some problematic tests.

Change-Id: If5019334ab41b37b1428c92be2ba15cb41723689

gnu: go-connectrpc-com-connect: Move to golang-web.

* gnu/packages/golang-xyz.scm (go-connectrpc-com-connect): Move from
here ...
* gnu/packages/golang-web.scm: ... to here.

* gnu/packages/ci.scm: Add golang-web module.

Change-Id: Ia255d3bfbe3e7da1202b2d40caa40fd63f4ecc65