AUR AI Reviewer

Review Results

Version #504 of qownnotes · commit f58b7ec37995 · status Reviewed

Risk 0/5 · Safe .SRCINFO
Result #15

Comment

The change only bumps pkgver in .SRCINFO from 26.7.3 to 26.7.4. No sources, checksums, build steps, install scripts, or package metadata affecting execution/persistence were modified in the provided hunk. On its face this is a routine version update with no security red flags in the diff shown.

@@ -1,6 +1,6 @@
 pkgbase = qownnotes
 	pkgdesc = Plain-text file markdown note taking with Nextcloud/ownCloud integration
-	pkgver = 26.7.3
+	pkgver = 26.7.4
 	pkgrel = 1
 	url = https://www.qownnotes.org/
 	arch = i686
Risk 0/5 · Safe .SRCINFO
Result #16

Comment

The only change in this hunk is a version bump in .SRCINFO from QOwnNotes 26.7.3 to 26.7.4, updating the release tarball URL accordingly. The source remains an HTTPS GitHub release asset from the upstream project, with no new build steps, scripts, patches, or packaging logic introduced by this diff. No integrity or persistence red flags are present in the reviewed hunk.

@@ -19,7 +19,7 @@ pkgbase = qownnotes
 	depends = botan
 	depends = libgit2
 	depends = libsecret
-	source = https://github.com/pbek/QOwnNotes/releases/download/v26.7.3/qownnotes-26.7.3.tar.xz
+	source = https://github.com/pbek/QOwnNotes/releases/download/v26.7.4/qownnotes-26.7.4.tar.xz
 	sha256sums = ARCHIVE-SHA256
 
 pkgname = qownnotes
Risk 0/5 · Safe PKGBUILD
Result #17

Comment

The change only bumps qownnotes from 26.7.3 to 26.7.4 and updates the pinned upstream release tag. The source remains an HTTPS GitHub release tarball with a fixed checksum, and there are no new build-time downloads, scripts, privilege escalations, or packaging changes in the reviewed hunk. No security-relevant red flags are introduced by this version/tag update alone.

@@ -2,8 +2,8 @@
 # https://wiki.archlinux.org/title/PKGBUILD
 
 pkgname=qownnotes
-pkgver=26.7.3
-tag="f607a15073fb48ec973745c066a371ef8df36f4d"
+pkgver=26.7.4
+tag="e0ea937bd577857099ff3443c238b2ba452ca0d3"
 pkgrel=1
 pkgdesc="Plain-text file markdown note taking with Nextcloud/ownCloud integration"
 arch=('i686' 'x86_64' 'armv7h' 'aarch64')
Risk 0/5 · Safe PKGBUILD
Result #18

Comment

The only change is an updated SHA-256 checksum for the upstream release tarball. The source URL remains HTTPS and points to the official GitHub release asset for QOwnNotes, with no new build steps, scripts, network fetches, privilege changes, or packaging behavior introduced. Based on the diff alone, this is a low-risk integrity metadata update, assuming the new checksum corresponds to the intended upstream release artifact.

@@ -13,7 +13,7 @@ groups=('qownnotes')
 depends=('qt6-base' 'qt6-svg' 'qt6-declarative' 'qt6-websockets' 'aspell' 'botan' 'libgit2' 'libsecret')
 makedepends=('qt6-tools' 'cmake')
 source=("https://github.com/pbek/QOwnNotes/releases/download/v${pkgver}/qownnotes-${pkgver}.tar.xz")
-sha256sums=('f3196df6b1fae01e00faf34507aed6a1dae0d972cf1757e748cde4292c5e3ca5')
+sha256sums=('9ab27d4c59877e153ec1e702aa03271d0ddb8341c10809ae02a4b58b5ea40c3e')
 
 prepare() {
     cd "${pkgname}-${pkgver}"