pigweed
pigweed copied to clipboard
google
Modern software development for embedded systems
_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._ **Security Policy Violation** Project is out of compliance with Binary Artifacts policy: binaries present in source code **Rule Description** Binary Artifacts are an...
![allstar-app[bot] avatar](https://avatars.githubusercontent.com/in/119816?v=4 "allstar-app[bot] avatar"){kind=avatar}
# Patching CVE-2007-4559 Hi, we are security researchers from the Advanced Research Center at [Trellix](https://www.trellix.com). We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a...
Bumps [black](https://github.com/psf/black) from 23.1.0 to 24.3.0. Release notes Sourced from black's releases. 24.3.0 Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.15.6. Commits 35a517c Release version 1.15.6 of the npm package. c4f847f Drop Proxy-Authorization across hosts. 8526b4a Use GitHub for disclosure. b1677ce Release version 1.15.5 of...
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 42.0.4. Changelog Sourced from cryptography's changelog. 42.0.4 - 2024-02-20 * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to...
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. Release notes Sourced from jinja2's releases. 3.1.3 This is a fix release for the 3.1.x feature branch. Fix for GHSA-h5c8-rqwp-cp95. You are affected if...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.3.9 to 4.5.2. Release notes Sourced from vite's releases. [email protected] Please refer to CHANGELOG.md for details. [email protected] Please refer to CHANGELOG.md for details. Changelog Sourced from vite's...
Bumps [ip](https://github.com/indutny/node-ip) from 1.1.8 to 1.1.9. Commits 1ecbf2f 1.1.9 6a3ada9 lib: fixed CVE-2023-42282 and added unit test See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any...