search

CytopiaTeam / Cytopia

:deciduous_tree::house_with_garden::office::evergreen_tree: A city building simulation game
https://www.cytopia.net
GNU General Public License v3.0
1.94k stars 101 forks source link

Update dependency xz_utils to v5.6.1 #1090

Closed RoRBot closed 3 months ago

RoRBot commented 3 months ago

This PR contains the following updates:

Package Type Update Change
xz_utils requires patch 5.6.0 -> 5.6.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

gamer191 commented 3 months ago

@AnotherFoxGuy this needs to be reverted urgently (in fact, XZ needs to be downgraded to 5.5.X). XZ 5.6 and 5.6.1 contain a backdoor-see https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/, or google "xz backdoor"

AnotherFoxGuy commented 3 months ago

@gamer191 Done: https://github.com/CytopiaTeam/Cytopia/commit/61ecba60b067ff67b8e1b571a9532733117622a7 Thanks for letting me know