cr-gpt[bot]
commented
8 months ago Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
Closed renovate[bot] closed 8 months ago
cr-gpt[bot]
commented
8 months ago Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
This PR contains the following updates:
2.11.1->2.11.3GitHub Vulnerability Alerts
CVE-2023-22899
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3.
Release Notes
srikanth-lingala/zip4j (net.lingala.zip4j:zip4j)
### [`v2.11.3`](https://togithub.com/srikanth-lingala/zip4j/releases/tag/v2.11.3) [Compare Source](https://togithub.com/srikanth-lingala/zip4j/compare/v2.11.2...v2.11.3) Security fixes: [#485](https://togithub.com/srikanth-lingala/zip4j/issues/485) Fix CVE-2023-22899 ### [`v2.11.2`](https://togithub.com/srikanth-lingala/zip4j/releases/tag/v2.11.2) [Compare Source](https://togithub.com/srikanth-lingala/zip4j/compare/v2.11.1...v2.11.2) **Improvements:** [Use SecureRandom instead of Random to implement a cryptographically strong random number](https://togithub.com/srikanth-lingala/zip4j/pull/448) **Bug fixes:** [Fix null check](https://togithub.com/srikanth-lingala/zip4j/pull/458) [Append file separator to path check only if required](https://togithub.com/srikanth-lingala/zip4j/issues/462) [Fix endOfCentralDirectory location calculation when setting comment](https://togithub.com/srikanth-lingala/zip4j/issues/463) [Use Path comparison over String comparison for Path traversal vulnerability](https://togithub.com/srikanth-lingala/zip4j/pull/458) [Set lastModifiedFileTime for all entries and not just directories](https://togithub.com/srikanth-lingala/zip4j/issues/473) [Use charset when generating AES vendor id info](https://togithub.com/srikanth-lingala/zip4j/issues/474)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.