Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-12-11 07:35:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Bump version of deps for CVEs

Browse Source
This commit is contained in:
Kovid Goyal 2025-09-23 17:09:57 +05:30
parent 9680ef23fe
commit 74bd44574f
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bypy/sources.json
View File

@ -509,12 +509,12 @@
}, },
{ {
"name": "nodejs 20.19.2", "name": "nodejs 20.19.4",
"type": "build", "type": "build",
"comment": "Needed for building Qt WebEngine", "comment": "Needed for building Qt WebEngine",
"os": "macos,linux", "os": "macos,linux",
"unix": { "unix": {
"hash": "sha256:045deaf3179e85ddd871e925f39b04214f37c7d16b6980fab2f061d6739d8207", "hash": "sha256:a87cf69f4df8deece34165ebf668e3279e12352c4f077a9cc87641f4c9d21a96",
"urls": ["https://github.com/nodejs/node/archive/refs/tags/v{version}.{file_extension}"] "urls": ["https://github.com/nodejs/node/archive/refs/tags/v{version}.{file_extension}"]
} }
}, },

8
setup/unix-ci.py
View File

@ -168,7 +168,13 @@ IGNORED_DEPENDENCY_CVES = [
'CVE-2025-8194', # DoS in tarfile 'CVE-2025-8194', # DoS in tarfile
'CVE-2025-6069', # DoS in HTMLParser 'CVE-2025-6069', # DoS in HTMLParser
# glib # glib
'CVE-2025-4056', # Only affects Windows, on which we dont run 'CVE-2025-4056', # Only affects Windows, on which we dont use glib
# libtiff
'CVE-2025-8851', # this is erroneously marked as fixed in the database but no release of libtiff has been made with the fix
# hyphen
'CVE-2017-1000376', # false match in the database
# espeak
'CVE-2023-4990', # false match because we currently build with a specific commit pending release of espeak 1.53
] ]