kula-app / postie Goto Github PK
View Code? Open in Web Editor NEWThe next-level structured Swift HTTP API Client
Home Page: https://kula-app.github.io/Postie/
License: MIT License
The next-level structured Swift HTTP API Client
Home Page: https://kula-app.github.io/Postie/
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
Gemfile
jazzy "0.15.1"
.github/workflows/build-test.yml
actions/checkout v4
codecov/codecov-action v4
.github/workflows/codeql.yml
actions/checkout v4
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
.github/workflows/danger.yml
actions/checkout v4
ghcr.io/danger/danger-swift-with-swiftlint 3.15.0
.github/workflows/documentation.yml
actions/checkout v4
ruby/setup-ruby v1
.github/workflows/publish_release.yml
actions/checkout v4
.ruby-version
ruby 3.3.5
Package.swift
MaxDesiatov/XMLCoder from: "0.17.1"
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates.
Library home page: https://rubygems.org/gems/addressable-2.7.0.gem
Dependency Hierarchy:
Found in HEAD commit: d650232187aa473f2ebe712121df73b0ecfde0a3
Found in base branch: main
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
Publish Date: 2021-07-06
URL: CVE-2021-32740
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jxhc-q857-3j6g
Release Date: 2021-07-06
Fix Resolution: addressable - 2.8.0
Step up your Open Source Security Game with WhiteSource here
Currently the documentation only shows an example using Combine.
Add one using the legacy-callback
Library home page: https://rubygems.org/gems/cocoapods-downloader-1.5.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/cocoapods-downloader-1.5.1.gem
Dependency Hierarchy:
Found in base branch: main
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Publish Date: 2022-04-01
URL: CVE-2022-24440
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24440
Release Date: 2022-04-01
Fix Resolution: cocoapods-downloader - 1.6.0,1.6.3
Step up your Open Source Security Game with WhiteSource here
Needs an XML encoder and decoder, which works with the Codable
protocol.
Library home page: https://rubygems.org/gems/cocoapods-downloader-1.5.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/cocoapods-downloader-1.5.1.gem
Dependency Hierarchy:
Found in base branch: main
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Publish Date: 2022-04-01
URL: CVE-2022-21223
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21223
Release Date: 2022-04-01
Fix Resolution: cocoapods-downloader - 1.6.2
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.