mirror of https://github.com/google/oss-fuzz.git
677 Commits
| Author | SHA1 | Message | Date |
|---|---|---|---|
correctmost
|
dbbc986755
|
doc: add rust to list of languages that support llvm-cov arguments (#12127)
Some example Rust projects that are already using this functionality: |
|
|
Sergey Bronnikov
|
a7c524dca0
|
Fix doc timeouts and ooms and allow these options in GH Action (#12003)
#11723 |
|
|
dependabot[bot]
|
368993df0a
|
build(deps-dev): bump the bundler group across 1 directory with 2 updates (#11962)
Bumps the bundler group with 2 updates in the /docs directory: [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml). Updates `nokogiri` from 1.16.2 to 1.16.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.5 / 2024-05-13</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7">GHSA-r95h-9x8f-r3f7</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7">v2.12.7</a> from v2.12.6. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874 nokogiri-1.16.5-aarch64-linux.gem 23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec nokogiri-1.16.5-arm-linux.gem 950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214 nokogiri-1.16.5-arm64-darwin.gem b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989 nokogiri-1.16.5-java.gem ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e nokogiri-1.16.5-x64-mingw-ucrt.gem 6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107 nokogiri-1.16.5-x64-mingw32.gem abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4 nokogiri-1.16.5-x86-linux.gem 63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4 nokogiri-1.16.5-x86-mingw32.gem 71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279 nokogiri-1.16.5-x86_64-darwin.gem 0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97 nokogiri-1.16.5-x86_64-linux.gem ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2 nokogiri-1.16.5.gem </code></pre> <h2>v1.16.4 / 2024-04-10</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored zlib in the precompiled native gems is updated to <a href="https://zlib.net/ChangeLog.txt">v1.3.1</a> from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see <a href="https://github.com/sparklemotion/nokogiri/discussions/3168">this discussion</a> about removing the compression libraries altogether in a future version of Nokogiri.</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5 nokogiri-1.16.4-aarch64-linux.gem 0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a nokogiri-1.16.4-arm-linux.gem 8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196 nokogiri-1.16.4-arm64-darwin.gem bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc nokogiri-1.16.4-java.gem a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae nokogiri-1.16.4-x64-mingw-ucrt.gem 4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468 nokogiri-1.16.4-x64-mingw32.gem d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5 nokogiri-1.16.4-x86-linux.gem d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168 nokogiri-1.16.4-x86-mingw32.gem a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628 nokogiri-1.16.4-x86_64-darwin.gem 92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31 nokogiri-1.16.4-x86_64-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.5</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7">GHSA-r95h-9x8f-r3f7</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7">v2.12.7</a> from v2.12.6. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h2>v1.16.4 / 2024-04-10</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored zlib in the precompiled native gems is updated to <a href="https://zlib.net/ChangeLog.txt">v1.3.1</a> from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see <a href="https://github.com/sparklemotion/nokogiri/discussions/3168">this discussion</a> about removing the compression libraries altogether in a future version of Nokogiri.</li> </ul> <h2>v1.16.3 / 2024-03-15</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6">v2.12.6</a> from v2.12.5. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> sets the <code>@encoding</code> instance variable during reading if it is not passed into the initializer. Previously, it would remain <code>nil</code>. The behavior of <code>Reader#encoding</code> has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
dependabot[bot]
|
5a6fc533e1
|
build(deps-dev): bump nokogiri from 1.14.3 to 1.16.2 in /docs (#11572)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem 6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem 122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem 7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem 833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem 5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem 5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem 68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem </code></pre> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc nokogiri-1.16.1-aarch64-linux.gem 6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69 nokogiri-1.16.1-arm-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <h2>v1.16.0 / 2023-12-27</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.3.</p> <p>This release ends support for Ruby 2.7, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2023-03-31</a>.</p> <h4>Pattern matching</h4> <p>This version marks <em>official support</em> for the pattern matching API in <code>XML::Attr</code>, <code>XML::Document</code>, <code>XML::DocumentFragment</code>, <code>XML::Namespace</code>, <code>XML::Node</code>, and <code>XML::NodeSet</code> (and their subclasses), originally introduced as an experimental feature in v1.14.0. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</p> <p>Documentation on what can be matched:</p> <ul> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Attr.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Attr#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Document#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Namespace.html?h=deconstruct+namespace#method-i-deconstruct_keys"><code>XML::Namespace#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Node.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Node#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/DocumentFragment.html?h=deconstruct#method-i-deconstruct"><code>XML::DocumentFragment#deconstruct</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/NodeSet.html?h=deconstruct#method-i-deconstruct"><code>XML::NodeSet#deconstruct</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
Adam Demuri
|
c66f70f3ee
|
Fix a few typos in target_generation.md (#10908) | |
|
dependabot[bot]
|
5dc040c2bb
|
build(deps-dev): bump activesupport from 7.0.4.3 to 7.0.7.2 in /docs (#10879)
Bumps [activesupport](https://github.com/rails/rails) from 7.0.4.3 to 7.0.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>7.0.7.2 release</h2> <p>No changes between this and 7.0.7.2. This release was just to fix file permissions in the previous release.</p> <h2>7.0.7.1</h2> <h2>Active Support</h2> <ul> <li> <p>Use a temporary file for storing unencrypted files while editing</p> <p>[CVE-2023-38037]</p> </li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li>No changes.</li> </ul> <h2>Action View</h2> <ul> <li>No changes.</li> </ul> <h2>Action Pack</h2> <ul> <li>No changes.</li> </ul> <h2>Active Job</h2> <ul> <li>No changes.</li> </ul> <h2>Action Mailer</h2> <ul> <li>No changes.</li> </ul> <h2>Action Cable</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/blob/v7.0.7.2/activesupport/CHANGELOG.md">activesupport's changelog</a>.</em></p> <blockquote> <h2>Rails 7.0.7.2 (August 22, 2023)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 7.0.7.1 (August 22, 2023)</h2> <ul> <li> <p>Use a temporary file for storing unencrypted files while editing</p> <p>[CVE-2023-38037]</p> </li> </ul> <h2>Rails 7.0.7 (August 09, 2023)</h2> <ul> <li> <p>Fix <code>Cache::NullStore</code> with local caching for repeated reads.</p> <p><em>fatkodima</em></p> </li> <li> <p>Fix <code>to_s</code> with no arguments not respecting custom <code>:default</code> formats</p> <p><em>Hartley McGuire</em></p> </li> <li> <p>Fix <code>ActiveSupport::Inflector.humanize(nil)</code> raising <code>NoMethodError: undefined method `end_with?' for nil:NilClass</code>.</p> <p><em>James Robinson</em></p> </li> <li> <p>Fix <code>Enumerable#sum</code> for <code>Enumerator#lazy</code>.</p> <p><em>fatkodima</em>, <em>Matthew Draper</em>, <em>Jonathan Hefner</em></p> </li> <li> <p>Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem</p> <p><em>Hartley McGuire</em></p> </li> </ul> <h2>Rails 7.0.6 (June 29, 2023)</h2> <ul> <li> <p>Fix <code>EncryptedConfiguration</code> returning incorrect values for some <code>Hash</code> methods</p> <p><em>Hartley McGuire</em></p> </li> <li> <p>Fix arguments being destructed <code>Enumerable#many?</code> with block.</p> <p><em>Andrew Novoselac</em></p> </li> <li> <p>Fix humanize for strings ending with id.</p> <p><em>fatkodima</em></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
jonathanmetzman
|
94874c409a
|
Make minor improvements to report (#10849) | |
|
Hayley Denbraver
|
564eb34a9a
|
Link to blog from research report (#10851)
I thought we might like to link back to the blog from the research report. [See preview](https://hayleycd.github.io/oss-fuzz/research/llms/target_generation/) |
|
|
jonathanmetzman
|
2e1b3b5773
|
Add image of OpenSSL bug (#10850) | |
|
Dongge Liu
|
5623cbaf80
|
Fix LLM report benchmark table. (#10845)
1. Merge Prompt, Fixes, and Targets into one column. 2. Make the page wider to fit all column. |
|
|
Oliver Chang
|
dc2e4929b6
|
Publish initial LLM research. (#10844) | |
|
olivekl
|
ec93b70b38
|
Olivekl add project history (#10841)
Add two paragraphs from blog post (https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html) explaining the project's history. |
|
|
dependabot[bot]
|
4f0dd2adcb
|
build(deps-dev): bump commonmarker from 0.23.9 to 0.23.10 in /docs (#10811)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.9 to 0.23.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.10</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.13 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/247">gjtorikian/commonmarker#247</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10">https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/v0.23.10/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h2>[v0.23.10] (2023-07-31)</h2> <ul> <li>Update GFM release to <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12"><code>0.29.0.gfm.12</code></a> and <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.13"><code>0.29.0.gfm.13</code></a>, thereby <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5">fixing a polynomial time complexity security vulnerability</a>.</li> <li>Of note to users of this library, GFM releases <code>0.29.0.gfm.12</code> and <code>0.29.0.gfm.13</code> also: <ul> <li>Normalized marker row vs. delimiter row nomenclature (<a href="https://redirect.github.com/github/cmark-gfm/pull/273">#273</a>)</li> <li>Exposed CMARK_NODE_FOOTNOTE_DEFINITION literal value (<a href="https://redirect.github.com/github/cmark-gfm/pull/336">#336</a>)</li> </ul> </li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.4">v0.23.4</a> (2022-03-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.2...v0.23.4">Full Changelog</a></p> <p><strong>Fixed bugs:</strong></p> <ul> <li><code>#render_html</code> way slower than <code>#render_doc.to_html</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a></li> </ul> <p><strong>Closed issues:</strong></p> <ul> <li>allow keeping text content of unknown tags <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/169">#169</a></li> <li>STRIKETHROUGH_DOUBLE_TILDE not working <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/168">#168</a></li> <li>Allow disabling 4-space code blocks <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/167">#167</a></li> <li>tables with escaped pipes are not recognized <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/166">#166</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>CI: Drop a duplicate 'bundle install' <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/173">#173</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>CI: Drop duplicate bundle install <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/172">#172</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>Fixup benchmark and speedup a little, fixes <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/171">#171</a> (<a href="https://github.com/ojab">ojab</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.2">v0.23.2</a> (2021-09-17)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.1...v0.23.2">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Update GFM release to <code>0.29.0.gfm.2</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/148">#148</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.1">v0.23.1</a> (2021-09-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.0...v0.23.1">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Incorrect processing of list and next block of code <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/146">#146</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Normalize parse and render options <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/145">#145</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.0">v0.23.0</a> (2021-08-30)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
jonathanmetzman
|
6922c8c1ac
|
Use sarif by default (#10621) | |
|
Clarence "Sparr" Risher
|
295df324c6
|
Add javascript to new project guide (#10598)
This seems to have been left out when `javascript_lang.md` was created and support for `language: javascript` was added. Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com> Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> |
|
|
Clarence "Sparr" Risher
|
43688a9a6b
|
Rename swift.md for consistency with _lang.md pattern (#10599)
All other language-specific guide files are named `foo_lang.md`, as distinct from `bazel.md` which is not for an implementation language (and should probably get its own suffix, maybe bazel_build.md, but that's another matter). Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com> |
|
|
Clarence "Sparr" Risher
|
1647294b82
|
Add main_repo and language to new project doc, and links to field explanations. Fix workflow reference to repo_url. (#10553)
The PR Helper workflow complains if a new project doesn't include a main_repo, so I've added that to the accepting new projects page. I also added links from there to the specific fields in the new project guide. I also changed a reference in the workflow output to refer to the yaml field name visible to submitters, rather than to the internal python name for the same field which doesn't match. --------- Signed-off-by: Clarence "Sparr" Risher <clrnc@amazon.com> Co-authored-by: Holly Gong <39108850+hogo6002@users.noreply.github.com> |
|
|
Joyce
|
3cbb8c9d6e
|
Show minimal permission needed for CIFuzz workflow (#10283)
I'm suggesting this change in the CIFuzz example workflow to indicate the minimal permission needed for the workflow to run and also to follow the OpenSSF Scorecard Token Permission Check recommendations. I've tested with https://github.com/joycebrum/sigstore/actions/runs/4918728701 and the action ran with success with no permission granted. the actions/upload-artifact skipped does not need permission to upload artifacts as can be seen at https://github.com/joycebrum/sigstore/actions/runs/4928734763 --------- Signed-off-by: Joyce <joycebrum@google.com> Signed-off-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> |
|
|
Emmanuel Ferdman
|
51ca832304
|
FIX: update broken hyperlink in the docs (#10467)
**PR Summary**: The PR contains a fix to a broken hyperlink found in the docs. The relevant page of the docs can be found [here](https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/#fuzz-target). |
|
|
Sergey Bronnikov
|
b352eb1b88
|
docs: add a list with available sanitizers (#10387)
It is not clear what sanitizers could be specified in `sanitizers` field in project.yaml. Patch adds a list of available sanitizers to a "New project guide". |
|
|
jonathanmetzman
|
05eb0af666
|
Improve sarif (#10211)
Improve docs, fix bugs, add tests. |
|
|
jonathanmetzman
|
9b85790267
|
[cifuzz] document sarif (#10202) | |
|
fanquake
|
660422d18e
|
doc: replace libfuzzer.info links with llvm.org (#10131)
These all already redirect to the new locations. |
|
|
dependabot[bot]
|
63fe031ba5
|
build(deps): bump commonmarker from 0.23.7 to 0.23.9 in /docs (#10065)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.7 to 0.23.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.9</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.11 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/236">gjtorikian/commonmarker#236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9">https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9</a></p> <h2>v0.23.8</h2> <h2>What's Changed</h2> <ul> <li>Update cmark-upstream to <code>0.29.0.gfm.9</code> by <a href="https://github.com/smockle"><code>@smockle</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/smockle"><code>@smockle</code></a> made their first contribution in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8">https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre9">v1.0.0.pre9</a> (2023-03-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre8...v1.0.0.pre9">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Updates from upstream <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/235">#235</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump comrak from 0.16.0 to 0.17.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/234">#234</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.5.1 to 0.5.2 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/233">#233</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Add ability to load <code>tmtheme</code>s from a folder <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/232">#232</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.5.0 to 0.5.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/231">#231</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.4 to 0.5.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/230">#230</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Test the new integrated rb-sys <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/228">#228</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre8">v1.0.0.pre8</a> (2023-03-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v1.0.0.pre8">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Something changed in how header anchors are named in the output HTML <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/229">#229</a></li> <li>Problem with CommonMarker on an Azure VM <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/226">#226</a></li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.8">v0.23.8</a> (2023-01-31)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre7...v0.23.8">Full Changelog</a></p> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre7">v1.0.0.pre7</a> (2023-01-26)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v1.0.0.pre7">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Bump comrak from 0.15.0 to 0.16.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/225">#225</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Change <code>unsafe_</code> to <code>unsafe</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/220">#220</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Clarify syntax highlighter plugin usage in README <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/218">#218</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>Fix a couple of misleading README points <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/215">#215</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>remove gemspec <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/214">#214</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Add shortcodes/emoji <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/210">#210</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
dependabot[bot]
|
b9fd3a17ef
|
build(deps): bump nokogiri from 1.13.10 to 1.14.3 in /docs (#10066)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9cc53dd8d92868a0f5bcee44396357a19f95e32d8b9754092622a25bc954c60c nokogiri-1.14.3-aarch64-linux.gem 320fa1836b8e59e86a804baee534893bcf3b901cc255bbec6d87f3dd3e431610 nokogiri-1.14.3-arm-linux.gem 67dd4ac33a8cf0967c521fa57e5a5422db39da8a9d131aaa2cd53deaa12be4cd nokogiri-1.14.3-arm64-darwin.gem 13969ec7f41d9cff46fc7707224c55490a519feef7cfea727c6945c5b444caa2 nokogiri-1.14.3-java.gem 9885085249303461ee08f9a9b161d0a570391b8f5be0316b3ac5a6d9a947e1e2 nokogiri-1.14.3-x64-mingw-ucrt.gem 997943d7582a23ad6e7a0abe081d0d40d2c1319a6b2749f9b30fd18037f0c38a nokogiri-1.14.3-x64-mingw32.gem 58c30b763aebd62dc4222385509d7f83ac398ee520490fadc4b6d7877e29895a nokogiri-1.14.3-x86-linux.gem e1d58a5c56c34aab71b00901a969e19bf9f7322ee459b4e9380f433213887c04 nokogiri-1.14.3-x86-mingw32.gem f0a1ed1460a91fd2daf558357f4c0ceac6d994899da1bf98431aeda301e4dc74 nokogiri-1.14.3-x86_64-darwin.gem e323a7c654ef846e64582fb6e26f6fed869a96753f8e048ff723e74d8005cb11 nokogiri-1.14.3-x86_64-linux.gem 3b1cee0eb8879e9e25b6dd431be597ca68f20283b0d4f4ca986521fad107dc3a nokogiri-1.14.3.gem </code></pre> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre lang="text"><code>966acf4f6c1fba10518f86498141cf44265564ac5a65dcc8496b65f8c354f776 nokogiri-1.14.2-aarch64-linux.gem 8a3a35cadae4a800ddc0b967394257343d62196d9d059b54e38cf067981db428 nokogiri-1.14.2-arm-linux.gem 81404cd014ecb597725c3847523c2ee365191a968d0b5f7d857e03f388c57631 nokogiri-1.14.2-arm64-darwin.gem 0a39222af14e75eb0243e8d969345e03b90c0e02b0f33c61f1ebb6ae53538bb5 nokogiri-1.14.2-java.gem 62a18f9213a0ceeaf563d1bc7ccfd93273323c4356ded58a5617c59bc4635bc5 nokogiri-1.14.2-x64-mingw-ucrt.gem 54f6ac2c15a7a88f431bb5e23f4616aa8fc97a92eb63336bcf65b7050f2d3be0 nokogiri-1.14.2-x64-mingw32.gem c42fa0856f01f901954898e28c3c2b4dce0e843056b1b126f441d06e887e1b77 nokogiri-1.14.2-x86-linux.gem f940d9c8e47b0f19875465376f2d1c8911bc9489ac9a48c124579819dc4a7f19 nokogiri-1.14.2-x86-mingw32.gem 2508978f5ca28944919973f6300f0a7355fbe72604ab6a6913f1630be1030265 nokogiri-1.14.2-x86_64-darwin.gem bc6405e1f3ddac6e401f82d775f1c0c24c6e58c371b3fadaca0596d5d511e476 nokogiri-1.14.2-x86_64-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <h2>1.14.1 / 2023-01-30</h2> <h3>Fixed</h3> <ul> <li>Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's <code>Zip::OutputStream</code>). This was a regression in v1.14.0 due to the fix for <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/752">#752</a> in <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2434">#2434</a>, and was not completely fixed by <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2753">#2753</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2773">#2773</a>]</li> <li>[CRuby] Address compiler warnings about <code>void*</code> casting and old-style C function definitions.</li> </ul> <h2>1.14.0 / 2023-01-12</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.6, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2022-04-12</a>.</li> <li>JRuby 9.3, which is not fully compatible with Ruby 2.7+</li> </ul> <h4>Faster, more reliable installation: Native Gem for <code>aarch64-linux</code> (aka <code>linux/arm64/v8</code>)</h4> <p>This version of Nokogiri ships <em>official</em> native gem support for the <code>aarch64-linux</code> platform, which should support AWS Graviton and other ARM64 Linux platforms. Please note that glibc >= 2.29 is required for aarch64-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <h4>Faster, more reliable installation: Native Gem for <code>arm-linux</code> (aka <code>linux/arm/v7</code>)</h4> <p>This version of Nokogiri ships <em>experimental</em> native gem support for the <code>arm-linux</code> platform. Please note that glibc >= 2.29 is required for arm-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
Hayley Denbraver
|
e5f6911beb
|
Updated Google Analytics (#9777)
Updated Documentation google analytics from UA to GA4 Resolves #9743 |
|
|
Hayley Denbraver
|
209de621e6
|
Updated FAQ (#9671)
FAQ was wrongly listed as a "parent" page, so it ended up with a mysterious, empty table of contents at the bottom of the page (not to be confused with the table of contents for the structure of the page itself which should be there and is left unchanged). Go to [the current faq page](https://google.github.io/oss-fuzz/faq/) and scroll to the bottom to see what I mean. This fix cleans that up and I confirmed by running locally. |
|
|
Hayley Denbraver
|
467f5c5240
|
Update README.md (#9576)
While working on docs, I found that this link was broken. I have changed it to the correct URL. |
|
|
Oliver Chang
|
0290956f1f
|
Add missing blog posts (#9569) | |
|
Hayley Denbraver
|
7d49216666
|
Update README and Docs to add recent blog article and update trophy stats (#9567)
I added the recent blog post to the relevant sections and I updated our trophy numbers to reflect the latest numbers that were seen in the recent blog. |
|
|
Oliver Chang
|
47bdea931b
|
Update integration rewards documentation. (#9543) | |
|
Khaled Yakdan
|
dc2f5f4be8
|
Integrate Jazzer.js (#9466)
This PR enables using Jazzer.js for fuzzing Node.js projects in OSS-Fuzz. Part of #8324 --------- Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> |
|
|
DavidKorczynski
|
4ebd017e8e
|
docs: add extended Fuzz Introspector doc (#9487)
Fixes: https://github.com/google/oss-fuzz/issues/9444 Signed-off-by: David Korczynski <david@adalogics.com> --------- Signed-off-by: David Korczynski <david@adalogics.com> |
|
|
dependabot[bot]
|
c9914cb385
|
build(deps): bump commonmarker from 0.23.6 to 0.23.7 in /docs (#9496)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.6 to 0.23.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.7</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> <li>Update to 29.0.gfm.7 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/224">gjtorikian/commonmarker#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7</a></p> <h2>v0.23.7.pre1</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre6">v1.0.0.pre6</a> (2023-01-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre5...v1.0.0.pre6">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Cargo.lock prevents Ruby 3.2.0 from installing commonmarker v1.0.0.pre4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/211">#211</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>always use rb_sys (don't use Ruby's emerging cargo tooling where available) <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/213">#213</a> (<a href="https://github.com/kivikakk">kivikakk</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre5">v1.0.0.pre5</a> (2023-01-08)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre4...v1.0.0.pre5">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Provide 3.2 build support <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/212">#212</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre4">v1.0.0.pre4</a> (2022-12-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre3...v1.0.0.pre4">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Will the cmark-gfm branch continue to be maintained for awhile? <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/207">#207</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Implement native syntax highlighting <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/209">#209</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.4.3 to 0.4.4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/208">#208</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.2 to 0.4.3 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/206">#206</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump comrak from 0.14.0 to 0.15.0 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/205">#205</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.1 to 0.4.2 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/204">#204</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre3">v1.0.0.pre3</a> (2022-11-30)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre.2...v1.0.0.pre3">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Code block incorrectly parsed in commonmarker 1.0.0.pre <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/202">#202</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Windows build <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/197">#197</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
jonathanmetzman
|
2c347b059b
|
Upgrade activesupport (#9499) | |
|
jonathanmetzman
|
8df1de8725
|
Update activesupport (#9495) | |
|
Roman Wagner
|
e5640d5feb
|
Fixed javadocs url (#9333)
Co-authored-by: mnoth-ci <michael.nothhard@code-intelligence.com> |
|
|
dependabot[bot]
|
ade3ed3b9d
|
build(deps): bump nokogiri from 1.13.9 to 1.13.10 in /docs (#9165)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1 nokogiri-1.13.10-aarch64-linux.gem b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa nokogiri-1.13.10-arm64-darwin.gem 73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b nokogiri-1.13.10-java.gem 916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900 nokogiri-1.13.10-x64-mingw-ucrt.gem 0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0 nokogiri-1.13.10-x64-mingw32.gem 91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020 nokogiri-1.13.10-x86-linux.gem d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168 nokogiri-1.13.10-x86-mingw32.gem 81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b nokogiri-1.13.10-x86_64-darwin.gem 51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3 nokogiri-1.13.10-x86_64-linux.gem d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958 nokogiri-1.13.10.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
jonathanmetzman
|
e5f3db69f0
|
Fix CIFuzz docs (#9098) | |
|
jonathanmetzman
|
7bb5a78bcb
|
[cifuzz] Fix docs on downloading artifacts (#9090) | |
|
AdamKorcz
|
63c99caae9
|
Refactor infra of Go 1.18 fuzzers (#8937)
`go-118-fuzz-build` is undergoing refactoring to fix some runtime issues affecting Rekor and other projects. Currently none of Rekors fuzzers run. This PR has been tested on all of Rekors fuzzers that will run with this PR. This PR modifies the infra OSS-Fuzz build script to adapt to the upstream changes. Cloning the `dev` branch of `go-118-fuzz-build` is a temporary solution until it gets merged into `main` upstream. Cloning go-118-fuzz-build in each build script is also a temporary measure until `dev` gets merged into `main`. Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: AdamKorcz <adam@adalogics.com> |
|
|
jonathanmetzman
|
8df818599b
|
[cifuzz] Update docs (#8984) | |
|
jonathanmetzman
|
b41080b8f2
|
Improve fuzz introspector documentation. (#8859)
Fix grammar, wording, and make it clearer what fuzz introspetor offers. (make changes suggested in https://github.com/google/oss-fuzz/pull/8800) |
|
|
dependabot[bot]
|
3682b65805
|
build(deps): bump nokogiri from 1.13.8 to 1.13.9 in /docs (#8827)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.8 to 1.13.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9b69829561d30c4461ea803baeaf3460e8b145cff7a26ce397119577a4083a02 nokogiri-1.13.9-aarch64-linux.gem e76ebb4b7b2e02c72b2d1541289f8b0679fb5984867cf199d89b8ef485764956 nokogiri-1.13.9-arm64-darwin.gem 15bae7d08bddeaa898d8e3f558723300137c26a2dc2632a1f89c8574c4467165 nokogiri-1.13.9-java.gem f6a1dbc7229184357f3129503530af73cc59ceba4932c700a458a561edbe04b9 nokogiri-1.13.9-x64-mingw-ucrt.gem 36d935d799baa4dc488024f71881ff0bc8b172cecdfc54781169c40ec02cbdb3 nokogiri-1.13.9-x64-mingw32.gem ebaf82aa9a11b8fafb67873d19ee48efb565040f04c898cdce8ca0cd53ff1a12 nokogiri-1.13.9-x86-linux.gem 11789a2a11b28bc028ee111f23311461104d8c4468d5b901ab7536b282504154 nokogiri-1.13.9-x86-mingw32.gem 01830e1646803ff91c0fe94bc768ff40082c6de8cfa563dafd01b3f7d5f9d795 nokogiri-1.13.9-x86_64-darwin.gem 8e93b8adec22958013799c8690d81c2cdf8a90b6f6e8150ab22e11895844d781 nokogiri-1.13.9-x86_64-linux.gem 96f37c1baf0234d3ae54c2c89aef7220d4a8a1b03d2675ff7723565b0a095531 nokogiri-1.13.9.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
Julien Voisin
|
3c95350db6
|
Document file GitHub issue (#8810)
Co-authored-by: Julien Voisin <jvoisin@google.com> |
|
|
Fabian Meumertzheim
|
5b1953b201
|
infra/java: Improve reproducibility of memory issues (#8736)
When reproducing, use slightly lower limits on heap and stack size so that minimal changes to fuzz targets, fuzzer and runtime do not cause memory issues to fail to reproduce. |
|
|
Navidem
|
45c5e45aa9
|
Add Monitoring via Fuzz Introspector (#8803) | |
|
Navidem
|
b4a9385b2a
|
Add Fuzz Introspector to FAQ (#8800) | |
|
dependabot[bot]
|
dc07f98f97
|
build(deps): bump commonmarker from 0.23.5 to 0.23.6 in /docs (#8560)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.5 to 0.23.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.6</h2> <h2>What's Changed</h2> <p>This release includes two updates from the upstream <code>cmark-gfm</code> library, namely:</p> <ul> <li><a href="https://github.com/github/cmark-gfm/releases">DoS vulnerability in autolink extension</a> per <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q">GHSA-cgh3-p57x-9q7q</a></li> <li><a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.5">Added <code>xmpp:</code> and <code>mailto:</code> support to the autolink extension</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
|
jonathanmetzman
|
81326f0a39
|
Update integration_rewards.md
Make it easier to find application |