{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":63809205,"defaultBranch":"master","name":"oss-fuzz","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-07-20T19:39:50.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726762070.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"1ea2d8a0758e05c0bd734a88b47917adbe1f14ab","ref":"refs/heads/dependabot/maven/projects/apache-cxf/project-parent/fuzz-targets/maven-ebf8864858","pushedAt":"2024-09-19T16:07:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): bump the maven group across 14 directories with 18 updates\n\nBumps the maven group with 2 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core and org.apache.cxf:cxf-rt-frontend-jaxrs.\nBumps the maven group with 2 updates in the /projects/async-http-client/project-parent/fuzz-targets directory: [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) and org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\nBumps the maven group with 1 update in the /projects/jose4j/project-parent/fuzz-targets directory: [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j).\nBumps the maven group with 1 update in the /projects/nimbus-jwt/nimbus-jwt-fuzzer directory: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt).\nBumps the maven group with 2 updates in the /projects/opencensus-java/project-parent/fuzz-targets directory: [com.google.guava:guava](https://github.com/google/guava) and [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf).\nBumps the maven group with 1 update in the /projects/pdfbox/project-parent/fuzz-targets directory: org.apache.pdfbox:pdfbox.\nBumps the maven group with 1 update in the /projects/xnio-api/xnio-fuzzer directory: org.jboss.xnio:xnio-api.\nBumps the maven group with 1 update in the /projects/yamlbeans/project-parent/fuzz-targets directory: [com.esotericsoftware.yamlbeans:yamlbeans](https://github.com/EsotericSoftware/yamlbeans).\nBumps the maven group with 1 update in the /projects/zt-zip/project-parent/fuzz-targets directory: [org.zeroturnaround:zt-zip](https://github.com/zeroturnaround/zt-zip).\n\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.8\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.asynchttpclient:async-http-client` from Fuzzing-SNAPSHOT to 2.0.35\n- [Release notes](https://github.com/AsyncHttpClient/async-http-client/releases)\n- [Changelog](https://github.com/AsyncHttpClient/async-http-client/blob/main/CHANGES.md)\n- [Commits](https://github.com/AsyncHttpClient/async-http-client/commits/async-http-client-project-2.0.35)\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 12.0.13\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.3\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n- [Commits](https://github.com/eclipse-platform/eclipse.platform/commits)\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.2.4\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n- [Release notes](https://github.com/HtmlUnit/htmlunit/releases)\n- [Commits](https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0)\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.51.v20230217\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 9.4.52.v20230823\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\nUpdates `org.bitbucket.b_c:jose4j` from Fuzzing-SNAPSHOT to 0.9.4\n- [Commits](https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.4)\n\nUpdates `com.nimbusds:nimbus-jose-jwt` from 9.30.1 to 9.37.2\n- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)\n- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.2..9.30.1)\n\nUpdates `com.google.guava:guava` from 31.1-jre to 32.0.0-jre\n- [Release notes](https://github.com/google/guava/releases)\n- [Commits](https://github.com/google/guava/commits)\n\nUpdates `com.google.protobuf:protobuf-java` from 4.0.0-rc-2 to 4.28.2\n- [Release notes](https://github.com/protocolbuffers/protobuf/releases)\n- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)\n- [Commits](https://github.com/protocolbuffers/protobuf/commits)\n\nUpdates `org.apache.pdfbox:pdfbox` from Fuzzing-SNAPSHOT to 1.8.16\n\nUpdates `org.jboss.xnio:xnio-api` from 3.8.8.Final to 3.8.14.Final\n\nUpdates `com.esotericsoftware.yamlbeans:yamlbeans` from Fuzzing-SNAPSHOT to 1.17\n- [Release notes](https://github.com/EsotericSoftware/yamlbeans/releases)\n- [Commits](https://github.com/EsotericSoftware/yamlbeans/commits/1.17)\n\nUpdates `org.zeroturnaround:zt-zip` from Fuzzing-SNAPSHOT to 1.13\n- [Changelog](https://github.com/zeroturnaround/zt-zip/blob/master/Changelog.txt)\n- [Commits](https://github.com/zeroturnaround/zt-zip/commits/zt-zip-1.13)\n\n---\nupdated-dependencies:\n- dependency-name: org.apache.cxf:cxf-core\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.apache.cxf:cxf-rt-frontend-jaxrs\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.asynchttpclient:async-http-client\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.eclipse.jetty:jetty-server\n dependency-type: direct:development\n dependency-group: maven\n- dependency-name: org.apache.avro:avro\n dependency-type: direct:development\n dependency-group: maven\n- dependency-name: org.eclipse.platform:org.eclipse.core.runtime\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.apache.hadoop:hadoop-common\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.htmlunit:htmlunit\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.eclipse.jetty:jetty-server\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.eclipse.jetty:jetty-http\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.eclipse.jetty.http2:http2-server\n dependency-type: direct:development\n dependency-group: maven\n- dependency-name: org.bitbucket.b_c:jose4j\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: com.nimbusds:nimbus-jose-jwt\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: com.google.guava:guava\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: com.google.protobuf:protobuf-java\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.apache.pdfbox:pdfbox\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.jboss.xnio:xnio-api\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: com.esotericsoftware.yamlbeans:yamlbeans\n dependency-type: direct:production\n dependency-group: maven\n- dependency-name: org.zeroturnaround:zt-zip\n dependency-type: direct:production\n dependency-group: maven\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"build(deps): bump the maven group across 14 directories with 18 updates"}},{"before":"92bce305b48ce16c73fa2030589466ab71e0dcab","after":"a958ed8e38ec7b3f5ebc3f8cb4ea6b5f0f0823d6","ref":"refs/heads/master","pushedAt":"2024-09-19T14:21:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"PCRE2 fuzz build fix (#12517)\n\nFixes fuzzer build following\r\nhttps://github.com/PCRE2Project/pcre2/pull/443. cc @PhilipHazel","shortMessageHtmlLink":"PCRE2 fuzz build fix (#12517)"}},{"before":"fc845722f2da2574d36112b75772f93e675fa6e7","after":null,"ref":"refs/heads/dependabot/bundler/docs/bundler-6e3bc67060","pushedAt":"2024-09-19T13:10:36.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"}},{"before":"01529fbc78825f7968980edb6d179921d6ce1074","after":"92bce305b48ce16c73fa2030589466ab71e0dcab","ref":"refs/heads/master","pushedAt":"2024-09-19T13:10:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"build(deps-dev): bump rexml from 3.3.3 to 3.3.6 in /docs in the bundler group (#12515)\n\nBumps the bundler group in /docs with 1 update:\r\n[rexml](https://github.com/ruby/rexml).\r\n\r\nUpdates `rexml` from 3.3.3 to 3.3.6\r\n
\r\nRelease notes\r\n

Sourced from rexml's\r\nreleases.

\r\n
\r\n

REXML 3.3.6 - 2024-08-22

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Removed duplicated entity expansions for performance.

    \r\n
      \r\n
    • GH-194
      • \r\n
    • Patch by Viktor Ivarsson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved namespace conflicted attribute check performance. It was\r\ntoo slow for deep elements.

    \r\n
      \r\n
    • Reported by l33thaxor.
      • \r\n
    \r\n
    • \r\n
\r\n

Fixes

\r\n
    \r\n
  • \r\n

    Fixed a bug that default entity expansions are counted for\r\nsecurity check. Default entity expansions should not be counted\r\nbecause they don't have a security risk.

    \r\n
      \r\n
    • GH-198
      • \r\n
    • GH-199
      • \r\n
    • Patch Viktor Ivarsson
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a parser bug that parameter entity references in internal\r\nsubsets are expanded. It's not allowed in the XML specification.

    \r\n
      \r\n
    • GH-191
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a stream parser bug that user-defined entity references in\r\ntext aren't expanded.

    \r\n
      \r\n
    • GH-200
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
\r\n

Thanks

\r\n
    \r\n
  • \r\n

    Viktor Ivarsson

    \r\n
    • \r\n
  • \r\n

    NAITOH Jun

    \r\n
    • \r\n
  • \r\n

    l33thaxor

    \r\n
    • \r\n
\r\n

REXML 3.3.5 - 2024-08-12

\r\n

Fixes

\r\n
    \r\n
  • Fixed a bug that\r\nREXML::Security.entity_expansion_text_limit\r\ncheck has wrong text size calculation in SAX and pull parsers.\r\n
      \r\n
    • GH-193
      • \r\n
    • GH-195
      • \r\n
    • Reported by Viktor Ivarsson.
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from rexml's\r\nchangelog.

\r\n
\r\n

3.3.6 - 2024-08-22 {#version-3-3-6}

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Removed duplicated entity expansions for performance.

    \r\n
      \r\n
    • GH-194
      • \r\n
    • Patch by Viktor Ivarsson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved namespace conflicted attribute check performance. It was\r\ntoo slow for deep elements.

    \r\n
      \r\n
    • Reported by l33thaxor.
      • \r\n
    \r\n
    • \r\n
\r\n

Fixes

\r\n
    \r\n
  • \r\n

    Fixed a bug that default entity expansions are counted for\r\nsecurity check. Default entity expansions should not be counted\r\nbecause they don't have a security risk.

    \r\n
      \r\n
    • GH-198
      • \r\n
    • GH-199
      • \r\n
    • Patch Viktor Ivarsson
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a parser bug that parameter entity references in internal\r\nsubsets are expanded. It's not allowed in the XML specification.

    \r\n
      \r\n
    • GH-191
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a stream parser bug that user-defined entity references in\r\ntext aren't expanded.

    \r\n
      \r\n
    • GH-200
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
\r\n

Thanks

\r\n
    \r\n
  • \r\n

    Viktor Ivarsson

    \r\n
    • \r\n
  • \r\n

    NAITOH Jun

    \r\n
    • \r\n
  • \r\n

    l33thaxor

    \r\n
    • \r\n
\r\n

3.3.5 - 2024-08-12 {#version-3-3-5}

\r\n

Fixes

\r\n
    \r\n
  • Fixed a bug that\r\nREXML::Security.entity_expansion_text_limit\r\ncheck has wrong text size calculation in SAX and pull parsers.\r\n
      \r\n
    • GH-193
      • \r\n
    • GH-195
      • \r\n
    • Reported by Viktor Ivarsson.
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.3.3&new-version=3.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore ` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore ` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore ` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/google/oss-fuzz/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"build(deps-dev): bump rexml from 3.3.3 to 3.3.6 in /docs in the bundl…"}},{"before":"e7630131dd82bd07de592c6a2ab42ce3554aae20","after":"01529fbc78825f7968980edb6d179921d6ce1074","ref":"refs/heads/master","pushedAt":"2024-09-19T13:10:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Initial project proposal (#12472)\n\nI am requesting permission to integrate\r\n[libconfig](https://github.com/hyperrealm/libconfig) into OSS-Fuzz. I\r\nbelieve that this project is a good candidate for OSS-Fuzz integration\r\nas it serves as a preeminent library for parsing and reading\r\nconfiguration files. The\r\n[Linux](https://github.com/torvalds/linux/blob/master/tools/thermal/thermometer/thermometer.c)\r\nkernel, [Janus WebRTC\r\nServer](https://github.com/meetecho/janus-gateway), and the\r\n[SSLH](https://github.com/yrutschle/sslh) project are just a few\r\nexamples of high-impact and security relevant projects that utilize this\r\nlibrary. In addition to the possibility of uncovering edge-cases and\r\nbugs in the parsing of configuration files, there is the possibility of\r\na malicious actor crafting a corrupted config file for an elevated\r\nservice that could be used to perform privilege escalation.\r\n\r\nPlease see upstream approval for integration\r\n[here](https://github.com/hyperrealm/libconfig/issues/244)","shortMessageHtmlLink":"Initial project proposal (#12472)"}},{"before":"b06ccad074d6e435488ece82719f849082a49518","after":"e7630131dd82bd07de592c6a2ab42ce3554aae20","ref":"refs/heads/master","pushedAt":"2024-09-19T13:09:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Add libsoup project (#12482)","shortMessageHtmlLink":"Add libsoup project (#12482)"}},{"before":"32a0eb55d45f27c35df785a640489ea3deb1d1fd","after":"b06ccad074d6e435488ece82719f849082a49518","ref":"refs/heads/master","pushedAt":"2024-09-19T12:48:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"[initial integration] add glaze json library (#12294)\n\nThis adds glaze, a C++ json library which is very relevant because it is\r\nextremely fast (on par with simdjson) while offering both read and\r\nwrite. It is also nice to work with, so I expect it to increase in\r\npopularity over time.\r\nIt currently has over 1000 stars on github.\r\n\r\nUpstream is happy to get onto ossfuzz:\r\nhttps://github.com/stephenberry/glaze/pull/1222#issuecomment-2258334280\r\n\r\nI have worked with adding fuzzers to it recently, and a lot of bugs have\r\nbeen promptly fixed by upstream. So, at least most of the shallow bugs\r\nare gone already.","shortMessageHtmlLink":"[initial integration] add glaze json library (#12294)"}},{"before":null,"after":"fc845722f2da2574d36112b75772f93e675fa6e7","ref":"refs/heads/dependabot/bundler/docs/bundler-6e3bc67060","pushedAt":"2024-09-18T15:17:59.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps-dev): bump rexml in /docs in the bundler group\n\nBumps the bundler group in /docs with 1 update: [rexml](https://github.com/ruby/rexml).\n\n\nUpdates `rexml` from 3.3.3 to 3.3.6\n- [Release notes](https://github.com/ruby/rexml/releases)\n- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)\n- [Commits](https://github.com/ruby/rexml/compare/v3.3.3...v3.3.6)\n\n---\nupdated-dependencies:\n- dependency-name: rexml\n dependency-type: indirect\n dependency-group: bundler\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"build(deps-dev): bump rexml in /docs in the bundler group"}},{"before":"100f0a70291e533503e61276648165bef94469a6","after":null,"ref":"refs/heads/dependabot/bundler/docs/bundler-d88a561098","pushedAt":"2024-09-18T15:17:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"}},{"before":"62f0f44ab65a6b3b24029a5e02c1b91ae0d4b6b0","after":"32a0eb55d45f27c35df785a640489ea3deb1d1fd","ref":"refs/heads/master","pushedAt":"2024-09-18T15:17:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"build(deps-dev): bump rexml from 3.2.8 to 3.3.3 in /docs in the bundler group (#12303)\n\nBumps the bundler group in /docs with 1 update:\r\n[rexml](https://github.com/ruby/rexml).\r\n\r\nUpdates `rexml` from 3.2.8 to 3.3.3\r\n
\r\nRelease notes\r\n

Sourced from rexml's\r\nreleases.

\r\n
\r\n

REXML 3.3.3 - 2024-08-01

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Added support for detecting invalid XML that has unsupported\r\ncontent before root element

    \r\n
      \r\n
    • GH-184
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added support for\r\nREXML::Security.entity_expansion_limit= and\r\nREXML::Security.entity_expansion_text_limit= in SAX2 and\r\npull\r\nparsers

    \r\n
      \r\n
    • GH-187
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added more tests for invalid XMLs.

    \r\n
      \r\n
    • GH-183
      • \r\n
    • Patch by Watson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added more performance tests.

    \r\n
      \r\n
    • Patch by Watson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-186
      • \r\n
    • Patch by tomoya ishida.
      • \r\n
    \r\n
    • \r\n
\r\n

Thanks

\r\n
    \r\n
  • \r\n

    NAITOH Jun

    \r\n
    • \r\n
  • \r\n

    Watson

    \r\n
    • \r\n
  • \r\n

    tomoya ishida

    \r\n
    • \r\n
\r\n

REXML 3.3.2 - 2024-07-16

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-160
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-169
      • \r\n
    • GH-170
      • \r\n
    • GH-171
      • \r\n
    • GH-172
      • \r\n
    • GH-173
      • \r\n
    • GH-174
      • \r\n
    • GH-175
      • \r\n
    • GH-176
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from rexml's\r\nchangelog.

\r\n
\r\n

3.3.3 - 2024-08-01 {#version-3-3-3}

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Added support for detecting invalid XML that has unsupported\r\ncontent before root element

    \r\n
      \r\n
    • GH-184
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added support for\r\nREXML::Security.entity_expansion_limit= and\r\nREXML::Security.entity_expansion_text_limit= in SAX2 and\r\npull\r\nparsers

    \r\n
      \r\n
    • GH-187
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added more tests for invalid XMLs.

    \r\n
      \r\n
    • GH-183
      • \r\n
    • Patch by Watson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Added more performance tests.

    \r\n
      \r\n
    • Patch by Watson.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-186
      • \r\n
    • Patch by tomoya ishida.
      • \r\n
    \r\n
    • \r\n
\r\n

Thanks

\r\n
    \r\n
  • \r\n

    NAITOH Jun

    \r\n
    • \r\n
  • \r\n

    Watson

    \r\n
    • \r\n
  • \r\n

    tomoya ishida

    \r\n
    • \r\n
\r\n

3.3.2 - 2024-07-16 {#version-3-3-2}

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-160
      • \r\n
    • Patch by NAITOH Jun.
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance.

    \r\n
      \r\n
    • GH-169
      • \r\n
    • GH-170
      • \r\n
    • GH-171
      • \r\n
    • GH-172
      • \r\n
    • GH-173
      • \r\n
    • GH-174
      • \r\n
    • GH-175
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • e4a067e\r\nAdd 3.3.3 entry
    • \r\n
  • 17ff3e7\r\ntest: add a performance test for attribute list declaration
    • \r\n
  • be86b3d\r\ntest: fix wrong test name
    • \r\n
  • b93d790\r\ntest: use double quote for string literal
    • \r\n
  • 0fbe7d5\r\ntest: don't use abbreviated name
    • \r\n
  • 1599e87\r\ntest: add a performance test for PI with many tabs
    • \r\n
  • e2546e6\r\nparse pi: improve invalid case detection
    • \r\n
  • 73661ef\r\ntest: fix a typo
    • \r\n
  • 850488a\r\ntest: use double quote for string literal
    • \r\n
  • 46c6397\r\ntest: add performance tests for entity declaration
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.2.8&new-version=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore ` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore ` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore ` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/google/oss-fuzz/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"build(deps-dev): bump rexml from 3.2.8 to 3.3.3 in /docs in the bundl…"}},{"before":"afc8ca9bb28964f005b7ca24a4c6100f6869fdac","after":"62f0f44ab65a6b3b24029a5e02c1b91ae0d4b6b0","ref":"refs/heads/master","pushedAt":"2024-09-18T15:12:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Directly test bufbuild/protocompile, instead of going through jhump/protoreflect/desc/protoparse (#12504)\n\nI've recently merged a long-lived \"v2\" branch to main in the\r\n`github.com/jhump/protoreflect` repo. The v2 of that repo does _not_\r\ninclude a protoparse package, since that has been effectively replaced\r\nby `github.com/bufbuild/protocompile`. (Since v1.15 of protoreflect, the\r\nprotoparse package is just API veneer on top of protocompile.)\r\n\r\nAfter I did that merge of v2 to main, the fuzzer for the project began\r\nto fail since the packages are no longer present:\r\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71629\r\nSo this updates the fuzzer configuration to directly test the underlying\r\nprotocompile module.\r\n\r\nThere was also a fuzz tester for the\r\n`github.com/jhump/protoreflect/dynamic` package, but it was not actually\r\nenabled. (It was disabled in #6369 but neither the PR description nor\r\ncomment threads describe why this test was problematic 🤷.) Anyhow, that\r\npackage has also been removed for v2, effectively replaced by\r\n`google.golang.org/protobuf/types/dynamicpb`. So this PR deletes it\r\ncompletely from the oss-fuzz repo.","shortMessageHtmlLink":"Directly test bufbuild/protocompile, instead of going through jhump/p…"}},{"before":"a06f052df809e2941fde5194ff55820d38e9d319","after":"afc8ca9bb28964f005b7ca24a4c6100f6869fdac","ref":"refs/heads/master","pushedAt":"2024-09-18T15:04:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"log4j2: Switch to the Log4j 2 development branch (#12514)\n\nIn #12304, we used `fuzzing` branch of the `apache/logging-log4j2`\r\nrepository while developing the Log4j 2 integration. This work was\r\nsuccessful and we eventually merged the `fuzzing` branch to\r\n`2.x`1 in apache/logging-log4j2#2949. Now we can point\r\nOSS-Fuzz to the permanent location of the Log4j 2 fuzz tests.\r\n\r\n1 [`2.x` is the main branch where Log4j 2 development takes\r\nplace.](https://logging.apache.org/log4j/2.x/development.html#branching)","shortMessageHtmlLink":"log4j2: Switch to the Log4j 2 development branch (#12514)"}},{"before":"e5978be957f93cf81961282b126941d26abc0c8e","after":"a06f052df809e2941fde5194ff55820d38e9d319","ref":"refs/heads/master","pushedAt":"2024-09-18T14:55:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"gitoxide: Use updated nightly to fix serde error (#12512)\n\nSince around https://github.com/Byron/gitoxide/pull/1536, fuzzing is\r\nbroken for `gitoxide` due to an error related to `serde`. As shown there\r\nand in https://github.com/Byron/gitoxide/pull/1596, the error is:\r\n\r\n error[E0658]: `#[diagnostic]` attribute name space is experimental\r\n-->\r\n/rust/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.210/src/de/mod.rs:536:5\r\n |\r\n 536 | diagnostic::on_unimplemented(\r\n | ^^^^^^^^^^\r\n |\r\n= note: see issue #111996\r\n for more information\r\n= help: add `#![feature(diagnostic_namespace)]` to the crate attributes\r\nto enable\r\n= note: this compiler was built on 2024-02-11; consider upgrading it if\r\nit is out of date\r\n\r\nSince https://github.com/rust-lang/rust/issues/111996 is closed as\r\ncompleted, and similar errors appear to have been fixed in oss-fuzz for\r\nother projects by using the latest nightly toolchain, this makes the\r\nsame change for `gitoxide` as was made in:\r\n\r\n- https://github.com/google/oss-fuzz/pull/12404 for `starlark-rust`\r\n- https://github.com/google/oss-fuzz/pull/12409 for `rhai`\r\n\r\nSee also:\r\n\r\n- https://github.com/google/oss-fuzz/issues/12410\r\n- https://github.com/serde-rs/serde/issues/2770\r\n\r\ncc @Byron","shortMessageHtmlLink":"gitoxide: Use updated nightly to fix serde error (#12512)"}},{"before":"0203b407fd840548ddfca25d5e9fe79d7beb641b","after":"e5978be957f93cf81961282b126941d26abc0c8e","ref":"refs/heads/master","pushedAt":"2024-09-18T12:37:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"cert-manager: add upstream fuzzer (#12513)\n\nThe vault fuzzer was renamed and another fuzzer was added.\r\n\r\nSigned-off-by: Adam Korczynski ","shortMessageHtmlLink":"cert-manager: add upstream fuzzer (#12513)"}},{"before":"d23806ba9cb9f34ab70f1e397bbd726146f44e0f","after":"0203b407fd840548ddfca25d5e9fe79d7beb641b","ref":"refs/heads/master","pushedAt":"2024-09-18T03:17:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"tinyxml2: strip extension from binary name","shortMessageHtmlLink":"tinyxml2: strip extension from binary name"}},{"before":"3302ca569505905b1730f43b33ab08f4bb672bcb","after":"d23806ba9cb9f34ab70f1e397bbd726146f44e0f","ref":"refs/heads/master","pushedAt":"2024-09-17T11:07:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"tidb: fix broken build (#12510)\n\nSigned-off-by: Adam Korczynski ","shortMessageHtmlLink":"tidb: fix broken build (#12510)"}},{"before":"78a50ae98eb234f7a71c809b94cb1dd4791efb8f","after":"3302ca569505905b1730f43b33ab08f4bb672bcb","ref":"refs/heads/master","pushedAt":"2024-09-17T11:02:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"AdamKorcz","name":null,"path":"/AdamKorcz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/44787359?s=80&v=4"},"commit":{"message":"mongo-go-driver: fix build (#12489)\n\nFixes:\r\n[71522](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71522)\r\n\r\ncc: @prestonvasquez","shortMessageHtmlLink":"mongo-go-driver: fix build (#12489)"}},{"before":"22d1aa47a838e695087075453f9ffae03650e9aa","after":"78a50ae98eb234f7a71c809b94cb1dd4791efb8f","ref":"refs/heads/master","pushedAt":"2024-09-17T10:57:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"lotus: fix broken build (#12509)\n\nSigned-off-by: Adam Korczynski ","shortMessageHtmlLink":"lotus: fix broken build (#12509)"}},{"before":"dbdfd696c665b9d129503337b1d97b6f42784853","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/infra/cifuzz/npm_and_yarn-5ceea272f3","pushedAt":"2024-09-16T21:00:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"10a70be6217f5bc2542a23a8bf94d24e4ca356a6","after":null,"ref":"refs/heads/llamafix","pushedAt":"2024-09-16T10:00:46.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"AdamKorcz","name":null,"path":"/AdamKorcz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/44787359?s=80&v=4"}},{"before":"2325a301c9460f3edc7040a39f8cade5300b81f6","after":"22d1aa47a838e695087075453f9ffae03650e9aa","ref":"refs/heads/master","pushedAt":"2024-09-16T10:00:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"AdamKorcz","name":null,"path":"/AdamKorcz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/44787359?s=80&v=4"},"commit":{"message":"llamacpp: fix build (#12503)\n\nSigned-off-by: David Korczynski ","shortMessageHtmlLink":"llamacpp: fix build (#12503)"}},{"before":"516cd80560abe5e75783f2d6faab6a0f090a04c0","after":null,"ref":"refs/heads/DavidKorczynski-patch-9","pushedAt":"2024-09-16T09:15:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"}},{"before":"3a267a1839ea22a1dc78ce7edecc5fc939e0af8d","after":"2325a301c9460f3edc7040a39f8cade5300b81f6","ref":"refs/heads/master","pushedAt":"2024-09-16T09:15:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"infra: bump fuzz introspector (#12492)\n\ncontains updates for Python","shortMessageHtmlLink":"infra: bump fuzz introspector (#12492)"}},{"before":null,"after":"10a70be6217f5bc2542a23a8bf94d24e4ca356a6","ref":"refs/heads/llamafix","pushedAt":"2024-09-16T09:06:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"DavidKorczynski","name":null,"path":"/DavidKorczynski","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/657617?s=80&v=4"},"commit":{"message":"llamacpp: fix build\n\nSigned-off-by: David Korczynski ","shortMessageHtmlLink":"llamacpp: fix build"}},{"before":"af41d9617719d8c8cca2de70068cd5db91826210","after":null,"ref":"refs/heads/cups","pushedAt":"2024-09-15T03:20:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"}},{"before":"0e4253b0b1ca6608c81a2b77fda944e6750f60bd","after":"3a267a1839ea22a1dc78ce7edecc5fc939e0af8d","ref":"refs/heads/master","pushedAt":"2024-09-15T03:20:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Temporarily remove cups-filters (#12501)\n\nIt's never had a successful build, which causes oss-fuzz to exception\r\nand loop, about 4 million times in the past few weeks.","shortMessageHtmlLink":"Temporarily remove cups-filters (#12501)"}},{"before":null,"after":"af41d9617719d8c8cca2de70068cd5db91826210","ref":"refs/heads/cups","pushedAt":"2024-09-15T03:19:29.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Temporarily remove cups-filters\n\nIt's never had a successful build, which causes oss-fuzz to exception\nand loop, about 4 million times in the past few weeks.","shortMessageHtmlLink":"Temporarily remove cups-filters"}},{"before":"3bd0a10e98b7ce75d51aa80add8f9b83e60ebb40","after":null,"ref":"refs/heads/jonathanmetzman-patch-5","pushedAt":"2024-09-15T03:16:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"}},{"before":"e91c435847fc033e8dfe8d702af408f2e0f75bb8","after":"0e4253b0b1ca6608c81a2b77fda944e6750f60bd","ref":"refs/heads/master","pushedAt":"2024-09-15T03:16:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Disable honggfuzz and AFL on lldb-eval (#12500)\n\nIt was enabled by accident and never worked.","shortMessageHtmlLink":"Disable honggfuzz and AFL on lldb-eval (#12500)"}},{"before":null,"after":"3bd0a10e98b7ce75d51aa80add8f9b83e60ebb40","ref":"refs/heads/jonathanmetzman-patch-5","pushedAt":"2024-09-15T03:15:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jonathanmetzman","name":null,"path":"/jonathanmetzman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/31354670?s=80&v=4"},"commit":{"message":"Disable honggfuzz and AFL on lldb-eval\n\nIt was enabled by accident and never worked.","shortMessageHtmlLink":"Disable honggfuzz and AFL on lldb-eval"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEuxML6gA","startCursor":null,"endCursor":null}},"title":"Activity · google/oss-fuzz"}