{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":3219804,"defaultBranch":"master","name":"libarchive","ownerLogin":"libarchive","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-01-19T18:16:02.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1354741?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1714949792.0","currentOid":""},"activityList":{"items":[{"before":"b00e916edadf50fa82f8ddcd83dd4b975b965eb5","after":"6ff1cd1e487ddf545337b88da3f1f5ca69a2f958","ref":"refs/heads/master","pushedAt":"2024-05-07T03:46:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"Define INT_MAX via `#include ` (#2170)\n\n#2110 added usages of INT_MAX here without adding the necessary header.\r\n\r\nResolves #2162","shortMessageHtmlLink":"Define INT_MAX via #include <limits.h> (#2170)"}},{"before":"84ce0246ba826a96ff010494c46f3fb7fa8bf08c","after":null,"ref":"refs/heads/dependabot/github_actions/all-actions-3b640b2141","pushedAt":"2024-05-05T22:56:32.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"47be31fb1c1296c9f7622d483936e8bfa0ec2fc4","after":"b00e916edadf50fa82f8ddcd83dd4b975b965eb5","ref":"refs/heads/master","pushedAt":"2024-05-05T22:56:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"CI: Bump the all-actions group with 2 updates (#2152)\n\nBumps the all-actions group with 2 updates:\r\n[actions/checkout](https://github.com/actions/checkout) and\r\n[github/codeql-action](https://github.com/github/codeql-action).\r\n\r\nUpdates `actions/checkout` from 4.1.3 to 4.1.4\r\n
\r\nRelease notes\r\n

Sourced from actions/checkout's\r\nreleases.

\r\n
\r\n

v4.1.4

\r\n

What's Changed

\r\n
    \r\n
  • Disable extensions.worktreeConfig when disabling\r\nsparse-checkout by @​jww3 in actions/checkout#1692
    • \r\n
  • Add dependabot config by @​cory-miller in\r\nactions/checkout#1688
    • \r\n
  • Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643
    • \r\n
  • Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
    • \r\n
\r\n

Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from actions/checkout's\r\nchangelog.

\r\n
\r\n

Changelog

\r\n

v4.1.4

\r\n
    \r\n
  • Disable extensions.worktreeConfig when disabling\r\nsparse-checkout by @​jww3 in actions/checkout#1692
    • \r\n
  • Add dependabot config by @​cory-miller in\r\nactions/checkout#1688
    • \r\n
  • Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
    • \r\n
  • Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643
    • \r\n
\r\n

v4.1.3

\r\n
    \r\n
  • Check git version before attempting to disable\r\nsparse-checkout by @​jww3 in actions/checkout#1656
    • \r\n
  • Add SSH user parameter by @​cory-miller in\r\nactions/checkout#1685
    • \r\n
  • Update actions/checkout version in\r\nupdate-main-version.yml by @​jww3 in actions/checkout#1650
    • \r\n
\r\n

v4.1.2

\r\n
    \r\n
  • Fix: Disable sparse checkout whenever sparse-checkout\r\noption is not present @​dscho in actions/checkout#1598
    • \r\n
\r\n

v4.1.1

\r\n
    \r\n
  • Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
    • \r\n
  • Link to release page from what's new section by @​cory-miller in\r\nactions/checkout#1514
    • \r\n
\r\n

v4.1.0

\r\n\r\n

v4.0.0

\r\n
    \r\n
  • Support\r\nfetching without the --progress option
    • \r\n
  • Update to\r\nnode20
    • \r\n
\r\n

v3.6.0

\r\n\r\n

v3.5.3

\r\n\r\n

v3.5.2

\r\n\r\n

v3.5.1

\r\n\r\n

v3.5.0

\r\n\r\n

v3.4.0

\r\n
    \r\n
  • Upgrade\r\ncodeql actions to v2
    • \r\n
  • Upgrade\r\ndependencies
    • \r\n
  • Upgrade\r\n@​actions/io
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\nUpdates `github/codeql-action` from 3.25.2 to 3.25.3\r\n
\r\nChangelog\r\n

Sourced from github/codeql-action's\r\nchangelog.

\r\n
\r\n

CodeQL Action Changelog

\r\n

See the releases\r\npage for the relevant changes to the CodeQL CLI and language\r\npacks.

\r\n

Note that the only difference between v2 and\r\nv3 of the CodeQL Action is the node version they support,\r\nwith v3 running on node 20 while we continue to release\r\nv2 to support running on node 16. For example\r\n3.22.11 was the first v3 release and is\r\nfunctionally identical to 2.22.11. This approach ensures an\r\neasy way to track exactly which features are included in different\r\nversions, indicated by the minor and patch version numbers.

\r\n

[UNRELEASED]

\r\n

No user facing changes.

\r\n

3.25.3 - 25 Apr 2024

\r\n
    \r\n
  • Update default CodeQL bundle version to 2.17.1. #2247
    • \r\n
  • Workflows running on macos-latest using CodeQL CLI\r\nversions before v2.15.1 will need to either upgrade their CLI version to\r\nv2.15.1 or newer, or change the platform to an Intel MacOS runner, such\r\nas macos-12. ARM machines with SIP disabled, including the\r\nnewest macos-latest image, are unsupported for CLI versions\r\nbefore 2.15.1. #2261
    • \r\n
\r\n

3.25.2 - 22 Apr 2024

\r\n

No user facing changes.

\r\n

3.25.1 - 17 Apr 2024

\r\n
    \r\n
  • We are rolling out a feature in April/May 2024 that improves the\r\nreliability and performance of analyzing code when analyzing a compiled\r\nlanguage with the autobuild build\r\nmode. #2235
    • \r\n
  • Fix a bug where the init Action would fail if\r\n--overwrite was specified in\r\nCODEQL_ACTION_EXTRA_OPTIONS. #2245
    • \r\n
\r\n

3.25.0 - 15 Apr 2024

\r\n
    \r\n
  • \r\n

    The deprecated feature for extracting dependencies for a Python\r\nanalysis has been removed. #2224

    \r\n

    As a result, the following inputs and environment variables are now\r\nignored:

    \r\n
      \r\n
    • The setup-python-dependencies input to the\r\ninit Action
      • \r\n
    • The\r\nCODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION\r\nenvironment variable
      • \r\n
    \r\n

    We recommend removing any references to these from your workflows.\r\nFor more information, see the release notes for CodeQL Action v3.23.0\r\nand v2.23.0.

    \r\n
    • \r\n
  • \r\n

    Automatically overwrite an existing database if found on the\r\nfilesystem. #2229

    \r\n
    • \r\n
  • \r\n

    Bump the minimum CodeQL bundle version to 2.12.6. #2232

    \r\n
    • \r\n
  • \r\n

    A more relevant log message and a diagnostic are now emitted when the\r\nfile program is not installed on a Linux runner, but is\r\nrequired for Go tracing to succeed. #2234

    \r\n
    • \r\n
\r\n

3.24.10 - 05 Apr 2024

\r\n
    \r\n
  • Update default CodeQL bundle version to 2.17.0. #2219
    • \r\n
  • Add a deprecation warning for customers using CodeQL version 2.12.5\r\nand earlier. These versions of CodeQL were discontinued on 26 March 2024\r\nalongside GitHub Enterprise Server 3.8, and will be unsupported by\r\nCodeQL Action versions 3.25.0 and later and versions 2.25.0 and later.\r\n#2220\r\n
      \r\n
    • If you are using one of these versions, please update to CodeQL CLI\r\nversion 2.12.6 or later. For instance, if you have specified a custom\r\nversion of the CLI using the 'tools' input to the 'init' Action, you can\r\nremove this input to use the default version.
      • \r\n
    • Alternatively, if you want to continue using a version of the CodeQL\r\nCLI between 2.11.6 and 2.12.5, you can replace\r\ngithub/codeql-action/*@v3 by\r\ngithub/codeql-action/*@v3.24.10 and\r\ngithub/codeql-action/*@v2 by\r\ngithub/codeql-action/*@v2.24.10 in your code scanning\r\nworkflow to ensure you continue using this version of the CodeQL\r\nAction.
      • \r\n
    \r\n
    • \r\n
\r\n

3.24.9 - 22 Mar 2024

\r\n
    \r\n
  • Update default CodeQL bundle version to 2.16.5. #2203
    • \r\n
\r\n

3.24.8 - 18 Mar 2024

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore ` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore ` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore ` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\n\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"CI: Bump the all-actions group with 2 updates (#2152)"}},{"before":"1e406c9ea204a8bca9067c40edb60e6c8ae168e6","after":"47be31fb1c1296c9f7622d483936e8bfa0ec2fc4","ref":"refs/heads/master","pushedAt":"2024-05-05T22:41:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"Fix typos (#2169)\n\nRemove duplicated \"of\" in write-filter comments.","shortMessageHtmlLink":"Fix typos (#2169)"}},{"before":"6818dd167cb190c76e0cfdeb40cd73aa22b96bd8","after":"1e406c9ea204a8bca9067c40edb60e6c8ae168e6","ref":"refs/heads/master","pushedAt":"2024-05-05T22:40:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"uu: Stop processing if lines are too long (#2168)\n\nProcessing excessively long lines could lead to out of boundary writes\r\nor denial of service due to O(n^2) runtime complexity.\r\n\r\nThe OOB is properly fixed with first commit. The second commit stops\r\nprocessing of lines which are longer than uu allows due to its\r\nspecification.","shortMessageHtmlLink":"uu: Stop processing if lines are too long (#2168)"}},{"before":"7a6bb5f5ac3fd1f343577ae667d1829fbeacfb74","after":"6818dd167cb190c76e0cfdeb40cd73aa22b96bd8","ref":"refs/heads/master","pushedAt":"2024-05-04T19:17:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"lha: Fix integer truncation on 32 bit systems (#2161)\n\nThe comp size could be around INT_MAX on huge archives, which would lead\r\nto eventual integer truncation to size_t in archives with version 1\r\nheaders when fixed value 2 is added to comp_size on 32 bit systems.\r\n\r\nThis fix is a no-op on 64 bit systems because size_t and uint64_t are of\r\nsame size there.","shortMessageHtmlLink":"lha: Fix integer truncation on 32 bit systems (#2161)"}},{"before":"9a50ce48b649a8050307ce17a5ca4bcda196393d","after":"7a6bb5f5ac3fd1f343577ae667d1829fbeacfb74","ref":"refs/heads/master","pushedAt":"2024-05-04T19:15:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"Rename the test to match the filename, and avoid test failures on cas… (#2166)\n\n…e-insensitive filesystems\r\n\r\nResolves #2164","shortMessageHtmlLink":"Rename the test to match the filename, and avoid test failures on cas… ("}},{"before":"0936dd5c00c8ab53fd3c4917b30a3a4160ee1694","after":"9a50ce48b649a8050307ce17a5ca4bcda196393d","ref":"refs/heads/master","pushedAt":"2024-05-04T17:58:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"Fix typos (#2165)\n\nTypos found with codespell.","shortMessageHtmlLink":"Fix typos (#2165)"}},{"before":"bad9a4ebb6bee259ee82ba537bc7e72609b40767","after":"0936dd5c00c8ab53fd3c4917b30a3a4160ee1694","ref":"refs/heads/master","pushedAt":"2024-05-03T23:27:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"rpm: Test handling of huge header sizes (#2163)\n\nThis implements a test for the change in PR #2158","shortMessageHtmlLink":"rpm: Test handling of huge header sizes (#2163)"}},{"before":"80af74ccbf529b31c66b1879ebc570b9b828a2a6","after":"bad9a4ebb6bee259ee82ba537bc7e72609b40767","ref":"refs/heads/master","pushedAt":"2024-05-03T22:19:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"Fix out of boundary access in mktemp functions (#2160)\n\nSome of the mktemp-related functions might access memory out of bounds\r\nif TMPDIR is empty or other such situations lead to an empty\r\narchive_string.","shortMessageHtmlLink":"Fix out of boundary access in mktemp functions (#2160)"}},{"before":"b9f713540cc33a66a44728dd706aea487b989913","after":"80af74ccbf529b31c66b1879ebc570b9b828a2a6","ref":"refs/heads/master","pushedAt":"2024-05-03T22:18:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"zip: Improve bid for huge EOCDs (#2159)\n\nCast any of cd_offset or cd_size to int64_t to avoid truncation of\r\nresult because both variables are of type uint32_t.\r\n\r\nThe calculation happens before comparison with current_offset, so it is\r\nnot automatically expanded to int64_t during calculation.","shortMessageHtmlLink":"zip: Improve bid for huge EOCDs (#2159)"}},{"before":"83e8b0ea8c3b07e07ac3dee90a8724565f8e53fd","after":"b9f713540cc33a66a44728dd706aea487b989913","ref":"refs/heads/master","pushedAt":"2024-05-03T21:41:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"kientzle","name":"Tim Kientzle","path":"/kientzle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1398793?s=80&v=4"},"commit":{"message":"rpm: Calculate huge header sizes correctly (#2158)\n\nIf an RPM file contains a huge header which is larger than 4 GB then\r\nlibarchive starts parsing the RPM header as actual archive instead of\r\nskipping it.\r\n\r\nSwitched to uint64_t from size_t for proper 32 bit support as well.","shortMessageHtmlLink":"rpm: Calculate huge header sizes correctly (#2158)"}},{"before":"36047967a2c9c27b749b2fc8f1557096ee964085","after":"83e8b0ea8c3b07e07ac3dee90a8724565f8e53fd","ref":"refs/heads/master","pushedAt":"2024-04-30T09:28:26.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"tests: setenv LANG to en_US.UTF-8 in bsdunzip test_I.c","shortMessageHtmlLink":"tests: setenv LANG to en_US.UTF-8 in bsdunzip test_I.c"}},{"before":"93b11caed8b7e23081d3247b182fbc1b86a120f9","after":"36047967a2c9c27b749b2fc8f1557096ee964085","ref":"refs/heads/master","pushedAt":"2024-04-30T06:59:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"archive_string: Clean up strncat_from_utf8_to_utf8 (#2147)\n\nReplace some tricky direct manipulation of string internals with simpler\r\nand safer high-level string APIs.","shortMessageHtmlLink":"archive_string: Clean up strncat_from_utf8_to_utf8 (#2147)"}},{"before":"287e05d539fcb9bb2aab22844c161070199b6698","after":"93b11caed8b7e23081d3247b182fbc1b86a120f9","ref":"refs/heads/master","pushedAt":"2024-04-29T20:06:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"lha: Do not allow negative file sizes (#2155)\n\nFiles sizes cannot be negative, so abort lha processing if archive\r\nclaims otherwise.","shortMessageHtmlLink":"lha: Do not allow negative file sizes (#2155)"}},{"before":"0ce1b4c382f96f0591ea0496af49d2f8c8f8edb8","after":"287e05d539fcb9bb2aab22844c161070199b6698","ref":"refs/heads/master","pushedAt":"2024-04-29T20:05:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"archive_match: Turn counter into flag (#2154)\n\nWhen working with matches, the code does not care about the actual\r\namount of times when it matched, but just if it matched so far at least\r\nonce or never.\r\n\r\nTurning the counter into a boolean flag has the advantage that even\r\ninsanely huge archives will never lead to integer overflow here.","shortMessageHtmlLink":"archive_match: Turn counter into flag (#2154)"}},{"before":"3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b","after":"0ce1b4c382f96f0591ea0496af49d2f8c8f8edb8","ref":"refs/heads/master","pushedAt":"2024-04-29T20:00:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"archive_match: check archive_read_support_format_raw() return value (#2153)\n\nIf call of archive_read_support_format_raw fails, do not override the\r\nerror return value with the return value of\r\narchive_read_support_format_empty(). Instead, return error code as expected.","shortMessageHtmlLink":"archive_match: check archive_read_support_format_raw() return value (#…"}},{"before":null,"after":"84ce0246ba826a96ff010494c46f3fb7fa8bf08c","ref":"refs/heads/dependabot/github_actions/all-actions-3b640b2141","pushedAt":"2024-04-29T16:13:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"CI: Bump the all-actions group with 2 updates\n\nBumps the all-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `actions/checkout` from 4.1.3 to 4.1.4\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b)\n\nUpdates `github/codeql-action` from 3.25.2 to 3.25.3\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/8f596b4ae3cb3c588a5c46780b86dd53fef16c52...d39d31e687223d841ef683f52467bd88e9b21c14)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: all-actions\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: all-actions\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"CI: Bump the all-actions group with 2 updates"}},{"before":"a1cb648d52f5b6d3f31184d9b6a7cbca628459b7","after":"3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b","ref":"refs/heads/master","pushedAt":"2024-04-28T21:53:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"fix: OOB in rar audio filter (#2149)\n\nThis patch ensures that `src` won't move ahead of `dst`, so `src` will\r\nnot OOB. Similar situation like in a1cb648.","shortMessageHtmlLink":"fix: OOB in rar audio filter (#2149)"}},{"before":"b910cb70d4c1b311c9d85cd536a6c91647c43df7","after":"a1cb648d52f5b6d3f31184d9b6a7cbca628459b7","ref":"refs/heads/master","pushedAt":"2024-04-28T21:50:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"fix: OOB in rar delta filter (#2148)\n\nEnsure that `src` won't move ahead of `dst`, so `src` will not OOB.\r\nSince `dst` won't move in this function, and we are only increasing `src`\r\nposition, this check should be enough. It should be safe to early return\r\nbecause this function does not allocate resources.","shortMessageHtmlLink":"fix: OOB in rar delta filter (#2148)"}},{"before":"9951b9cd25a4363b4b36308e5058c5b8c2c55471","after":"b910cb70d4c1b311c9d85cd536a6c91647c43df7","ref":"refs/heads/master","pushedAt":"2024-04-28T21:48:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"xar: Fix another infinite loop and expat error handling (#2150)\n\nFixes two issues:\r\n- expat code keeps track of error conditions\r\n- adding link=original multiple times is prohibited","shortMessageHtmlLink":"xar: Fix another infinite loop and expat error handling (#2150)"}},{"before":"313aa1fa10b657de791e3202c168a6c833bc3543","after":"9951b9cd25a4363b4b36308e5058c5b8c2c55471","ref":"refs/heads/master","pushedAt":"2024-04-26T10:08:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"Libarchive 3.7.5dev","shortMessageHtmlLink":"Libarchive 3.7.5dev"}},{"before":"4fcc02d906cca4b9e21a78a833f1142a2689ec52","after":"313aa1fa10b657de791e3202c168a6c833bc3543","ref":"refs/heads/release","pushedAt":"2024-04-26T09:23:15.000Z","pushType":"push","commitsCount":28,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"Release 3.7.4","shortMessageHtmlLink":"Release 3.7.4"}},{"before":"d9f44c5b44038c735a78cc1b32fda1ea7b88be25","after":"313aa1fa10b657de791e3202c168a6c833bc3543","ref":"refs/heads/master","pushedAt":"2024-04-26T09:22:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"Release 3.7.4","shortMessageHtmlLink":"Release 3.7.4"}},{"before":"f673faefaad28de77e91167e1a70d7c2a32af7fe","after":"d9f44c5b44038c735a78cc1b32fda1ea7b88be25","ref":"refs/heads/master","pushedAt":"2024-04-25T09:39:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"bsdtar: Fix error handling around strtol() usages (#2110)\n\nThe code here had a couple of bad code patterns that seem to have been\r\ncopied throughout:\r\n* Checking errno after strtol() -- Standard C doesn't seem to actually\r\nrequire this, so we shouldn't rely on it\r\n* Casting the result of strtol() directly to `int`. This loses\r\ninformation prematurely.\r\n\r\nInstead, I've added `l` as a temporary of type `long`, use that to hold\r\nthe result of `strtol()` until it can be checked. I've also removed the\r\n`errno` tests in favor of checking the end pointer value.\r\n\r\nThe limit for --strip-components has been raised to 100 000.","shortMessageHtmlLink":"bsdtar: Fix error handling around strtol() usages (#2110)"}},{"before":"5cc96c955adf5252ff3d16ff93a96b6273192d94","after":"f673faefaad28de77e91167e1a70d7c2a32af7fe","ref":"refs/heads/master","pushedAt":"2024-04-25T09:22:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"Fix typos (#2143)\n\nFix typos in comments, documentation, and error messages.","shortMessageHtmlLink":"Fix typos (#2143)"}},{"before":"b6a979481b7d77c12fa17bbed94576b63bbcb0c0","after":"5cc96c955adf5252ff3d16ff93a96b6273192d94","ref":"refs/heads/master","pushedAt":"2024-04-25T09:20:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"warc: Check realloc return value (#2144)\n\nSince realloc could fail, check its return value and set a proper error\r\nmessage.","shortMessageHtmlLink":"warc: Check realloc return value (#2144)"}},{"before":"e6d2ce1c6c15e0e4edaaf14b31a2ac335c27d9a3","after":"b6a979481b7d77c12fa17bbed94576b63bbcb0c0","ref":"refs/heads/master","pushedAt":"2024-04-25T09:18:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"zip: Fix out of boundary access (#2145)\n\nIf a ZIP file contains a file with an empty name and mac-ext option is\r\nset, then a check accesses memory out of bound of `name`.","shortMessageHtmlLink":"zip: Fix out of boundary access (#2145)"}},{"before":"d90cdedab6a87dfb0253542ede252129ba2b0eec","after":null,"ref":"refs/heads/dependabot/github_actions/all-actions-dc83195fab","pushedAt":"2024-04-23T14:42:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"284ba9539aa1217df77c2f14e6941483de48d382","after":"e6d2ce1c6c15e0e4edaaf14b31a2ac335c27d9a3","ref":"refs/heads/master","pushedAt":"2024-04-23T14:41:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mmatuska","name":"Martin Matuška","path":"/mmatuska","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/924604?s=80&v=4"},"commit":{"message":"CI: bump the all-actions group with 3 updates (#2140)\n\nUpdates actions/checkout from 4.1.2 to 4.1.3\r\nUpdates actions/upload-artifact from 4.3.1 to 4.3.3\r\nUpdates github/codeql-action from 3.24.8 to 3.25.2\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"CI: bump the all-actions group with 3 updates (#2140)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEQyPHZAA","startCursor":null,"endCursor":null}},"title":"Activity · libarchive/libarchive"}