pullrequests Search Results · language:Dune language:JavaScript language:Python language:HTML language:Python language:JavaScript
Filter by
175M results
Haozhe-Lichore: update centos images
Signed-off-by: OSISM Bot bot@osism.tech
github-actions[bot]
…nt_round
Neutronlul
现象
frontends/wechatapp.py 的 _dl_media 把入站消息里的 file_name 直接用来落盘解密后的媒体内容。file_name 来自对方消息,攻击者可控。
根因
fname = sub.get( file_name ) or f {uuid...}{ext}
p = os.path.join(_TEMP_DIR, fname); open(p, wb ).write(pt) ...
kevinchennewbee
Reset Week only restored Zoras, leaving the week s 30 settled games on the slate. Since the week key is calendar-derived
and the slate is capped at 30, Refresh Slate then reported the slate as at capacity ...
quarterback
- 🚨 Severity: CRITICAL
- 💡 Vulnerability: XSS via Array Type Confusion / Implicit toString() Bypass
- 🎯 Impact: Allows an attacker to bypass XSS protections by providing an array or object, which ...
benpiper
Dependabot will resolve any conflicts with this PR as long as you don t alter it yourself. You can also trigger a rebase
manually by commenting @dependabot rebase.
details summary Dependabot commands ...
dependencies
javascript
dependabot[bot]
NodePy 1.1 is out !
What s New
Performance Optimization
- Quadtree-based collision checks — collision detection is now faster and scales better with more objects.
- Matrix3x3 rewrite — switched ...
OneTrain2005
Summary
Part 3 of ~4 PRs fixing bugs from a router review. This one covers scorer detection precision in the authoritative
route() path (scorer.py only).
1. Plural PII dodged the word boundaries
\bpassword\b ...
spurnout
Fixes the three issues raised: Export was broken, examples were health-only, and editing was clumsy.
- Export works now (PNG 2x / SVG, transparent option) from the Header and Model menu.
- Direct ...
choxos