Stirling-PDF

mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-11-01 01:21:18 +01:00

History

Ludy 9ed0283f15 fix(ci): 🛡️mitigate CVE-2025-8869 by pinning pip to patched commit and upgrading dev dependency pins (#4630 ) # Description of Changes Summary - Enforce wheels-only installs for CI/dev workflows where feasible and pin `pip` to a specific, patched VCS commit as an interim mitigation. - Replace the explicit `pip==25.2` entry with a VCS-pinned `pip` reference in `.github/scripts/requirements_dev.in` and the regenerated `.github/scripts/requirements_dev.txt`. - Refresh and re-hash multiple development dependency pins in the locked `requirements_dev.txt` to ensure reproducible installs and reduce exposure to vulnerable transitive packages. - Add notes and guidance for maintainers on reverting the VCS pin once an official pip release contains the fix. Why the change was made - CVE-2025-8869 allows malicious sdists to include links that escape the intended extraction directory, enabling arbitrary file overwrite during `pip install`. CI and developer automation that installs dev dependencies are at risk if they process attacker-controlled sdists. - This PR reduces immediate attack surface by preferring wheel installations where possible and pinning pip to a known patched commit until an official fixed pip release is available. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.		2025-10-16 22:40:14 +01:00
..
cucumber	fix(ci): 🛡️mitigate CVE-2025-8869 by pinning pip to patched commit and upgrading dev dependency pins (#4630 )	2025-10-16 22:40:14 +01:00
testdriver	Test cleanup, JVM GC and api (#2787 )	2025-01-26 13:10:16 +00:00
allEndpointsRemovedSettings.yml	Defaulting JWT settings to `false` (#4416 )	2025-09-30 12:02:11 +01:00
endpoints.txt	Add Attachments Feature (#3781 )	2025-06-24 23:52:17 +01:00
test2.sh	Test cleanup, JVM GC and api (#2787 )	2025-01-26 13:10:16 +00:00
test_disabledEndpoints.sh	Pipeline shows disabled endpoints fix (#2881 ) (#3282 )	2025-04-09 11:03:40 +01:00
test_webpages.sh	Upgrade Gradle to 8.14 in CI Workflows and Gradle Wrapper (#3425 )	2025-04-27 16:17:07 +01:00
test.sh	refactor: move modules under app/ directory and update file paths (#3938 )	2025-07-14 20:53:11 +01:00
webpage_urls_full.txt	Security fixes, enterprise stuff and more (#3241 )	2025-03-25 17:57:17 +00:00
webpage_urls.txt	feat(crop): Crop remove outside text (#4499 )	2025-10-11 18:35:24 +01:00