From 3839dcc08292f9504498563fefd93b8f523230d1 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Sat, 7 Feb 2026 14:41:17 +0530 Subject: [PATCH] Bump dependency for CVE --- .github/workflows/ci.py | 2 -- bypy/sources.json | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.py b/.github/workflows/ci.py index d36da09ea..a5167d72f 100644 --- a/.github/workflows/ci.py +++ b/.github/workflows/ci.py @@ -224,8 +224,6 @@ IGNORED_DEPENDENCY_CVES = [ 'CVE-2025-15367', 'CVE-2025-12781', 'CVE-2025-11468', - # glib - 'CVE-2025-4056', # Only affects Windows, on which we dont run # github.com/nwaples/rardecode/v2 'CVE-2025-11579', # rardecode is version 2.2.1, not vulnerable ] diff --git a/bypy/sources.json b/bypy/sources.json index c09446188..79dfa03c4 100644 --- a/bypy/sources.json +++ b/bypy/sources.json @@ -202,11 +202,11 @@ }, { - "name": "glib 2.82.5", + "name": "glib 2.86.3", "os": "linux", "unix": { "file_extension": "tar.xz", - "hash": "sha256:05c2031f9bdf6b5aba7a06ca84f0b4aced28b19bf1b50c6ab25cc675277cbc3f", + "hash": "sha256:b3211d8d34b9df5dca05787ef0ad5d7ca75dec998b970e1aab0001d229977c65", "urls": ["https://download.gnome.org/sources/glib/{version_except_last}/{filename}"] } },