rick/LEDMatrix
1
0
Fork 0
mirror of https://github.com/ChuckBuilds/LEDMatrix.git synced 2026-05-15 18:03:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c8dfeb48c548ea078eee16f7d429f254a424596
LEDMatrix/plugin-repos/march-madness
History
Chuck 6a99fbdd90 fix(deps): bump minimum versions to address CVEs 
Pillow 10.4.0 → 12.2.0: CVE-2026-40192 (DoS via FITS decompression bomb),
CVE-2026-25990 (OOB write via PSD image), CVE-2026-42311/42308/42310

requests 2.32.0 → 2.33.0: CVE-2026-25645 (temp file security bypass),
CVE-2024-47081 (.netrc credentials leak)

werkzeug 3.0.0 → 3.1.6: CVE-2023-46136, CVE-2024-49766/49767,
CVE-2025-66221, CVE-2026-21860/27199 (DoS, path traversal, safe_join bypass)

Flask 3.0.0 → 3.1.3: CVE-2026-27205 (session data caching info disclosure)

spotipy 2.24.0 → 2.25.2: CVE-2025-27154, CVE-2025-66040

python-socketio 5.11.0 → 5.14.0: CVE-2025-61765

pytest 7.4.0 → 9.0.3: CVE-2025-71176 (insecure temp dir handling)

Updated in requirements.txt, web_interface/requirements.txt,
plugin-repos/starlark-apps/requirements.txt, and
plugin-repos/march-madness/requirements.txt.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 10:13:36 -04:00
..
config_schema.json
feat(march-madness): add NCAA tournament plugin and round logos (#263)
2026-02-24 18:32:22 -05:00
manager.py
fix(web): render file-upload drop zone for string-type config fields (#271)
2026-02-24 20:12:31 -05:00
manifest.json
feat(march-madness): add NCAA tournament plugin and round logos (#263)
2026-02-24 18:32:22 -05:00
requirements.txt
fix(deps): bump minimum versions to address CVEs
2026-05-14 10:13:36 -04:00