fix(security): Address CodeQL Uncontrolled Data in Path Expression vulnerability #160531
Conversation
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: MUSTAPHA BARKI <[email protected]>
Potential fix for code scanning alert no. 2: Code injection
Bumps the npm_and_yarn group with 1 update in the /mlir/utils/vscode directory: [tmp](https://github.com/raszi/node-tmp). Updates `tmp` from 0.2.1 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.5) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…/vscode/npm_and_yarn-eda7ca5f0b Bump tmp from 0.2.1 to 0.2.5 in /mlir/utils/vscode in the npm_and_yarn group across 1 directory
Signed-off-by: MUSTAPHA BARKI <[email protected]>
Create dependabot.yml
…in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: MUSTAPHA BARKI <[email protected]>
|
Thank you for submitting a Pull Request (PR) to the LLVM Project! This PR will be automatically labeled and the relevant teams will be notified. If you wish to, you can add reviewers by using the "Reviewers" section on this page. If this is not working for you, it is probably because you do not have write permissions for the repository. In which case you can instead tag reviewers by name in a comment by using If you have received no comments on your PR for a week, you can request a review by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate is once a week. Please remember that you are asking for valuable time from other developers. If you have further questions, they may be answered by the LLVM GitHub User Guide. You can also ask questions in a comment on this PR, on the LLVM Discord or on the forums. |
No description provided.