| Age | Commit message (Collapse) | Author |
|---|
|
Closes #10086
Authored by: bashonly
|
|
Authored by: seproDev
Reviewed-by: bashonly <88596187+bashonly@users.noreply.github.com>
Reviewed-by: Simon Sawicki <contact@grub4k.xyz>
|
|
Authored by: bashonly, pukkandan, seproDev, Grub4K
Co-authored-by: bashonly <bashonly@protonmail.com>
Co-authored-by: pukkandan <pukkandan.ytdlp@gmail.com>
Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
|
|
- Only use trusted publishing with PyPI and remove support for PyPI tokens from release workflow
- Clean up improper actions syntax in the build workflow inputs
- Refactor Updater to allow for consistent unit testing with `UPDATE_SOURCES`
Authored by: bashonly
|
|
Closes #7803
Authored by: bashonly
|
|
Authored by: bashonly
|
|
Co-authored-by: shirtjs <2660574+shirtjs@users.noreply.github.com> (shirt-dev)
Co-authored-by: pukkandan <pukkandan@gmail.com>
|
|
to avoid using same folder when using pip install for example
|
|
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3. Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.
The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
|
