yuzhongqi

Issue Description: The cocoapods-downloader package before version 1.6.0, and versions 1.6.2 through 1.6.3, is vulnerable to command injection when using git. Specifically, the Pod::Downloader.preprocess_options function passes both the git and...

Description Summary A local file disclosure vulnerability has been identified in Active Support, affecting versions 5.2.0 and later. The issue is tracked under CVE-2023-38037. Impact ActiveSupport::EncryptedFile writes data that is...

📝 Description Summary The tzinfo gem versions prior to 1.2.10 are vulnerable to an arbitrary file loading issue when used with the Ruby data source (tzinfo-data). The vulnerability allows malicious...

Description Summary The REXML gem versions prior to 3.3.6 contain a Denial of Service (DoS) vulnerability when parsing deeply nested XML documents that have elements with the same local name...

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public...

Description: The package prior to v1.11.0 is vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed...

[Xcode 26] Build time regression in Azure pipeline: 15 mins → 40+ mins with xcode@5

24

### Description After upgrading from Xcode 16.1 to Xcode 26.0, the build step using xcode@5 in our Azure pipeline has experienced a significant regression. With Xcode 16.1, the build consistently...