False Security
I got bitten yesterday by a PR submitted by Orbis Security that was a one line change that actually did nothing but was used to trumpet what an amazing fix it was for a blog article which was also full of inaccuracies.
The PR was useful though as it show that the supposed fix was in a function that was never called. I removed it this morning.
The PR if anyone is interested is https://github.com/ohler55/oj/pull/1011 I was contacted by the submitter and they apologized and removed the blog entry. It was AI generated. It was nice to see they were upstanding enough to correct it. That's a plus in my book. it is good to hear that they at least admitted to it and complied. that's just obnoxious, do you have a link to the article they created about it? Well, blog entry is still there at https://orbisappsec.com/blog/critical-buffer-overflow-in-ojs... but it is total nonsense and a hallucination.