[cfe-dev] Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
Zachary Turner via cfe-dev
cfe-dev at lists.llvm.org
Fri Oct 26 01:52:09 PDT 2018
Someone else told me about this recently too. Let's delete this from the
On Fri, Oct 26, 2018 at 1:45 AM Hans Wennborg <hans at chromium.org> wrote:
> This is from the clang-tidy plugin that Zach wrote
> I haven't published any packages for that, in fact I'm not sure where it
> is published.
> Zach: is this still maintained or should we remove it, or update the
> YamlDotNet dependency?
> On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>> +Hans, I believe he packaged the visual studio plugin this seems to come
>> Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
>> Hi folks, haven't looked into it but thought I'd forward this in case
>> it's useful and worth acting on. Apologies if entirely noise, but better
>> safe than sorry :).
>> Happy LLVM-ing,
>> ---------- Forwarded message ---------
>> From: GitHub <notifications at github.com>
>> Date: Tue, Oct 16, 2018, 12:02 PM
>> Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may
>> have a security vulnerability
>> To: llvm-mirror/clang-tools-extra <clang-tools-extra at noreply.github.com>
>> Cc: Security alert <security_alert at noreply.github.com>
>> We found a potential security vulnerabilty in one of your dependencies
>> [image: GitHub] <https://github.com> Sign in <https://github.com/login>
>> We found a potential security vulnerability in a repository for which you
>> have been granted security alert access.
>> [image: @llvm-mirror] llvm-mirror/clang-tools-extra
>> Known * high severity* security vulnerability detected in YamlDotNet <=
>> 4.3.2 defined in packages.config
>> update suggested: YamlDotNet ~> 5.0.0.
>> Always verify the validity and compatibility of suggestions with your
>> Review vulnerable dependency
>> Only users who have been assigned access to security alerts will receive
>> these notifications.
>> · Email preferences <https://github.com/settings/emails> · Terms
>> <https://help.github.com/articles/github-terms-of-service/> · Privacy
>> <https://help.github.com/articles/github-privacy-policy/> · Sign into
>> GitHub <https://github.com/login>
>> GitHub, Inc.
>> 88 Colin P Kelly Jr St.
>> San Francisco, CA 94107
>> cfe-dev mailing listcfe-dev at lists.llvm.orghttp://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-dev