<div dir="auto"><div>Hi folks, haven't looked into it but thought I'd forward this in case it's useful and worth acting on. Apologies if entirely noise, but better safe than sorry :).</div><div dir="auto"><br></div><div dir="auto">Happy LLVM-ing,</div><div dir="auto">~Will<br><br><div class="gmail_quote" dir="auto"><div dir="ltr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">GitHub</strong> <span dir="ltr"><<a href="mailto:notifications@github.com">notifications@github.com</a>></span><br>Date: Tue, Oct 16, 2018, 12:02 PM<br>Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability<br>To: llvm-mirror/clang-tools-extra <<a href="mailto:clang-tools-extra@noreply.github.com">clang-tools-extra@noreply.github.com</a>><br>Cc: Security alert <<a href="mailto:security_alert@noreply.github.com">security_alert@noreply.github.com</a>><br></div><br><br><u></u>
<div style="margin:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';color:#24292e;height:100%!important;line-height:1.5;font-size:14px;padding:0;width:100%!important;background-color:#fff">
<table class="m_7413189149406926625body" style="box-sizing:border-box;border-collapse:separate!important;width:100%;background-color:#fff" width="100%" bgcolor="#fff">
<tbody><tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top"></td>
<td class="m_7413189149406926625container" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top;display:block;margin:0 auto!important;max-width:580px;padding:24px;width:580px" width="580" valign="top">
<div class="m_7413189149406926625content" style="box-sizing:border-box;display:block;margin:0 auto;max-width:580px">
<span class="m_7413189149406926625preheader" style="color:transparent;display:none;height:0;max-height:0;max-width:0;opacity:0;overflow:hidden;width:0">We found a potential security vulnerabilty in one of your dependencies</span>
<div class="m_7413189149406926625header" style="box-sizing:border-box;width:100%;padding-top:8px;padding-bottom:8px;margin-bottom:16px;border-bottom:1px solid #eee">
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top">
<a href="https://github.com" style="box-sizing:border-box;color:#0366d6;text-decoration:none" target="_blank" rel="noreferrer">
<img src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png" width="76" height="21" alt="GitHub" style="max-width:100%">
</a>
</td>
<td class="m_7413189149406926625text-right" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top;text-align:right!important" align="right !important" valign="top">
<a href="https://github.com/login" class="m_7413189149406926625link-gray-dark" style="box-sizing:border-box;text-decoration:none;color:#24292e!important" target="_blank" rel="noreferrer">Sign in</a>
</td>
</tr>
</tbody></table>
</div>
<strong class="m_7413189149406926625d-block m_7413189149406926625mb-1" style="margin-bottom:4px!important;display:block!important">dtzWill,</strong>
<p class="m_7413189149406926625mb-3" style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;font-weight:normal;line-height:1.5;margin:0;margin-bottom:16px!important">We found a potential security vulnerability in a repository for which you have been granted security alert access.</p>
<table cellpadding="0" cellspacing="0" style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td class="m_7413189149406926625v-align-middle" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:middle!important;width:28px" width="28" valign="middle !important">
<img class="m_7413189149406926625rounded-1 m_7413189149406926625d-inline-block" src="https://avatars0.githubusercontent.com/u/1386314?s=56&v=4" width="28" height="28" alt="@llvm-mirror">
</td>
<td class="m_7413189149406926625v-align-middle m_7413189149406926625px-2 m_7413189149406926625lh-condensed" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:middle!important;padding-right:8px!important;padding-left:8px!important;line-height:1.25!important" valign="middle !important">
<a href="https://github.com/llvm-mirror/clang-tools-extra" class="m_7413189149406926625h5 m_7413189149406926625mb-0" style="box-sizing:border-box;color:#0366d6;text-decoration:none;margin-bottom:0!important;font-size:14px!important;font-weight:600!important" target="_blank" rel="noreferrer">
llvm-mirror/clang-tools-extra
</a>
</td>
</tr>
<tr>
<td class="m_7413189149406926625v-align-middle m_7413189149406926625pt-1" colspan="2" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:middle!important;padding-top:4px!important" valign="middle !important">
<table cellpadding="0" cellspacing="0" style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top">
Known <strong> high severity</strong> security vulnerability detected in <code class="m_7413189149406926625text-bold m_7413189149406926625no-wrap" style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">YamlDotNet <= 4.3.2</code> defined in <a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" target="_blank" rel="noreferrer"><code class="m_7413189149406926625text-bold m_7413189149406926625no-wrap" style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">packages.config</code></a>.
</td>
</tr>
<tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top">
<a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" target="_blank" rel="noreferrer"><code class="m_7413189149406926625text-bold m_7413189149406926625no-wrap" style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">packages.config</code></a> update suggested: <code class="m_7413189149406926625text-bold m_7413189149406926625no-wrap" style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">YamlDotNet ~> 5.0.0</code>.
</td>
</tr>
<tr>
<td style="padding-top:6px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:12px;color:#6a737d;font-style:italic;vertical-align:top" valign="top">
Always verify the validity and compatibility of suggestions with your codebase.
</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
<table class="m_7413189149406926625divider-wrapper" style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td class="m_7413189149406926625divider-spacer" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top;padding:20px 0" valign="top">
<table class="m_7413189149406926625divider m_7413189149406926625divider-" cellpadding="0" cellspacing="0" style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';vertical-align:top;font-size:0;border-top:1px solid #e1e4e8;line-height:0;height:1px;margin:0;padding:0" valign="top"></td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
<table class="m_7413189149406926625button m_7413189149406926625button-primary" cellpadding="0" cellspacing="0" style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody><tr>
<td align="" style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top">
<table cellpadding="0" cellspacing="0" style="box-sizing:border-box;border-collapse:separate!important;width:auto">
<tbody><tr>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top;background-color:#0366d6;border-radius:5px;text-align:center" valign="top" bgcolor="#0366d6" align="center">
<a href="https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open" style="box-sizing:border-box;border-color:#0366d6;text-decoration:none;background-color:#0366d6;border:solid 1px #0366d6;border-radius:5px;color:#ffffff;display:inline-block;font-size:14px;font-weight:bold;margin:0;padding:10px 20px" target="_blank" rel="noreferrer">Review vulnerable dependency</a>
</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
<div class="m_7413189149406926625footer" style="box-sizing:border-box;clear:both;width:100%">
<hr class="m_7413189149406926625footer-hr" style="height:0;overflow:visible;margin-top:24px;border:0;border-top:1px solid #e1e4e8;color:#959da5;font-size:12px;line-height:18px;margin-bottom:30px">
<div class="m_7413189149406926625footer-links" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px">
<p class="m_7413189149406926625footer-text" style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-weight:normal;margin:0;margin-bottom:15px;color:#959da5;font-size:12px;line-height:18px">
</p><p style="padding-top:6px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:12px;color:#959da5;vertical-align:top" valign="top">
Only users who have been assigned access to security alerts will receive these notifications.
</p>
<a href="https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" target="_blank" rel="noreferrer">
<u></u>Unsubscribe<u></u>
</a> ·
<a href="https://github.com/settings/emails" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" target="_blank" rel="noreferrer">Email preferences</a> ·
<a href="https://help.github.com/articles/github-terms-of-service/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" target="_blank" rel="noreferrer">Terms</a> ·
<a href="https://help.github.com/articles/github-privacy-policy/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" target="_blank" rel="noreferrer">Privacy</a> ·
<a href="https://github.com/login" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" target="_blank" rel="noreferrer">Sign into GitHub</a>
<p></p>
</div>
<p class="m_7413189149406926625footer-text" style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-weight:normal;margin:0;margin-bottom:15px;color:#959da5;font-size:12px;line-height:18px">GitHub, Inc.
<br style="color:#959da5;font-size:12px;line-height:18px"> 88 Colin P Kelly Jr St.
<br style="color:#959da5;font-size:12px;line-height:18px"> San Francisco, CA 94107</p>
</div>
</div>
</td>
<td style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';font-size:14px;vertical-align:top" valign="top"></td>
</tr>
</tbody></table>
</div>
</div></div></div>