<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>+Hans, I believe he packaged the visual studio plugin this seems
to come from.<br>
</p>
<br>
<div class="moz-cite-prefix">Am 17.10.2018 um 07:00 schrieb Will
Dietz via cfe-dev:<br>
</div>
<blockquote type="cite"
cite="mid:CAKGWAO9GcAU-PCBJt3YHGK=tc=Q4ipqLpWviP=9XWy+yBBzOKw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="auto">
<div>Hi folks, haven't looked into it but thought I'd forward
this in case it's useful and worth acting on. Apologies if
entirely noise, but better safe than sorry :).</div>
<div dir="auto"><br>
</div>
<div dir="auto">Happy LLVM-ing,</div>
<div dir="auto">~Will<br>
<br>
<div class="gmail_quote" dir="auto">
<div dir="ltr">---------- Forwarded message ---------<br>
From: <strong class="gmail_sendername" dir="auto">GitHub</strong>
<span dir="ltr"><<a
href="mailto:notifications@github.com"
moz-do-not-send="true">notifications@github.com</a>></span><br>
Date: Tue, Oct 16, 2018, 12:02 PM<br>
Subject: [llvm-mirror/clang-tools-extra] One of your
dependencies may have a security vulnerability<br>
To: llvm-mirror/clang-tools-extra <<a
href="mailto:clang-tools-extra@noreply.github.com"
moz-do-not-send="true">clang-tools-extra@noreply.github.com</a>><br>
Cc: Security alert <<a
href="mailto:security_alert@noreply.github.com"
moz-do-not-send="true">security_alert@noreply.github.com</a>><br>
</div>
<br>
<br>
<div
style="margin:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe
UI Emoji','Segoe UI
Symbol';color:#24292e;height:100%!important;line-height:1.5;font-size:14px;padding:0;width:100%!important;background-color:#fff">
<table class="m_7413189149406926625body"
style="box-sizing:border-box;border-collapse:separate!important;width:100%;background-color:#fff"
bgcolor="#fff" width="100%">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color
Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top"
valign="top"><br>
</td>
<td class="m_7413189149406926625container"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color
Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top;display:block;margin:0
auto!important;max-width:580px;padding:24px;width:580px" valign="top"
width="580">
<div class="m_7413189149406926625content"
style="box-sizing:border-box;display:block;margin:0
auto;max-width:580px"> <span
class="m_7413189149406926625preheader"
style="color:transparent;display:none;height:0;max-height:0;max-width:0;opacity:0;overflow:hidden;width:0">We
found a potential security vulnerabilty in one
of your dependencies</span>
<div class="m_7413189149406926625header"
style="box-sizing:border-box;width:100%;padding-top:8px;padding-bottom:8px;margin-bottom:16px;border-bottom:1px
solid #eee">
<table
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
width="100%">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe
UI
Symbol';font-size:14px;vertical-align:top"
valign="top"> <a
href="https://github.com"
style="box-sizing:border-box;color:#0366d6;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true"> <img
src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png"
alt="GitHub"
style="max-width:100%"
moz-do-not-send="true" height="21"
width="76"> </a> </td>
<td
class="m_7413189149406926625text-right"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe
UI
Symbol';font-size:14px;vertical-align:top;text-align:right!important"
valign="top" align="right !important">
<a href="https://github.com/login"
class="m_7413189149406926625link-gray-dark"
style="box-sizing:border-box;text-decoration:none;color:#24292e!important"
target="_blank" rel="noreferrer"
moz-do-not-send="true">Sign in</a> </td>
</tr>
</tbody>
</table>
</div>
<strong class="m_7413189149406926625d-block
m_7413189149406926625mb-1"
style="margin-bottom:4px!important;display:block!important">dtzWill,</strong>
<p class="m_7413189149406926625mb-3"
style="font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color
Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;font-weight:normal;line-height:1.5;margin:0;margin-bottom:16px!important">We
found a potential security vulnerability in a
repository for which you have been granted
security alert access.</p>
<table
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td
class="m_7413189149406926625v-align-middle"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:middle!important;width:28px"
valign="middle !important" width="28"> <img
class="m_7413189149406926625rounded-1
m_7413189149406926625d-inline-block"
src="https://avatars0.githubusercontent.com/u/1386314?s=56&v=4"
alt="@llvm-mirror"
moz-do-not-send="true" height="28"
width="28"> </td>
<td
class="m_7413189149406926625v-align-middle
m_7413189149406926625px-2
m_7413189149406926625lh-condensed"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:middle!important;padding-right:8px!important;padding-left:8px!important;line-height:1.25!important"
valign="middle !important"> <a
href="https://github.com/llvm-mirror/clang-tools-extra"
class="m_7413189149406926625h5
m_7413189149406926625mb-0"
style="box-sizing:border-box;color:#0366d6;text-decoration:none;margin-bottom:0!important;font-size:14px!important;font-weight:600!important"
target="_blank" rel="noreferrer"
moz-do-not-send="true">
llvm-mirror/clang-tools-extra </a> </td>
</tr>
<tr>
<td
class="m_7413189149406926625v-align-middle
m_7413189149406926625pt-1" colspan="2"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:middle!important;padding-top:4px!important"
valign="middle !important">
<table
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
cellspacing="0" cellpadding="0"
width="100%">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI
Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top"
valign="top"> Known <strong>
high severity</strong>
security vulnerability detected
in <code
class="m_7413189149406926625text-bold
m_7413189149406926625no-wrap"
style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation
Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">YamlDotNet
<= 4.3.2</code> defined in
<a
href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config"
target="_blank"
rel="noreferrer"
moz-do-not-send="true"><code
class="m_7413189149406926625text-bold
m_7413189149406926625no-wrap"
style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation
Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">packages.config</code></a>.
</td>
</tr>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI
Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top"
valign="top"> <a
href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config"
target="_blank"
rel="noreferrer"
moz-do-not-send="true"><code
class="m_7413189149406926625text-bold
m_7413189149406926625no-wrap"
style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation
Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">packages.config</code></a>
update suggested: <code
class="m_7413189149406926625text-bold
m_7413189149406926625no-wrap"
style="word-break:break-word;word-wrap:break-word;font-family:'SFMono-Regular',Consolas,'Liberation
Mono',Menlo,Courier,monospace;font-size:13px;font-weight:600!important;white-space:nowrap!important">YamlDotNet
~> 5.0.0</code>. </td>
</tr>
<tr>
<td
style="padding-top:6px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI
Emoji','Segoe UI
Symbol';font-size:12px;color:#6a737d;font-style:italic;vertical-align:top"
valign="top"> Always verify the
validity and compatibility of
suggestions with your codebase.
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table
class="m_7413189149406926625divider-wrapper"
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
width="100%">
<tbody>
<tr>
<td
class="m_7413189149406926625divider-spacer"
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top;padding:20px 0" valign="top">
<table
class="m_7413189149406926625divider
m_7413189149406926625divider-"
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
cellspacing="0" cellpadding="0"
width="100%">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI
Emoji','Segoe UI
Symbol';vertical-align:top;font-size:0;border-top:1px
solid
#e1e4e8;line-height:0;height:1px;margin:0;padding:0"
valign="top"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table class="m_7413189149406926625button
m_7413189149406926625button-primary"
style="box-sizing:border-box;border-collapse:separate!important;width:100%"
cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top" valign="top" align="">
<table
style="box-sizing:border-box;border-collapse:separate!important;width:auto"
cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI
Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top;background-color:#0366d6;border-radius:5px;text-align:center"
valign="top" bgcolor="#0366d6"
align="center"> <a
href="https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open"
style="box-sizing:border-box;border-color:#0366d6;text-decoration:none;background-color:#0366d6;border:solid
1px
#0366d6;border-radius:5px;color:#ffffff;display:inline-block;font-size:14px;font-weight:bold;margin:0;padding:10px
20px" target="_blank"
rel="noreferrer"
moz-do-not-send="true">Review
vulnerable dependency</a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<div class="m_7413189149406926625footer"
style="box-sizing:border-box;clear:both;width:100%">
<hr class="m_7413189149406926625footer-hr"
style="height:0;overflow:visible;margin-top:24px;border:0;border-top:1px
solid
#e1e4e8;color:#959da5;font-size:12px;line-height:18px;margin-bottom:30px">
<div class="m_7413189149406926625footer-links"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px">
<p class="m_7413189149406926625footer-text"
style="font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-weight:normal;margin:0;margin-bottom:15px;color:#959da5;font-size:12px;line-height:18px">
</p>
<p
style="padding-top:6px;box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple
Color Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:12px;color:#959da5;vertical-align:top"
valign="top"> Only users who have been
assigned access to security alerts will
receive these notifications. </p>
<a
href="https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true"> Unsubscribe </a>
· <a
href="https://github.com/settings/emails"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true">Email preferences</a>
· <a
href="https://help.github.com/articles/github-terms-of-service/"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true">Terms</a> · <a
href="https://help.github.com/articles/github-privacy-policy/"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true">Privacy</a> · <a
href="https://github.com/login"
style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none"
target="_blank" rel="noreferrer"
moz-do-not-send="true">Sign into GitHub</a>
</div>
<p class="m_7413189149406926625footer-text"
style="font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color
Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-weight:normal;margin:0;margin-bottom:15px;color:#959da5;font-size:12px;line-height:18px">GitHub,
Inc. <br
style="color:#959da5;font-size:12px;line-height:18px">
88 Colin P Kelly Jr St. <br
style="color:#959da5;font-size:12px;line-height:18px">
San Francisco, CA 94107</p>
</div>
</div>
</td>
<td
style="box-sizing:border-box;font-family:-apple-system,BlinkMacSystemFont,'Segoe
UI',Helvetica,Arial,sans-serif,'Apple Color
Emoji','Segoe UI Emoji','Segoe UI
Symbol';font-size:14px;vertical-align:top"
valign="top"><br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>