<div dir="ltr">This is from the clang-tidy plugin that Zach wrote (clang-tools-extra/clang-tidy-vs/ClangTidy/).<div><br></div><div>I haven't published any packages for that, in fact I'm not sure where it is published.</div><div><br></div><div>Zach: is this still maintained or should we remove it, or update the YamlDotNet dependency?</div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>+Hans, I believe he packaged the visual studio plugin this seems
      to come from.<br>
    </p><div><div class="h5">
    <br>
    <div>Am 17.10.2018 um 07:00 schrieb Will
      Dietz via cfe-dev:<br>
    </div>
    </div></div><blockquote type="cite"><div><div class="h5">
      
      <div dir="auto">
        <div>Hi folks, haven't looked into it but thought I'd forward
          this in case it's useful and worth acting on.  Apologies if
          entirely noise, but better safe than sorry :).</div>
        <div dir="auto"><br>
        </div>
        <div dir="auto">Happy LLVM-ing,</div>
        <div dir="auto">~Will<br>
          <br>
          <div class="gmail_quote" dir="auto">
            <div dir="ltr">---------- Forwarded message ---------<br>
              From: <strong class="gmail_sendername" dir="auto">GitHub</strong>
              <span dir="ltr"><<a href="mailto:notifications@github.com" target="_blank">notifications@github.com</a>></span><br>
              Date: Tue, Oct 16, 2018, 12:02 PM<br>
              Subject: [llvm-mirror/clang-tools-<wbr>extra] One of your
              dependencies may have a security vulnerability<br>
              To: llvm-mirror/clang-tools-extra <<a href="mailto:clang-tools-extra@noreply.github.com" target="_blank">clang-tools-extra@noreply.<wbr>github.com</a>><br>
              Cc: Security alert <<a href="mailto:security_alert@noreply.github.com" target="_blank">security_alert@noreply.<wbr>github.com</a>><br>
            </div>
            <br>
            <br>
            <div>
              <table style="box-sizing:border-box;border-collapse:separate!important;width:100%;background-color:#fff" bgcolor="#fff" width="100%">
                <tbody>
                  <tr>
                    <td valign="top"><br>
                    </td>
                    <td valign="top" width="580">
                      <div style="box-sizing:border-box;display:block;margin:0 auto;max-width:580px"> <span style="color:transparent;display:none;height:0;max-height:0;max-width:0;opacity:0;overflow:hidden;width:0">We
                          found a potential security vulnerabilty in one
                          of your dependencies</span>
                        <div style="box-sizing:border-box;width:100%;padding-top:8px;padding-bottom:8px;margin-bottom:16px;border-bottom:1px solid #eee">
                          <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
                            <tbody>
                              <tr>
                                <td valign="top"> <a href="https://github.com" style="box-sizing:border-box;color:#0366d6;text-decoration:none" rel="noreferrer" target="_blank"> <img src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png" alt="GitHub" style="max-width:100%" height="21" width="76"> </a> </td>
                                <td valign="top" align="right !important">
                                  <a href="https://github.com/login" style="box-sizing:border-box;text-decoration:none;color:#24292e!important" rel="noreferrer" target="_blank">Sign in</a> </td>
                              </tr>
                            </tbody>
                          </table>
                        </div>
                        <strong style="margin-bottom:4px!important;display:block!important">dtzWill,</strong>
                        <p>We
                          found a potential security vulnerability in a
                          repository for which you have been granted
                          security alert access.</p>
                        <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
                          <tbody>
                            <tr>
                              <td valign="middle !important" width="28"> <img src="https://avatars0.githubusercontent.com/u/1386314?s=56&v=4" alt="@llvm-mirror" height="28" width="28"> </td>
                              <td valign="middle !important"> <a href="https://github.com/llvm-mirror/clang-tools-extra" style="box-sizing:border-box;color:#0366d6;text-decoration:none;margin-bottom:0!important;font-size:14px!important;font-weight:600!important" rel="noreferrer" target="_blank">
                                  llvm-mirror/clang-tools-extra </a> </td>
                            </tr>
                            <tr>
                              <td colspan="2" valign="middle !important">
                                <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
                                  <tbody>
                                    <tr>
                                      <td valign="top"> Known <strong>
                                          high severity</strong>
                                        security vulnerability detected
                                        in <code>YamlDotNet
                                          <= 4.3.2</code> defined in
                                        <a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" rel="noreferrer" target="_blank"><code>packages.config</code></a>.
                                      </td>
                                    </tr>
                                    <tr>
                                      <td valign="top"> <a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" rel="noreferrer" target="_blank"><code>packages.config</code></a>
                                        update suggested: <code>YamlDotNet
                                          ~> 5.0.0</code>. </td>
                                    </tr>
                                    <tr>
                                      <td valign="top"> Always verify the
                                        validity and compatibility of
                                        suggestions with your codebase.
                                      </td>
                                    </tr>
                                  </tbody>
                                </table>
                              </td>
                            </tr>
                          </tbody>
                        </table>
                        <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
                          <tbody>
                            <tr>
                              <td valign="top">
                                <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
                                  <tbody>
                                    <tr>
                                      <td valign="top"><br>
                                      </td>
                                    </tr>
                                  </tbody>
                                </table>
                              </td>
                            </tr>
                          </tbody>
                        </table>
                        <table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
                          <tbody>
                            <tr>
                              <td valign="top" align="">
                                <table style="box-sizing:border-box;border-collapse:separate!important;width:auto" cellspacing="0" cellpadding="0">
                                  <tbody>
                                    <tr>
                                      <td valign="top" bgcolor="#0366d6" align="center"> <a href="https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open" style="box-sizing:border-box;border-color:#0366d6;text-decoration:none;background-color:#0366d6;border:solid 1px #0366d6;border-radius:5px;color:#ffffff;display:inline-block;font-size:14px;font-weight:bold;margin:0;padding:10px 20px" rel="noreferrer" target="_blank">Review
                                          vulnerable dependency</a> </td>
                                    </tr>
                                  </tbody>
                                </table>
                              </td>
                            </tr>
                          </tbody>
                        </table>
                        <div style="box-sizing:border-box;clear:both;width:100%">
                          <hr style="height:0;overflow:visible;margin-top:24px;border:0;border-top:1px solid #e1e4e8;color:#959da5;font-size:12px;line-height:18px;margin-bottom:30px">
                          <div style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px">
                            <p>
                            </p>
                            <p valign="top"> Only users who have been
                              assigned access to security alerts will
                              receive these notifications. </p>
                            <a href="https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank"> Unsubscribe </a>
                            · <a href="https://github.com/settings/emails" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Email preferences</a>
                            · <a href="https://help.github.com/articles/github-terms-of-service/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Terms</a> · <a href="https://help.github.com/articles/github-privacy-policy/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Privacy</a> · <a href="https://github.com/login" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Sign into GitHub</a>
                          </div>
                          <p>GitHub,
                            Inc. <br style="color:#959da5;font-size:12px;line-height:18px">
                            88 Colin P Kelly Jr St. <br style="color:#959da5;font-size:12px;line-height:18px">
                            San Francisco, CA 94107</p>
                        </div>
                      </div>
                    </td>
                    <td valign="top"><br>
                    </td>
                  </tr>
                </tbody>
              </table>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>______________________________<wbr>_________________
cfe-dev mailing list
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a>
</pre>
    </blockquote>
    <br>
  </div>

<br>______________________________<wbr>_________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div></div>