<div dir="ltr">Someone else told me about this recently too. Let's delete this from the repository.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Oct 26, 2018 at 1:45 AM Hans Wennborg <<a href="mailto:hans@chromium.org">hans@chromium.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This is from the clang-tidy plugin that Zach wrote (clang-tools-extra/clang-tidy-vs/ClangTidy/).<div><br></div><div>I haven't published any packages for that, in fact I'm not sure where it is published.</div><div><br></div><div>Zach: is this still maintained or should we remove it, or update the YamlDotNet dependency?</div></div><div dir="ltr"><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>+Hans, I believe he packaged the visual studio plugin this seems
to come from.<br>
</p><div><div class="m_984286739502359970h5">
<br>
<div>Am 17.10.2018 um 07:00 schrieb Will
Dietz via cfe-dev:<br>
</div>
</div></div><blockquote type="cite"><div><div class="m_984286739502359970h5">
<div dir="auto">
<div>Hi folks, haven't looked into it but thought I'd forward
this in case it's useful and worth acting on. Apologies if
entirely noise, but better safe than sorry :).</div>
<div dir="auto"><br>
</div>
<div dir="auto">Happy LLVM-ing,</div>
<div dir="auto">~Will<br>
<br>
<div class="gmail_quote" dir="auto">
<div dir="ltr">---------- Forwarded message ---------<br>
From: <strong class="gmail_sendername" dir="auto">GitHub</strong>
<span dir="ltr"><<a href="mailto:notifications@github.com" target="_blank">notifications@github.com</a>></span><br>
Date: Tue, Oct 16, 2018, 12:02 PM<br>
Subject: [llvm-mirror/clang-tools-extra] One of your
dependencies may have a security vulnerability<br>
To: llvm-mirror/clang-tools-extra <<a href="mailto:clang-tools-extra@noreply.github.com" target="_blank">clang-tools-extra@noreply.github.com</a>><br>
Cc: Security alert <<a href="mailto:security_alert@noreply.github.com" target="_blank">security_alert@noreply.github.com</a>><br>
</div>
<br>
<br>
<div>
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%;background-color:#fff" bgcolor="#fff" width="100%">
<tbody>
<tr>
<td valign="top"><br>
</td>
<td valign="top" width="580">
<div style="box-sizing:border-box;display:block;margin:0 auto;max-width:580px"> <span style="color:transparent;display:none;height:0;max-height:0;max-width:0;opacity:0;overflow:hidden;width:0">We
found a potential security vulnerabilty in one
of your dependencies</span>
<div style="box-sizing:border-box;width:100%;padding-top:8px;padding-bottom:8px;margin-bottom:16px;border-bottom:1px solid #eee">
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody>
<tr>
<td valign="top"> <a href="https://github.com" style="box-sizing:border-box;color:#0366d6;text-decoration:none" rel="noreferrer" target="_blank"> <img src="https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png" alt="GitHub" style="max-width:100%" height="21" width="76"> </a> </td>
<td valign="top" align="right !important">
<a href="https://github.com/login" style="box-sizing:border-box;text-decoration:none;color:#24292e!important" rel="noreferrer" target="_blank">Sign in</a> </td>
</tr>
</tbody>
</table>
</div>
<strong style="margin-bottom:4px!important;display:block!important">dtzWill,</strong>
<p>We
found a potential security vulnerability in a
repository for which you have been granted
security alert access.</p>
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td valign="middle !important" width="28"> <img src="https://avatars0.githubusercontent.com/u/1386314?s=56&v=4" alt="@llvm-mirror" height="28" width="28"> </td>
<td valign="middle !important"> <a href="https://github.com/llvm-mirror/clang-tools-extra" style="box-sizing:border-box;color:#0366d6;text-decoration:none;margin-bottom:0!important;font-size:14px!important;font-weight:600!important" rel="noreferrer" target="_blank">
llvm-mirror/clang-tools-extra </a> </td>
</tr>
<tr>
<td colspan="2" valign="middle !important">
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td valign="top"> Known <strong>
high severity</strong>
security vulnerability detected
in <code>YamlDotNet
<= 4.3.2</code> defined in
<a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" rel="noreferrer" target="_blank"><code>packages.config</code></a>.
</td>
</tr>
<tr>
<td valign="top"> <a href="https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config" rel="noreferrer" target="_blank"><code>packages.config</code></a>
update suggested: <code>YamlDotNet
~> 5.0.0</code>. </td>
</tr>
<tr>
<td valign="top"> Always verify the
validity and compatibility of
suggestions with your codebase.
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" width="100%">
<tbody>
<tr>
<td valign="top">
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td valign="top"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table style="box-sizing:border-box;border-collapse:separate!important;width:100%" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td valign="top" align="">
<table style="box-sizing:border-box;border-collapse:separate!important;width:auto" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" bgcolor="#0366d6" align="center"> <a href="https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open" style="box-sizing:border-box;border-color:#0366d6;text-decoration:none;background-color:#0366d6;border:solid 1px #0366d6;border-radius:5px;color:#ffffff;display:inline-block;font-size:14px;font-weight:bold;margin:0;padding:10px 20px" rel="noreferrer" target="_blank">Review
vulnerable dependency</a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<div style="box-sizing:border-box;clear:both;width:100%">
<hr style="height:0;overflow:visible;margin-top:24px;border:0;border-top:1px solid #e1e4e8;color:#959da5;font-size:12px;line-height:18px;margin-bottom:30px">
<div style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px">
<p>
</p>
<p valign="top"> Only users who have been
assigned access to security alerts will
receive these notifications. </p>
<a href="https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank"> Unsubscribe </a>
· <a href="https://github.com/settings/emails" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Email preferences</a>
· <a href="https://help.github.com/articles/github-terms-of-service/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Terms</a> · <a href="https://help.github.com/articles/github-privacy-policy/" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Privacy</a> · <a href="https://github.com/login" style="box-sizing:border-box;color:#959da5;font-size:12px;line-height:18px;text-decoration:none" rel="noreferrer" target="_blank">Sign into GitHub</a>
</div>
<p>GitHub,
Inc. <br style="color:#959da5;font-size:12px;line-height:18px">
<a href="https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.++%0D%0A++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g">88 Colin P Kelly Jr St. </a><br style="color:#959da5;font-size:12px;line-height:18px"><a href="https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.++%0D%0A++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g">
San Francisco, CA 94107</a></p>
</div>
</div>
</td>
<td valign="top"><br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
cfe-dev mailing list
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br></blockquote></div><br></div></div></div></blockquote></div>