[cfe-dev] Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

Will Dietz via cfe-dev cfe-dev at lists.llvm.org
Tue Oct 16 22:00:58 PDT 2018

Hi folks, haven't looked into it but thought I'd forward this in case it's
useful and worth acting on.  Apologies if entirely noise, but better safe
than sorry :).

Happy LLVM-ing,

---------- Forwarded message ---------
From: GitHub <notifications at github.com>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have
a security vulnerability
To: llvm-mirror/clang-tools-extra <clang-tools-extra at noreply.github.com>
Cc: Security alert <security_alert at noreply.github.com>

We found a potential security vulnerabilty in one of your dependencies
[image: GitHub] <https://github.com> Sign in <https://github.com/login>

We found a potential security vulnerability in a repository for which you
have been granted security alert access.
[image: @llvm-mirror] llvm-mirror/clang-tools-extra
Known * high severity* security vulnerability detected in YamlDotNet <=
4.3.2 defined in packages.config

update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your
Review vulnerable dependency

Only users who have been assigned access to security alerts will receive
these notifications.
· Email preferences <https://github.com/settings/emails> · Terms
<https://help.github.com/articles/github-terms-of-service/> · Privacy
<https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20181017/e614b7ed/attachment.html>

More information about the cfe-dev mailing list