KEMBAR78
Component Governance fix: Update libyaml by yao-msft · Pull Request #4583 · microsoft/winget-cli · GitHub
Skip to content

Component Governance fix: Update libyaml #4583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 26, 2024
Merged

Component Governance fix: Update libyaml #4583

merged 3 commits into from
Jun 26, 2024

Conversation

@yao-msft
Copy link
Contributor

@yao-msft yao-msft commented Jun 26, 2024
edited by microsoft-github-policy-service bot
Loading

Component governance fix: update libyaml

Since a new release has not been created since after 0.2.5, pull to latest master. I reviewed the commits and they look safe.

Microsoft Reviewers: Open in CodeFlow

yao-msft added 3 commits June 25, 2024 22:16
@yao-msft
Squashed 'src/YamlCppLib/libyaml/' changes from 2c891fc7..840b65c4
d4adad1 
840b65c4 Fix closing flow sequence after explicit key
588eabff Handle closing flow sequence after explicit key
abd744ec ci: Install libtool on macOS
1e66c1e1 Fix some typos
51843fe4 Limit depth of nesting by default
fb57d89c Update Github actions
f8f760f7 ci: Fix build on macOS (microsoft#230)
acd6f6f0 Add workflow for creating release tarballs

git-subtree-dir: src/YamlCppLib/libyaml
git-subtree-split: 840b65c40675e2d06bf40405ad3f12dec7f35923
@yao-msft
Merge commit 'd4adad1c8e6a54d8725aeac45fbe0d752f0f9ac6' into libyamlu…
1869095 
…pdate
@yao-msft
Update readme and cgmanifest
2b759cc
@yao-msft yao-msft requested a review from a team as a code owner June 26, 2024 05:25
JohnMcPMS
JohnMcPMS approved these changes Jun 26, 2024
View reviewed changes
Copy link
Member

@JohnMcPMS JohnMcPMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remember to not squash the merge.

@yao-msft yao-msft merged commit 015f0e9 into microsoft:master Jun 26, 2024
@yao-msft yao-msft deleted the libyamlupdate branch June 26, 2024 17:23
ryfu-msft pushed a commit to ryfu-msft/winget-cli that referenced this pull request Jun 26, 2024
@yao-msft @ryfu-msft
Component Governance fix: Update libyaml (microsoft#4583)
bafb075 
Component governance fix: update libyaml
ryfu-msft added a commit that referenced this pull request Jun 26, 2024
@ryfu-msft
Cherry-pick Update libyaml (#4583) (#4585)
290222a
@florelis florelis mentioned this pull request May 12, 2025
Merged
florelis added a commit that referenced this pull request May 13, 2025
@florelis @JohnMcPMS
Use more recent version for libyaml (#5455)
cefeec7 
We have a Component Governance alert for libyaml. There is no release of
libyaml with this issue fixed, so the guidance was to apply the patch
manually, and that's what I did when moving to vcpkg, but that doesn't
play nicely with CG because it can't determine that the patch to fix the
vulnerability was applied.

Instead of manually patching, this PR uses a more recent commit of
libyaml (without an official release), which already has the changes we
want. It uses the same commit from the last time we did a subtree update
in #4583

---------

Co-authored-by: JohnMcPMS <johnmcp@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JohnMcPMS JohnMcPMS JohnMcPMS approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yao-msft @JohnMcPMS