-
Notifications
You must be signed in to change notification settings - Fork 459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[master] Update vulnerable regex package #6070
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
onalante-msft
force-pushed
the
threadlocal
branch
from
February 3, 2022 00:44
682ba4e
to
9f9000b
Compare
onalante-msft
changed the title
Update vulnerable regex package
[master] Update vulnerable regex package
Feb 3, 2022
Component governance identified a vulnerability in thread_local, which was a transitive dependency brought in by older regex versions.
onalante-msft
force-pushed
the
threadlocal
branch
from
February 3, 2022 00:50
9f9000b
to
bcc75d9
Compare
arsing
previously approved these changes
Feb 3, 2022
arsing
approved these changes
Feb 4, 2022
onalante-msft
added a commit
to onalante-msft/iotedge
that referenced
this pull request
Feb 7, 2022
Component governance identified a vulnerability in thread_local, which was a transitive dependency brought in by older regex versions. This has the additional benefit of unifying our regex dependency versions. RUSTSEC advisory: https://rustsec.org/advisories/RUSTSEC-2022-0006.html
This was referenced Feb 7, 2022
kodiakhq bot
pushed a commit
that referenced
this pull request
Feb 8, 2022
*Cf.* #6070. ## Azure IoT Edge PR checklist: This checklist is used to make sure that common guidelines for a pull request are followed. ### General Guidelines and Best Practices - [x] I have read the [contribution guidelines](https://github.com/azure/iotedge#contributing). - [x] Title of the pull request is clear and informative. - [x] Description of the pull request includes a concise summary of the enhancement or bug fix. ### Testing Guidelines - [x] Pull request includes test coverage for the included changes. - Description of the pull request includes - [ ] concise summary of tests added/modified - [x] local testing done.
kodiakhq bot
pushed a commit
that referenced
this pull request
Feb 8, 2022
*Cf.* #6070. ## Azure IoT Edge PR checklist:
damonbarry
pushed a commit
to damonbarry/iotedge
that referenced
this pull request
Apr 15, 2022
Component governance identified a vulnerability in thread_local, which was a transitive dependency brought in by older regex versions. This has the additional benefit of unifying our regex dependency versions. RUSTSEC advisory: https://rustsec.org/advisories/RUSTSEC-2022-0006.html ## Azure IoT Edge PR checklist:
damonbarry
pushed a commit
to damonbarry/iotedge
that referenced
this pull request
Apr 15, 2022
*Cf.* Azure#6070. ## Azure IoT Edge PR checklist:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Component governance identified a vulnerability in thread_local, which
was a transitive dependency brought in by older regex versions.
This has the additional benefit of unifying our regex dependency
versions.
RUSTSEC advisory: https://rustsec.org/advisories/RUSTSEC-2022-0006.html
Azure IoT Edge PR checklist:
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines and Best Practices
Testing Guidelines