Closed radeksimko closed 1 year ago
Related to https://github.com/microsoft/vscode-vsce/pull/858
This is to address https://github.com/advisories/GHSA-776f-qx25-q3cc
AFAICT we should not need to mention this as "vulnerability" from end-user perspective in the Changelog, since the package is only used at release time and the content (XML) is already treated as trusted (vsix).
Sadly Microsoft stopped publishing changelogs since 2.15.0, but for posterity, here is the full diff: https://github.com/microsoft/vscode-vsce/compare/v2.9.1...v2.19.0
Related to https://github.com/microsoft/vscode-vsce/pull/858
This is to address https://github.com/advisories/GHSA-776f-qx25-q3cc
AFAICT we should not need to mention this as "vulnerability" from end-user perspective in the Changelog, since the package is only used at release time and the content (XML) is already treated as trusted (vsix).
Sadly Microsoft stopped publishing changelogs since 2.15.0, but for posterity, here is the full diff: https://github.com/microsoft/vscode-vsce/compare/v2.9.1...v2.19.0