Update curl dependency due to CVE-2024-9681

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).

https://learn.microsoft.com/windows/package-manager/

MIT License

23.35k stars 1.45k forks source link

Update curl dependency due to CVE-2024-9681 #4960

Open florelis opened 1 week ago

florelis commented 1 week ago

See https://curl.se/docs/CVE-2024-9681.html

Microsoft Reviewers: Open in CodeFlow

yao-msft commented 1 week ago

The build error could probably be fixed by updating the baseline.

yao-msft commented 1 week ago

Looks like the official repo has not been updated from 8.10.1 yet... https://vcpkg.io/en/package/curl

florelis commented 1 week ago

Guess this will have to wait then... It isn't in any of the commits marked as "release" but the update is already in vcpkg's repo, so I thought setting the baseline to that commit would be enough. Weird that it worked locally but not on the pipeline