Skip to content

Update expat dependency #114734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stuartmorgan-g opened this issue Nov 5, 2022 · 3 comments · Fixed by flutter/engine#37383
Closed

Update expat dependency #114734

stuartmorgan-g opened this issue Nov 5, 2022 · 3 comments · Fixed by flutter/engine#37383
Labels
engine flutter/engine repository. See also e: labels. P1 High-priority issues at the top of the work list platform-android Android applications specifically

Comments

@stuartmorgan-g
Copy link
Contributor

Our version of expat hasn't been updated in over a year, and is once again being flagged by security analysis tools. Based on discussion in #91384 it sounds like this is probably not an actual security issue the way we're using it (unless something has changed about our usage), but we should still roll it forward again.

(/cc @Hixie @jason-simmons @zanderso who were in involved in the previous roll, but I can drive this if there's not a better candidate.)
@stuartmorgan-g stuartmorgan-g added platform-android Android applications specifically engine flutter/engine repository. See also e: labels. P1 High-priority issues at the top of the work list labels Nov 5, 2022
@Hixie
Copy link
Contributor

Hixie commented Nov 6, 2022

Autorolling it would be ideal if there's any chance of that.

Am I wrong in saying we also have libxml2 in our binary somewhere?

@stuartmorgan-g stuartmorgan-g mentioned this issue Nov 7, 2022
Open
@stuartmorgan-g
Copy link
Contributor Author

I filed #114817 for an auto-roller; I'm not sure what the process for engine autorollers is, so someone with more familiarity there would be better to drive that.

stuartmorgan-g added a commit to stuartmorgan-g/engine that referenced this issue Nov 7, 2022
@stuartmorgan-g
Roll expat to 2.5.0
5de64c9 
Rolls expat, which was last updated approximately a year ago, to the
very recent 2.5.0 tag.

Fixes flutter/flutter#114734
@stuartmorgan-g stuartmorgan-g mentioned this issue Nov 7, 2022
Merged
8 tasks
auto-submit bot pushed a commit to flutter/engine that referenced this issue Nov 9, 2022
@stuartmorgan-g
Roll expat to 2.5.0 (#37383)
b65ac4a 
* Roll expat to 2.5.0

Rolls expat, which was last updated approximately a year ago, to the
very recent 2.5.0 tag.

Fixes flutter/flutter#114734

* Licenses

* Resync

* Apply changes from CI
schwa423 pushed a commit to schwa423/engine that referenced this issue Nov 16, 2022
@stuartmorgan-g @schwa423
Roll expat to 2.5.0 (flutter#37383)
75fd392 
* Roll expat to 2.5.0

Rolls expat, which was last updated approximately a year ago, to the
very recent 2.5.0 tag.

Fixes flutter/flutter#114734

* Licenses

* Resync

* Apply changes from CI
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
engine flutter/engine repository. See also e: labels. P1 High-priority issues at the top of the work list platform-android Android applications specifically
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Roll expat to 2.5.0 stuartmorgan-g/engine
2 participants
@stuartmorgan-g @Hixie