mirror of
https://github.com/shaka-project/shaka-packager.git
synced 2026-04-02 19:30:21 +00:00
1e5fa9ab28
Some checks failed
Update Issues / update-issues (push) Has been cancelled
Release / Settings (push) Has been cancelled
Release / release (push) Has been cancelled
Release / Compute latest release flag (push) Has been cancelled
Release / Update docs (push) Has been cancelled
Release / Update docker image (push) Has been cancelled
Release / Build (push) Has been cancelled
Release / Artifacts (push) Has been cancelled
Release / Update NPM (push) Has been cancelled
These are security sensitive dependencies that haven't been updated since 2024. Thankfully, there do not appear to be any major incompatibilities that prevent an update. libxml2 now enforces that buffer size must only refer to the actual content excluding the null terminator, which required replacing `std::size` with `strlen` in two unit tests. I originally tried to bump mbedtls to 4.0.0, but that seems to be blocked by an upstream issue trying to write to the cmake source directory, which cmake errors on. 3.6.5 has all CVE fixes included that come with 4.0.0 though, so from a security perspective it is sufficient to update to this version with no incompatibilities first. --------- Co-authored-by: Joey Parrish <joeyparrish@google.com>