Squirrel dependency packages update #897
Comments
|
DeltaCompressionDotNet has been updated to 1.1.0 in #803 |
shiftkey
added
the
infrastructure
|
Porting over security note from #1253 so it's not lost:
|
|
@peppy thanks for the extra context. I'll also link to this comment to remind me about this:
|
|
In order to support version 7.0.1 of Splat, Squirrel would need to require version 4.6.1 of the .NET Framework. Microsoft's guidance on this is below. Any feedback on making this move? https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies |
|
4.6.1 is 5 years old now, personally I would say go for it but I am just a user with only about 20 customers. |
Hello - is there any progress on the SharpCompress update please? I am working to promote Squirrel for deploying applications within my company, but it's hard to make a case for it when it contains a known vulnerability. From reading the background I appreciate this isn't a two-minute fix, but it would be great to have an idea of the current status, if possible? Thanks! |
|
@thecodetinker merging #1362 would bring us to 0.22 |
Would it make sense to have a beta channel if this kind of issue are hard to track through unit tests? |
Thank you - I would be happy to use a beta channel for now. We don't have enough users (yet) that breaking would be a massive problem. |
Hi! Is it safe to update dependency packages of suirrel package to latest version?
For now VS suggest me to update
DeltaCompressionDotNet from 1.0.0 to 1.1.0
Mono.Cecil from 0.9.6.1 to 0.9.6.4
Splat from 1.6.2 to 2.0.0
The text was updated successfully, but these errors were encountered: