Bundles vulnerable copy of Expat - please update to 2.2.1

[hartwork]

Hi!

This repository bundles an outdated vulnerable copy of Expat 2.2.0. Please update your copy to version 2.2.1 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes. If you happen to run into compile errors, please check the post-2.2.1 commits in Git as well. Thank you!

Best

 
Sebastian

[vslavik]

Thanks, I'm well aware of the release, just as I am aware of how I used Expat (not impacted, I/O internal to Poedit, communicating with a helper CLI tool). In fact, it's no longer used in v2, I just forgot to delete it — thanks for drawing my attention to it.

P.S. You may want to improve your crawler to detect submodule references, like this one (upgrade pending acceptance or rejection of libexpat/libexpat#60).

[hartwork]

My crawler so far was plain filename:xmlparse.c XML_ParserCreate using GitHub's (rather limited) own search. I'm open to better crawlers if you have ideas.
I think WinSparkle's use of Expat as a Git submodule does not show up at Expat's list of dependent repositories because it's using SourceForge for the remote URL still (while some GitHub UI places tell otherwise).
PS: I have added WinSparkle to the list of Expat users now.

[vslavik]

using GitHub's (rather limited) own search

Ah, I see.

because it's using SourceForge for the remote URL still

That's weird, not since vslavik/winsparkle@a4abbed...