[Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22
Bernie Innocenti
bernie at codewiz.org
Tue Dec 22 06:59:38 EST 2020
Who should take care of these?
-------- Forwarded Message --------
Subject: Your Dependabot alerts for the week of Dec 15 - Dec 22
Date: Tue, 22 Dec 2020 02:46:37 +0000 (UTC)
From: GitHub <noreply at github.com>
To: Bernie Innocenti <bernie at codewiz.org>
Dependabot alerts on GitHub
Explore this week on GitHub
Dependabot alerts
GitHub <https://github.com> security alert digest
*codewiz’s* repository security updates from the week of *Dec 15 - Dec
22*
<https://github.com/sugarlabs>
Sugar Labs organization <https://github.com/sugarlabs>
Warning!
sugarlabs / *sugar-gitbot*
<https://github.com/sugarlabs/sugar-gitbot>
Known security vulnerabilities detected
Dependency express Version < 3.11.0 Upgrade to ~> 3.11.0
Defined in package.json
Vulnerabilities
CVE-2014-6393 Moderate severity
Review all vulnerable dependencies
<https://github.com/sugarlabs/sugar-gitbot/security/dependabot>
Warning!
sugarlabs / *www-sugarlabs*
<https://github.com/sugarlabs/www-sugarlabs>
Known security vulnerabilities detected
Dependency kramdown Version < 2.3.0 Upgrade to ~> 2.3.0
Defined in Gemfile.lock
Vulnerabilities
CVE-2020-14001 High severity
Review all vulnerable dependencies
<https://github.com/sugarlabs/www-sugarlabs/security/dependabot>
Warning!
sugarlabs / *musicblocks* <https://github.com/sugarlabs/musicblocks>
Known security vulnerabilities detected
Dependency ecstatic Version < 4.1.3 Upgrade to ~> 4.1.3
Defined in package-lock.json
Vulnerabilities
CVE-2019-10775 Moderate severity
Review all vulnerable dependencies
<https://github.com/sugarlabs/musicblocks/security/dependabot>
<https://github.com/sugarlabs-infra>
sugarlabs-infra organization <https://github.com/sugarlabs-infra>
Warning!
sugarlabs-infra / *helios-server*
<https://github.com/sugarlabs-infra/helios-server>
Known security vulnerabilities detected
Dependency gunicorn Version < 19.5.0 Upgrade to ~> 19.5.0
Defined in requirements.txt
Vulnerabilities
CVE-2018-1000164 Moderate severity
Dependency requests Version <= 2.19.1 Upgrade to ~> 2.20.0
Defined in requirements.txt
Vulnerabilities
CVE-2018-18074 Moderate severity
Dependency django Version < 1.11.18 Upgrade to ~> 1.11.18
Defined in requirements.txt
Vulnerabilities
CVE-2020-9402 High severity
CVE-2019-3498 Low severity
CVE-2019-6975 Moderate severity
CVE-2019-19844 Moderate severity
CVE-2020-7471 Moderate severity
Dependency bleach Version < 3.1.1 Upgrade to ~> 3.1.1
Defined in requirements.txt
Vulnerabilities
CVE-2020-6802 Moderate severity
CVE-2020-6816 Moderate severity
CVE-2020-6817 Moderate severity
Review all vulnerable dependencies
<https://github.com/sugarlabs-infra/helios-server/security/dependabot>
Always verify the validity and compatibility of suggestions with your
codebase.
------------------------------------------------------------------------
Change how you receive security alert emails in your notification
preferences
<https://github.com/settings/notifications#vulnerability-alerts-heading>.
Unsubscribe
<https://github.com/email/unsubscribe?token=AAJBF3AB43YMTNZOSETMY53BYKIYZANENZQW2ZNNOZ2WY3TFOJQWE2LMNF2HS>
· Email preferences <https://github.com/settings/emails> · Terms
<https://docs.github.com/articles/github-terms-of-service> · Privacy
<https://docs.github.com/articles/github-privacy-policy> · Sign into
GitHub <https://github.com/login>
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20201222/21b75886/attachment.htm>
More information about the Systems
mailing list