[Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22

Chihurumnaya Ibiam ibiamchihurumnaya at gmail.com
Tue Dec 22 07:07:51 EST 2020

Previous message (by thread): [Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22
Next message (by thread): [Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've created updates for sugar-gcibot and www-sugarlabs, I've alerted
Walter about the musicblocks alert
and I don't have access to sugarlabs-infra but I think we should retire the
helios server if it's still running as
we haven't been using it for our elections as we've been using civs
<http://civs.cs.cornell.edu/> and I think we only used it for the election
last conducted by Dave - I think -.

-- 

Ibiam Chihurumnaya
ibiamchihurumnaya at gmail.com



On Tue, Dec 22, 2020 at 12:59 PM Bernie Innocenti <bernie at codewiz.org>
wrote:

> Who should take care of these?
>
> -------- Forwarded Message --------
> Subject: Your Dependabot alerts for the week of Dec 15 - Dec 22
> Date: Tue, 22 Dec 2020 02:46:37 +0000 (UTC)
> From: GitHub <noreply at github.com> <noreply at github.com>
> To: Bernie Innocenti <bernie at codewiz.org> <bernie at codewiz.org>
>
>
> Explore this week on GitHub
> [image: Dependabot alerts]
> [image: GitHub] <https://github.com> security alert digest
>
> *codewiz’s* repository security updates from the week of *Dec 15 - Dec 22*
> <https://github.com/sugarlabs> Sugar Labs organization
> <https://github.com/sugarlabs>
> [image: Warning!] sugarlabs / *sugar-gitbot*
> <https://github.com/sugarlabs/sugar-gitbot>
>
> Known security vulnerabilities detected
> Dependency express Version < 3.11.0 Upgrade to ~> 3.11.0
> Defined in package.json
> Vulnerabilities
> CVE-2014-6393 Moderate severity
>
> Review all vulnerable dependencies
> <https://github.com/sugarlabs/sugar-gitbot/security/dependabot>
> [image: Warning!] sugarlabs / *www-sugarlabs*
> <https://github.com/sugarlabs/www-sugarlabs>
>
> Known security vulnerabilities detected
> Dependency kramdown Version < 2.3.0 Upgrade to ~> 2.3.0
> Defined in Gemfile.lock
> Vulnerabilities
> CVE-2020-14001 High severity
>
> Review all vulnerable dependencies
> <https://github.com/sugarlabs/www-sugarlabs/security/dependabot>
> [image: Warning!] sugarlabs / *musicblocks*
> <https://github.com/sugarlabs/musicblocks>
>
> Known security vulnerabilities detected
> Dependency ecstatic Version < 4.1.3 Upgrade to ~> 4.1.3
> Defined in package-lock.json
> Vulnerabilities
> CVE-2019-10775 Moderate severity
>
> Review all vulnerable dependencies
> <https://github.com/sugarlabs/musicblocks/security/dependabot>
> <https://github.com/sugarlabs-infra> sugarlabs-infra organization
> <https://github.com/sugarlabs-infra>
> [image: Warning!] sugarlabs-infra / *helios-server*
> <https://github.com/sugarlabs-infra/helios-server>
>
> Known security vulnerabilities detected
> Dependency gunicorn Version < 19.5.0 Upgrade to ~> 19.5.0
> Defined in requirements.txt
> Vulnerabilities
> CVE-2018-1000164 Moderate severity
> Dependency requests Version <= 2.19.1 Upgrade to ~> 2.20.0
> Defined in requirements.txt
> Vulnerabilities
> CVE-2018-18074 Moderate severity
> Dependency django Version < 1.11.18 Upgrade to ~> 1.11.18
> Defined in requirements.txt
> Vulnerabilities
> CVE-2020-9402 High severity
> CVE-2019-3498 Low severity
> CVE-2019-6975 Moderate severity
> CVE-2019-19844 Moderate severity
> CVE-2020-7471 Moderate severity
> Dependency bleach Version < 3.1.1 Upgrade to ~> 3.1.1
> Defined in requirements.txt
> Vulnerabilities
> CVE-2020-6802 Moderate severity
> CVE-2020-6816 Moderate severity
> CVE-2020-6817 Moderate severity
>
> Review all vulnerable dependencies
> <https://github.com/sugarlabs-infra/helios-server/security/dependabot>
>
> Always verify the validity and compatibility of suggestions with your
> codebase.
> ------------------------------
>
> Change how you receive security alert emails in your notification
> preferences
> <https://github.com/settings/notifications#vulnerability-alerts-heading>.
>
> Unsubscribe
> <https://github.com/email/unsubscribe?token=AAJBF3AB43YMTNZOSETMY53BYKIYZANENZQW2ZNNOZ2WY3TFOJQWE2LMNF2HS>
> · Email preferences <https://github.com/settings/emails> · Terms
> <https://docs.github.com/articles/github-terms-of-service> · Privacy
> <https://docs.github.com/articles/github-privacy-policy> · Sign into
> GitHub <https://github.com/login>
>
> GitHub, Inc.
> 88 Colin P Kelly Jr St.
> San Francisco, CA 94107
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20201222/bb757ad4/attachment.htm>

Previous message (by thread): [Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22
Next message (by thread): [Systems] Fwd: Your Dependabot alerts for the week of Dec 15 - Dec 22
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list