Your Dependabot alerts for the week of Jun 9 - Jun 16

Chet Ensign
 


Baseline TSC, just sharing in case you didn't see this. Notice from GitHub of a vulnerability alert on the baseline-website. 

/chet


---------- Forwarded message ---------
From: GitHub <noreply@...>
Date: Tue, Jun 16, 2020 at 11:26 AM
Subject: Your Dependabot alerts for the week of Jun 9 - Jun 16
To: OASIS-OP-Admin <op-admin@...>


Explore this week on GitHub
Dependabot alerts

GitHub security alert digest

OASIS-OP-Admin’s repository security updates from the week of Jun 9 - Jun 16

OASIS TC Open Repositories organization

Warning!

oasis-open / openc2-oif-orchestrator

Known security vulnerabilities detected

Dependency django Version >= 2.0.0 < 2.2.11 Upgrade to ~> 2.2.11
Defined in requirements.txt Suggested update #12
Vulnerabilities
CVE-2020-9402 High severity
CVE-2020-13254 Moderate severity
CVE-2020-13596 Moderate severity
Review all vulnerable dependencies
Warning!

oasis-open / openc2-lycan-java

Known security vulnerabilities detected

Dependency com.fasterxml.jackson.core:jackson-databind Version >= 2.9.0 <= 2.9.10.3 Upgrade to ~> 2.9.10.4
Defined in pom.xml Suggested update #14
Vulnerabilities
CVE-2020-10672 Moderate severity
CVE-2020-11620 Moderate severity
CVE-2020-9546 Moderate severity
CVE-2020-10969 Moderate severity
CVE-2020-11619 Moderate severity
View 7 more
Review all vulnerable dependencies
Warning!

oasis-open / openc2-lycan-beam

Known security vulnerabilities detected

Dependency growl Version < 1.10.0 Upgrade to ~> 1.10.0
Defined in package-lock.json
Vulnerabilities
CVE-2017-16042 Critical severity
Dependency clean-css Version < 4.1.11 Upgrade to ~> 4.1.11
Defined in package-lock.json
Vulnerabilities
WS-2019-0017 Moderate severity
Dependency braces Version < 2.3.1 Upgrade to ~> 2.3.1
Defined in package-lock.json
Vulnerabilities
WS-2019-0019 Moderate severity
Dependency minimist Version < 0.2.1 Upgrade to ~> 0.2.1
Defined in package-lock.json
Vulnerabilities
CVE-2020-7598 Moderate severity
Dependency acorn Version >= 5.5.0 < 5.7.4 Upgrade to ~> 5.7.4
Defined in package-lock.json
Vulnerabilities
GHSA-6chw-6frg-f759 Moderate severity
Review all vulnerable dependencies

OASIS GitHub Repositories for TC Work organization

Warning!

oasis-tcs / cxs-cdp

Known security vulnerabilities detected

Dependency apollo-server Version < 2.14.2 Upgrade to ~> 2.14.2
Defined in package-lock.json Suggested update #28
Vulnerabilities
GHSA-w42g-7vfc-xf37 Moderate severity
Dependency apollo-server-core Version < 2.14.2 Upgrade to ~> 2.14.2
Defined in package-lock.json
Vulnerabilities
GHSA-w42g-7vfc-xf37 Moderate severity
Dependency apollo-server-express Version < 2.14.2 Upgrade to ~> 2.14.2
Defined in package-lock.json
Vulnerabilities
GHSA-w42g-7vfc-xf37 Moderate severity
Review all vulnerable dependencies

ethereum-oasis organization

Warning!

ethereum-oasis / baseline-website

Known security vulnerabilities detected

Dependency minimist Version < 0.2.1 Upgrade to ~> 0.2.1
Defined in package-lock.json Suggested update #10
Vulnerabilities
CVE-2020-7598 Moderate severity
Dependency acorn Version >= 5.5.0 < 5.7.4 Upgrade to ~> 5.7.4
Defined in package-lock.json
Vulnerabilities
GHSA-6chw-6frg-f759 Moderate severity
Review all vulnerable dependencies

Always verify the validity and compatibility of suggestions with your codebase.


Change how you receive security alert emails in your notification preferences.

Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107



--

/chet 
----------------
Chet Ensign
Chief Technical Community Steward
OASIS: Advancing open source & open standards for the information society
http://www.oasis-open.org

Mobile: +1 201-341-1393 

Join baseline-tsc@lists.oasis-open-projects.org to automatically receive all group messages.