Fwd: [GitHub] Your Dependabot alerts for the week of Sep 21 - Sep 28

[Kit Plummer]

Should something be done with these 'died on the vine' projects.

---------- Forwarded message ---------
From: GitHub <nor...@github.com>
Date: Tue, Sep 28, 2021 at 9:42 AM
Subject: [GitHub] Your Dependabot alerts for the week of Sep 21 - Sep 28
To: Kit Plummer <kitpl...@gmail.com>

Explore this week on GitHub  security alert digest kitplummer’s repository security updates from the week of Sep 21 - Sep 28 Mil-OSS organization mil-oss / MIL-STD-498-maven-plugins Known security vulnerabilities detected Dependency com.fasterxml.jackson.core:jackson-databind Version >= 2.8.0 < 2.8.9 Upgrade to ~> 2.8.9 Defined in pom.xml Vulnerabilities CVE-2017-7525 Critical severity CVE-2017-7525 Critical severity CVE-2017-17485 Critical severity CVE-2017-17485 Critical severity CVE-2019-14540 Critical severity View 25 more Review all vulnerable dependencies mil-oss / fgsms Known security vulnerabilities detected Dependency org.apache.axis:axis Version <= 1.4 Defined in pom.xml Vulnerabilities CVE-2019-0227 High severity Dependency org.apache.httpcomponents:httpclient Version < 4.3.6 Upgrade to ~> 4.3.6 Defined in pom.xml Vulnerabilities CVE-2015-5262 Moderate severity CVE-2014-3577 Moderate severity CVE-2020-13956 Moderate severity CVE-2020-13956 Moderate severity CVE-2020-13956 Moderate severity Dependency org.apache.juddi:juddi-client Version >= 3.2 < 3.3.5 Upgrade to ~> 3.3.5 Defined in pom.xml Vulnerabilities CVE-2018-1307 High severity Dependency com.fasterxml.jackson.core:jackson-databind Version >= 2.0.0 < 2.9.9 Upgrade to ~> 2.9.9 Defined in pom.xml Vulnerabilities CVE-2019-14540 Critical severity CVE-2019-16335 Critical severity CVE-2020-9548 Critical severity CVE-2020-9547 Critical severity CVE-2019-17267 Critical severity View 5 more Dependency log4j:log4j Version >= 1.2 <= 1.2.27 Defined in pom.xml Vulnerabilities Dependency xerces:xercesImpl Version < 2.12.0 Upgrade to ~> 2.12.0 Defined in pom.xml Vulnerabilities CVE-2012-0881 High severity Dependency commons-collections:commons-collections Version < 3.2.2 Upgrade to ~> 3.2.2 Defined in pom.xml Vulnerabilities CVE-2015-6420 High severity Dependency org.quartz-scheduler:quartz Version < 2.3.2 Upgrade to ~> 2.3.2 Defined in pom.xml Vulnerabilities CVE-2019-13990 Critical severity Dependency dom4j:dom4j Version <= 1.6.1 Defined in pom.xml Vulnerabilities Dependency junit:junit Version >= 4.7 < 4.13.1 Upgrade to ~> 4.13.1 Defined in pom.xml Vulnerabilities CVE-2020-15250 Moderate severity Review all vulnerable dependencies mil-oss / xsdccm Known security vulnerabilities detected Dependency lodash Version < 4.17.19 Upgrade to ~> 4.17.19 Defined in package-lock.json Suggested update #8 Vulnerabilities CVE-2020-8203 High severity CVE-2021-23337 High severity Dependency elliptic Version < 6.5.3 Upgrade to ~> 6.5.3 Defined in package-lock.json Suggested update #9 Vulnerabilities CVE-2020-13822 High severity CVE-2020-28498 Moderate severity Dependency dot-prop Version < 4.2.1 Upgrade to ~> 4.2.1 Defined in package-lock.json Suggested update #10 Vulnerabilities CVE-2020-8116 High severity Dependency http-proxy Version < 1.18.1 Upgrade to ~> 1.18.1 Defined in package-lock.json Vulnerabilities GHSA-6x33-pw7p-hmpq High severity Dependency object-path Version < 0.11.5 Upgrade to ~> 0.11.5 Defined in package-lock.json Vulnerabilities CVE-2020-15256 High severity CVE-2021-3805 High severity CVE-2021-23434 Moderate severity Dependency ini Version < 1.3.6 Upgrade to ~> 1.3.6 Defined in package-lock.json Vulnerabilities CVE-2020-7788 High severity Dependency serialize-javascript Version < 3.1.0 Upgrade to ~> 3.1.0 Defined in package-lock.json Vulnerabilities CVE-2020-7660 High severity Dependency node-forge Version < 0.10.0 Upgrade to ~> 0.10.0 Defined in package-lock.json Vulnerabilities CVE-2020-7720 High severity Dependency axios Version < 0.21.1 Upgrade to ~> 0.21.1 Defined in package-lock.json Vulnerabilities CVE-2020-28168 High severity CVE-2021-3749 High severity Dependency socket.io Version < 2.4.0 Upgrade to ~> 2.4.0 Defined in package-lock.json Vulnerabilities CVE-2020-28481 Moderate severity Dependency y18n Version < 3.2.2 Upgrade to ~> 3.2.2 Defined in package-lock.json Suggested update #12 Vulnerabilities CVE-2020-7774 High severity Dependency ssri Version >= 5.2.2 < 6.0.2 Upgrade to ~> 6.0.2 Defined in package-lock.json Suggested update #13 Vulnerabilities CVE-2021-27290 High severity Dependency xmlhttprequest-ssl Version < 1.6.2 Upgrade to ~> 1.6.2 Defined in package-lock.json Vulnerabilities CVE-2021-31597 Critical severity CVE-2020-28502 High severity Dependency ua-parser-js Version >= 0.7.14 < 0.7.24 Upgrade to ~> 0.7.24 Defined in package-lock.json Vulnerabilities CVE-2021-27292 High severity CVE-2020-7733 High severity Dependency url-parse Version < 1.5.0 Upgrade to ~> 1.5.0 Defined in package-lock.json Suggested update #14 Vulnerabilities CVE-2021-27515 High severity Dependency hosted-git-info Version < 2.8.9 Upgrade to ~> 2.8.9 Defined in package-lock.json Suggested update #16 Vulnerabilities CVE-2021-23362 Moderate severity Dependency dns-packet Version < 1.3.2 Upgrade to ~> 1.3.2 Defined in package-lock.json Suggested update #17 Vulnerabilities CVE-2021-23386 High severity Dependency trim-newlines Version < 3.0.1 Upgrade to ~> 3.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-33623 High severity Dependency glob-parent Version < 5.1.2 Upgrade to ~> 5.1.2 Defined in package-lock.json Vulnerabilities CVE-2020-28469 High severity Dependency socket.io-parser Version < 3.3.2 Upgrade to ~> 3.3.2 Defined in package-lock.json Vulnerabilities CVE-2020-36049 High severity Dependency github.com/gin-gonic/gin Version < 1.7.0 Upgrade to ~> 1.7.0 Defined in go.mod Vulnerabilities CVE-2020-28483 High severity Dependency path-parse Version < 1.0.7 Upgrade to ~> 1.0.7 Defined in package-lock.json Suggested update #18 Vulnerabilities CVE-2021-23343 Moderate severity Dependency set-value Version < 4.0.1 Upgrade to ~> 4.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-23440 High severity Dependency nth-check Version < 2.0.1 Upgrade to ~> 2.0.1 Defined in package-lock.json Vulnerabilities CVE-2021-3803 Moderate severity Review all vulnerable dependencies kitplummer’s personal account kitplummer / ovmtb2 Known security vulnerabilities detected Dependency activesupport Version < 4.1.11 Upgrade to ~> 4.1.11 Defined in Gemfile.lock Vulnerabilities CVE-2015-3227 Moderate severity Dependency jquery-rails Version < 3.1.3 Upgrade to ~> 3.1.3 Defined in Gemfile.lock Vulnerabilities CVE-2015-1840 Moderate severity Dependency rack-ssl Version < 1.4.0 Upgrade to ~> 1.4.0 Defined in Gemfile.lock Vulnerabilities CVE-2014-2538 Moderate severity Dependency dragonfly Version <= 0.9.15 Defined in Gemfile.lock Vulnerabilities CVE-2021-33564 Critical severity Dependency bootstrap-sass Version >= 3.0.0 < 3.4.1 Upgrade to ~> 3.4.1 Defined in Gemfile.lock Vulnerabilities CVE-2019-8331 Moderate severity Dependency devise Version < 4.6.0 Upgrade to ~> 4.6.0 Defined in Gemfile.lock Vulnerabilities CVE-2019-16109 High severity CVE-2019-5421 Moderate severity Dependency sprockets Version < 2.12.5 Upgrade to ~> 2.12.5 Defined in Gemfile.lock Vulnerabilities CVE-2018-3760 High severity Dependency activeresource Version < 5.1.1 Upgrade to ~> 5.1.1 Defined in Gemfile.lock Vulnerabilities CVE-2020-8151 Moderate severity Dependency actionpack Version >= 2.0.0 <= 5.2.4.5 Upgrade to ~> 5.2.4.6 Defined in Gemfile.lock Vulnerabilities CVE-2021-22904 High severity CVE-2021-22885 High severity Dependency rack Version < 1.5.4 Upgrade to ~> 1.5.4 Defined in Gemfile.lock Vulnerabilities CVE-2020-8184 High severity CVE-2019-16782 Low severity CVE-2015-3225 Moderate severity CVE-2018-16471 Moderate severity CVE-2020-8161 Moderate severity Dependency json Version < 2.3.0 Upgrade to ~> 2.3.0 Defined in Gemfile.lock Vulnerabilities CVE-2020-10663 High severity Dependency rdoc Version >= 3.11 < 6.3.1 Upgrade to ~> 6.3.1 Defined in Gemfile.lock Vulnerabilities CVE-2021-31799 High severity Dependency nokogiri Version <= 1.12.4 Upgrade to ~> 1.12.5 Defined in Gemfile.lock Vulnerabilities CVE-2021-41098 High severity Review all vulnerable dependencies Always verify the validity and compatibility of suggestions with your codebase. Change how you receive security alert emails in your notification preferences. Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub GitHub, Inc. 88 Colin P Kelly Jr St. San Francisco, CA 94107

[John Scott III]

I’ll archive em

 Via phone

.... John Scott 

Ion Channel 

240.401.6574

Ionchannel.io 

On Sep 28, 2021, at 10:40, Kit Plummer <kitpl...@gmail.com> wrote:



--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org

---
You received this message because you are subscribed to the Google Groups "Military Open Source Software (Mil-OSS)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mil-oss/CAHUyvnoFjxEtuUhYrxS3CUx%3DDi4A3npK8c1zZbpqmcNYm9XBMg%40mail.gmail.com.