Fwd: [GitHub] Your Dependabot alerts for the week of Sep 21 - Sep 28

46 views
Skip to first unread message

Kit Plummer

unread,
Sep 28, 2021, 10:40:49 AM9/28/21
to mil...@googlegroups.com
Should something be done with these 'died on the vine' projects.

---------- Forwarded message ---------
From: GitHub <nor...@github.com>
Date: Tue, Sep 28, 2021 at 9:42 AM
Subject: [GitHub] Your Dependabot alerts for the week of Sep 21 - Sep 28
To: Kit Plummer <kitpl...@gmail.com>


Explore this week on GitHub
Dependabot alerts

GitHub security alert digest

kitplummer’s repository security updates from the week of Sep 21 - Sep 28

Mil-OSS organization

Warning!

mil-oss / MIL-STD-498-maven-plugins

Known security vulnerabilities detected

Dependency com.fasterxml.jackson.core:jackson-databind Version >= 2.8.0 < 2.8.9 Upgrade to ~> 2.8.9
Defined in pom.xml
Vulnerabilities
CVE-2017-7525 Critical severity
CVE-2017-7525 Critical severity
CVE-2017-17485 Critical severity
CVE-2017-17485 Critical severity
CVE-2019-14540 Critical severity
View 25 more
Review all vulnerable dependencies
Warning!

mil-oss / fgsms

Known security vulnerabilities detected

Dependency org.apache.axis:axis Version <= 1.4
Defined in pom.xml
Vulnerabilities
CVE-2019-0227 High severity
Dependency org.apache.httpcomponents:httpclient Version < 4.3.6 Upgrade to ~> 4.3.6
Defined in pom.xml
Vulnerabilities
CVE-2015-5262 Moderate severity
CVE-2014-3577 Moderate severity
CVE-2020-13956 Moderate severity
CVE-2020-13956 Moderate severity
CVE-2020-13956 Moderate severity
Dependency org.apache.juddi:juddi-client Version >= 3.2 < 3.3.5 Upgrade to ~> 3.3.5
Defined in pom.xml
Vulnerabilities
CVE-2018-1307 High severity
Dependency com.fasterxml.jackson.core:jackson-databind Version >= 2.0.0 < 2.9.9 Upgrade to ~> 2.9.9
Defined in pom.xml
Vulnerabilities
CVE-2019-14540 Critical severity
CVE-2019-16335 Critical severity
CVE-2020-9548 Critical severity
CVE-2020-9547 Critical severity
CVE-2019-17267 Critical severity
View 5 more
Dependency log4j:log4j Version >= 1.2 <= 1.2.27
Defined in pom.xml
Vulnerabilities
Dependency xerces:xercesImpl Version < 2.12.0 Upgrade to ~> 2.12.0
Defined in pom.xml
Vulnerabilities
CVE-2012-0881 High severity
Dependency commons-collections:commons-collections Version < 3.2.2 Upgrade to ~> 3.2.2
Defined in pom.xml
Vulnerabilities
CVE-2015-6420 High severity
Dependency org.quartz-scheduler:quartz Version < 2.3.2 Upgrade to ~> 2.3.2
Defined in pom.xml
Vulnerabilities
CVE-2019-13990 Critical severity
Dependency dom4j:dom4j Version <= 1.6.1
Defined in pom.xml
Vulnerabilities
Dependency junit:junit Version >= 4.7 < 4.13.1 Upgrade to ~> 4.13.1
Defined in pom.xml
Vulnerabilities
CVE-2020-15250 Moderate severity
Review all vulnerable dependencies
Warning!

mil-oss / xsdccm

Known security vulnerabilities detected

Dependency lodash Version < 4.17.19 Upgrade to ~> 4.17.19
Defined in package-lock.json Suggested update #8
Vulnerabilities
CVE-2020-8203 High severity
CVE-2021-23337 High severity
Dependency elliptic Version < 6.5.3 Upgrade to ~> 6.5.3
Defined in package-lock.json Suggested update #9
Vulnerabilities
CVE-2020-13822 High severity
CVE-2020-28498 Moderate severity
Dependency dot-prop Version < 4.2.1 Upgrade to ~> 4.2.1
Defined in package-lock.json Suggested update #10
Vulnerabilities
CVE-2020-8116 High severity
Dependency http-proxy Version < 1.18.1 Upgrade to ~> 1.18.1
Defined in package-lock.json
Vulnerabilities
GHSA-6x33-pw7p-hmpq High severity
Dependency object-path Version < 0.11.5 Upgrade to ~> 0.11.5
Defined in package-lock.json
Vulnerabilities
CVE-2020-15256 High severity
CVE-2021-3805 High severity
CVE-2021-23434 Moderate severity
Dependency ini Version < 1.3.6 Upgrade to ~> 1.3.6
Defined in package-lock.json
Vulnerabilities
CVE-2020-7788 High severity
Dependency serialize-javascript Version < 3.1.0 Upgrade to ~> 3.1.0
Defined in package-lock.json
Vulnerabilities
CVE-2020-7660 High severity
Dependency node-forge Version < 0.10.0 Upgrade to ~> 0.10.0
Defined in package-lock.json
Vulnerabilities
CVE-2020-7720 High severity
Dependency axios Version < 0.21.1 Upgrade to ~> 0.21.1
Defined in package-lock.json
Vulnerabilities
CVE-2020-28168 High severity
CVE-2021-3749 High severity
Dependency socket.io Version < 2.4.0 Upgrade to ~> 2.4.0
Defined in package-lock.json
Vulnerabilities
CVE-2020-28481 Moderate severity
Dependency y18n Version < 3.2.2 Upgrade to ~> 3.2.2
Defined in package-lock.json Suggested update #12
Vulnerabilities
CVE-2020-7774 High severity
Dependency ssri Version >= 5.2.2 < 6.0.2 Upgrade to ~> 6.0.2
Defined in package-lock.json Suggested update #13
Vulnerabilities
CVE-2021-27290 High severity
Dependency xmlhttprequest-ssl Version < 1.6.2 Upgrade to ~> 1.6.2
Defined in package-lock.json
Vulnerabilities
CVE-2021-31597 Critical severity
CVE-2020-28502 High severity
Dependency ua-parser-js Version >= 0.7.14 < 0.7.24 Upgrade to ~> 0.7.24
Defined in package-lock.json
Vulnerabilities
CVE-2021-27292 High severity
CVE-2020-7733 High severity
Dependency url-parse Version < 1.5.0 Upgrade to ~> 1.5.0
Defined in package-lock.json Suggested update #14
Vulnerabilities
CVE-2021-27515 High severity
Dependency hosted-git-info Version < 2.8.9 Upgrade to ~> 2.8.9
Defined in package-lock.json Suggested update #16
Vulnerabilities
CVE-2021-23362 Moderate severity
Dependency dns-packet Version < 1.3.2 Upgrade to ~> 1.3.2
Defined in package-lock.json Suggested update #17
Vulnerabilities
CVE-2021-23386 High severity
Dependency trim-newlines Version < 3.0.1 Upgrade to ~> 3.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-33623 High severity
Dependency glob-parent Version < 5.1.2 Upgrade to ~> 5.1.2
Defined in package-lock.json
Vulnerabilities
CVE-2020-28469 High severity
Dependency socket.io-parser Version < 3.3.2 Upgrade to ~> 3.3.2
Defined in package-lock.json
Vulnerabilities
CVE-2020-36049 High severity
Dependency github.com/gin-gonic/gin Version < 1.7.0 Upgrade to ~> 1.7.0
Defined in go.mod
Vulnerabilities
CVE-2020-28483 High severity
Dependency path-parse Version < 1.0.7 Upgrade to ~> 1.0.7
Defined in package-lock.json Suggested update #18
Vulnerabilities
CVE-2021-23343 Moderate severity
Dependency set-value Version < 4.0.1 Upgrade to ~> 4.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-23440 High severity
Dependency nth-check Version < 2.0.1 Upgrade to ~> 2.0.1
Defined in package-lock.json
Vulnerabilities
CVE-2021-3803 Moderate severity
Review all vulnerable dependencies

kitplummer’s personal account

Warning!

kitplummer / ovmtb2

Known security vulnerabilities detected

Dependency activesupport Version < 4.1.11 Upgrade to ~> 4.1.11
Defined in Gemfile.lock
Vulnerabilities
CVE-2015-3227 Moderate severity
Dependency jquery-rails Version < 3.1.3 Upgrade to ~> 3.1.3
Defined in Gemfile.lock
Vulnerabilities
CVE-2015-1840 Moderate severity
Dependency rack-ssl Version < 1.4.0 Upgrade to ~> 1.4.0
Defined in Gemfile.lock
Vulnerabilities
CVE-2014-2538 Moderate severity
Dependency dragonfly Version <= 0.9.15
Defined in Gemfile.lock
Vulnerabilities
CVE-2021-33564 Critical severity
Dependency bootstrap-sass Version >= 3.0.0 < 3.4.1 Upgrade to ~> 3.4.1
Defined in Gemfile.lock
Vulnerabilities
CVE-2019-8331 Moderate severity
Dependency devise Version < 4.6.0 Upgrade to ~> 4.6.0
Defined in Gemfile.lock
Vulnerabilities
CVE-2019-16109 High severity
CVE-2019-5421 Moderate severity
Dependency sprockets Version < 2.12.5 Upgrade to ~> 2.12.5
Defined in Gemfile.lock
Vulnerabilities
CVE-2018-3760 High severity
Dependency activeresource Version < 5.1.1 Upgrade to ~> 5.1.1
Defined in Gemfile.lock
Vulnerabilities
CVE-2020-8151 Moderate severity
Dependency actionpack Version >= 2.0.0 <= 5.2.4.5 Upgrade to ~> 5.2.4.6
Defined in Gemfile.lock
Vulnerabilities
CVE-2021-22904 High severity
CVE-2021-22885 High severity
Dependency rack Version < 1.5.4 Upgrade to ~> 1.5.4
Defined in Gemfile.lock
Vulnerabilities
CVE-2020-8184 High severity
CVE-2019-16782 Low severity
CVE-2015-3225 Moderate severity
CVE-2018-16471 Moderate severity
CVE-2020-8161 Moderate severity
Dependency json Version < 2.3.0 Upgrade to ~> 2.3.0
Defined in Gemfile.lock
Vulnerabilities
CVE-2020-10663 High severity
Dependency rdoc Version >= 3.11 < 6.3.1 Upgrade to ~> 6.3.1
Defined in Gemfile.lock
Vulnerabilities
CVE-2021-31799 High severity
Dependency nokogiri Version <= 1.12.4 Upgrade to ~> 1.12.5
Defined in Gemfile.lock
Vulnerabilities
CVE-2021-41098 High severity
Review all vulnerable dependencies

Always verify the validity and compatibility of suggestions with your codebase.


Change how you receive security alert emails in your notification preferences.

Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107

John Scott III

unread,
Sep 28, 2021, 10:46:51 AM9/28/21
to mil...@googlegroups.com
I’ll archive em

 Via phone
.... John Scott 
Ion Channel 
Ionchannel.io 

On Sep 28, 2021, at 10:40, Kit Plummer <kitpl...@gmail.com> wrote:


--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
 
www.mil-oss.org

---
You received this message because you are subscribed to the Google Groups "Military Open Source Software (Mil-OSS)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mil-oss/CAHUyvnoFjxEtuUhYrxS3CUx%3DDi4A3npK8c1zZbpqmcNYm9XBMg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages