Fwd: [redsleeve-linux/el7] Your repository has dependencies with security vulnerabilities

8 views
Skip to first unread message

Gordan Bobic

unread,
Apr 23, 2023, 6:14:26 PM4/23/23
to redsleeve-users, Jacco Ligthart


---------- Forwarded message ---------
From: GitHub <notifi...@github.com>
Date: Sun, Apr 23, 2023 at 11:33 PM
Subject: [redsleeve-linux/el7] Your repository has dependencies with security vulnerabilities
To: redsleeve-linux/el7 <e...@noreply.github.com>
Cc: Security alert <securit...@noreply.github.com>


 
GitHub

Dependabot was enabled on redsleeve-linux/el7 and found 1 vulnerable dependency

 
 

Dependabot found vulnerable dependencies

 
View all alerts
 

openssl
389-ds-base/SOURCES/Cargo.lock

High severity
 
 

You are receiving this email because your repository has Dependabot enabled. If you want to ship secure code, make sure it is enabled on all your important repositories.

 

Sign in to GitHubTermsPrivacyNotification settings

 

GitHub, Inc. ・88 Colin P Kelly Jr Street ・San Francisco, CA 94107
                                                           

Jacco Ligthart

unread,
Apr 24, 2023, 6:09:58 PM4/24/23
to redslee...@googlegroups.com

Hi Gordan,


I had also warnings about passwords in the commits.

however, these files are just the same as upstream:

https://git.centos.org/rpms/389-ds-base/blob/c7/f/SOURCES/Cargo.lock


I think we trigger some false positives, just by aligning with upstream


Jacco

--
You received this message because you are subscribed to the Google Groups "redsleeve-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redsleeve-use...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/redsleeve-users/CAMx4oe2Jc5uZXU7F_PpusZ4qda2JHBbBrCjqkQi1EJVOfmCVZA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages