Fwd: Your Dependabot alerts for the week of Jun 9 - Jun 16

[Chet Ensign <chet.ensign@oasis-open.org>]

OpenC2, just FYI in case you didn't receive these. GitHub reports on vulnerabilities in some of your open repos.Â

/chet

---------- Forwarded message ---------
From: GitHub <noreply@github.com>
Date: Tue, Jun 16, 2020 at 9:48 AM
Subject: Your Dependabot alerts for the week of Jun 9 - Jun 16
To: Chet Ensign <chet.ensign@oasis-open.org>

Explore this week on GitHub

Âsecurity alert digest

chet-ensignâs repository security updates from the week of Jun 9 - Jun 16

OASIS TC Open Repositories organization

oasis-open / openc2-oif-orchestrator

Known security vulnerabilities detected

Dependency django	Version >= 2.0.0 < 2.2.11	Upgrade to ~> 2.2.11
Defined in requirements.txt		Suggested update #12
Vulnerabilities CVE-2020-9402 High severity CVE-2020-13254 Moderate severity CVE-2020-13596 Moderate severity

Review all vulnerable dependencies

oasis-open / openc2-lycan-java

Known security vulnerabilities detected

Dependency com.fasterxml.jackson.core:jackson-databind	Version >= 2.9.0 <= 2.9.10.3	Upgrade to ~> 2.9.10.4
Defined in pom.xml		Suggested update #14
Vulnerabilities CVE-2020-10672 Moderate severity CVE-2020-11620 Moderate severity CVE-2020-9546 Moderate severity CVE-2020-10969 Moderate severity CVE-2020-11619 Moderate severity View 7 more

Review all vulnerable dependencies

oasis-open / openc2-lycan-beam

Known security vulnerabilities detected

Dependency growl	Version < 1.10.0	Upgrade to ~> 1.10.0
Defined in package-lock.json
Vulnerabilities CVE-2017-16042 Critical severity

Dependency clean-css	Version < 4.1.11	Upgrade to ~> 4.1.11
Defined in package-lock.json
Vulnerabilities WS-2019-0017 Moderate severity

Dependency braces	Version < 2.3.1	Upgrade to ~> 2.3.1
Defined in package-lock.json
Vulnerabilities WS-2019-0019 Moderate severity

Dependency minimist	Version < 0.2.1	Upgrade to ~> 0.2.1
Defined in package-lock.json
Vulnerabilities CVE-2020-7598 Moderate severity

Dependency acorn	Version >= 5.5.0 < 5.7.4	Upgrade to ~> 5.7.4
Defined in package-lock.json
Vulnerabilities GHSA-6chw-6frg-f759 Moderate severity

Review all vulnerable dependencies

OASIS GitHub Repositories for TC Work organization

oasis-tcs / cxs-cdp

Known security vulnerabilities detected

Dependency apollo-server	Version < 2.14.2	Upgrade to ~> 2.14.2
Defined in package-lock.json		Suggested update #28
Vulnerabilities GHSA-w42g-7vfc-xf37 Moderate severity

Dependency apollo-server-core	Version < 2.14.2	Upgrade to ~> 2.14.2
Defined in package-lock.json
Vulnerabilities GHSA-w42g-7vfc-xf37 Moderate severity

Dependency apollo-server-express	Version < 2.14.2	Upgrade to ~> 2.14.2
Defined in package-lock.json
Vulnerabilities GHSA-w42g-7vfc-xf37 Moderate severity

Review all vulnerable dependencies

Always verify the validity and compatibility of suggestions with your codebase.

---

Change how you receive security alert emails in your notification preferences.

Unsubscribe  Email preferences  Terms  Privacy  Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107

--

/chetÂ
----------------

Chet Ensign

Chief Technical Community Steward
OASIS: Advancing open source & open standards for the information society
http://www.oasis-open.org

Mobile: +1 201-341-1393Â