One of your dependencies may have a security vulnerability #8
Comments
|
For context, we recently split the LPDM repository into two. LPDM has the
CBERD/Volttron code. The new LPD one has CERC code.
I thought that we had already completed the split so that none of us would
have been working in LPDM in the last few days. That said, I had thought
that LPDM was archived for the time being so am not sure who would have
done edits. I am not a github expert or even amateur.
…--Bruce
On Wed, Apr 17, 2019 at 11:13 AM RDmitchell ***@***.***> wrote:
@CJKohler <https://github.com/CJKohler> / @StephenCzarnecki
<https://github.com/StephenCzarnecki> -- I am putting this in an issue
because I don't know who all the contributors are. Maybe you already got
this email, but here is the content -- there were several of them
LBNL-ETA/LPDM
Known moderate severity security vulnerability detected in morgan <
1.9.1 defined in package.json.package.json update suggested: morgan ~>
1.9.1.Always verify the validity and compatibility of suggestions with your
codebase. Known moderate severity security vulnerability detected
in morgan < 1.9.1 defined in package.json.
Known moderate severity security vulnerability detected in morgan <
1.9.1 defined in package.json.
package.json update suggested: morgan ~> 1.9.1.
Always verify the validity and compatibility of suggestions with your
codebase.
LBNL-ETA/LPDM
Known high severity security vulnerability detected in Jinja2 <
2.10.1 defined in requirements.txt.requirements.txt update
suggested: Jinja2 ~> 2.10.1.Always verify the validity and compatibility of
suggestions with your codebase. Known high severity security
vulnerability detected in Jinja2 < 2.10.1 defined in requirements.txt.
Known high severity security vulnerability detected in Jinja2 <
2.10.1 defined in requirements.txt.
requirements.txt update suggested: Jinja2 ~> 2.10.1.
Always verify the validity and compatibility of suggestions with your
codebase.
LBNL-ETA/LPDM
Known high severity security vulnerability detected in paramiko >= 2.1.0,
< 2.1.5defined in requirements.txt.requirements.txt update
suggested: paramiko ~> 2.1.5.Always verify the validity and compatibility
of suggestions with your codebase. Known high severity security
vulnerability detected in paramiko >= 2.1.0, < 2.1.5defined
in requirements.txt.
Known high severity security vulnerability detected in paramiko >= 2.1.0,
< 2.1.5defined in requirements.txt.
requirements.txt update suggested: paramiko ~> 2.1.5.
Always verify the validity and compatibility of suggestions with your
codebase.
LBNL-ETA/LPDM
Known high severity security vulnerability detected in paramiko >= 2.1.0,
< 2.1.6defined in requirements.txt.requirements.txt update
suggested: paramiko ~> 2.1.6.Always verify the validity and compatibility
of suggestions with your codebase. Known high severity security
vulnerability detected in paramiko >= 2.1.0, < 2.1.6defined
in requirements.txt.
Known high severity security vulnerability detected in paramiko >= 2.1.0,
< 2.1.6defined in requirements.txt.
requirements.txt update suggested: paramiko ~> 2.1.6.
Always verify the validity and compatibility of suggestions with your
codebase.
LBNL-ETA/LPDM
Known moderate severity security vulnerability detected in requests <=
2.19.1defined in requirements.txt.requirements.txt update
suggested: requests ~> 2.20.0.Always verify the validity and compatibility
of suggestions with your codebase Known moderate severity security
vulnerability detected in requests <= 2.19.1defined in requirements.txt.
Known moderate severity security vulnerability detected in requests <=
2.19.1defined in requirements.txt.
requirements.txt update suggested: requests ~> 2.20.0.
Always verify the validity and compatibility of suggestions with your
codebase
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#8>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACJLHH4LMXNLRMWNWMSJDTLPQ5SDJANCNFSM4HGWUB2Q>
.
--
*Bruce Nordman*
Lawrence Berkeley National Laboratory
*nordman.lbl.gov <http://nordman.lbl.gov>*
BNordman@LBL.gov
510-486-7089
m: 510-501-7943
|
|
Hi,
I made these edits.
I have make CBERD the default branch and I have responded to these security
vulnerabilities.
Some older version of the nodejs (package.json) and python
(requirements.txt) dependencies for the dashboard were flagged by github
and I've upgraded the requirements and thus have handled the
vulnerabilities.
It'd be useful if someone can check if the code still works with the new
version of these dependencies though.
Thanks
Anand
…On Wed, Apr 17, 2019 at 11:38 AM Bruce Nordman ***@***.***> wrote:
For context, we recently split the LPDM repository into two. LPDM has the
CBERD/Volttron code. The new LPD one has CERC code.
I thought that we had already completed the split so that none of us would
have been working in LPDM in the last few days. That said, I had thought
that LPDM was archived for the time being so am not sure who would have
done edits. I am not a github expert or even amateur.
--Bruce
On Wed, Apr 17, 2019 at 11:13 AM RDmitchell ***@***.***>
wrote:
> @CJKohler <https://github.com/CJKohler> / @StephenCzarnecki
> <https://github.com/StephenCzarnecki> -- I am putting this in an issue
> because I don't know who all the contributors are. Maybe you already got
> this email, but here is the content -- there were several of them
> LBNL-ETA/LPDM
> Known moderate severity security vulnerability detected in morgan <
> 1.9.1 defined in package.json.package.json update suggested: morgan ~>
> 1.9.1.Always verify the validity and compatibility of suggestions with your
> codebase. Known moderate severity security vulnerability detected
> in morgan < 1.9.1 defined in package.json.
> Known moderate severity security vulnerability detected in morgan <
> 1.9.1 defined in package.json.
> package.json update suggested: morgan ~> 1.9.1.
> Always verify the validity and compatibility of suggestions with your
> codebase.
> LBNL-ETA/LPDM
> Known high severity security vulnerability detected in Jinja2 <
> 2.10.1 defined in requirements.txt.requirements.txt update
> suggested: Jinja2 ~> 2.10.1.Always verify the validity and compatibility of
> suggestions with your codebase. Known high severity security
> vulnerability detected in Jinja2 < 2.10.1 defined in requirements.txt.
> Known high severity security vulnerability detected in Jinja2 <
> 2.10.1 defined in requirements.txt.
> requirements.txt update suggested: Jinja2 ~> 2.10.1.
> Always verify the validity and compatibility of suggestions with your
> codebase.
> LBNL-ETA/LPDM
> Known high severity security vulnerability detected in paramiko >= 2.1.0,
> < 2.1.5defined in requirements.txt.requirements.txt update
> suggested: paramiko ~> 2.1.5.Always verify the validity and compatibility
> of suggestions with your codebase. Known high severity security
> vulnerability detected in paramiko >= 2.1.0, < 2.1.5defined
> in requirements.txt.
> Known high severity security vulnerability detected in paramiko >= 2.1.0,
> < 2.1.5defined in requirements.txt.
> requirements.txt update suggested: paramiko ~> 2.1.5.
> Always verify the validity and compatibility of suggestions with your
> codebase.
> LBNL-ETA/LPDM
> Known high severity security vulnerability detected in paramiko >= 2.1.0,
> < 2.1.6defined in requirements.txt.requirements.txt update
> suggested: paramiko ~> 2.1.6.Always verify the validity and compatibility
> of suggestions with your codebase. Known high severity security
> vulnerability detected in paramiko >= 2.1.0, < 2.1.6defined
> in requirements.txt.
> Known high severity security vulnerability detected in paramiko >= 2.1.0,
> < 2.1.6defined in requirements.txt.
> requirements.txt update suggested: paramiko ~> 2.1.6.
> Always verify the validity and compatibility of suggestions with your
> codebase.
> LBNL-ETA/LPDM
> Known moderate severity security vulnerability detected in requests <=
> 2.19.1defined in requirements.txt.requirements.txt update
> suggested: requests ~> 2.20.0.Always verify the validity and compatibility
> of suggestions with your codebase Known moderate severity security
> vulnerability detected in requests <= 2.19.1defined in requirements.txt.
> Known moderate severity security vulnerability detected in requests <=
> 2.19.1defined in requirements.txt.
> requirements.txt update suggested: requests ~> 2.20.0.
> Always verify the validity and compatibility of suggestions with your
> codebase
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#8>, or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ACJLHH4LMXNLRMWNWMSJDTLPQ5SDJANCNFSM4HGWUB2Q>
> .
>
--
*Bruce Nordman*
Lawrence Berkeley National Laboratory
*nordman.lbl.gov <http://nordman.lbl.gov>*
***@***.***
510-486-7089
m: 510-501-7943
--
Anand Krishnan Prakash
Lawrence Berkeley National Laboratory
1 Cyclotron Road (Office 90-2056E), Berkeley CA 94720
akprakash@lbl.gov
412-983-2256
|
|
Closing the this issue because it has been resolved with this commit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@CJKohler / @StephenCzarnecki -- I am putting this in an issue because I don't know who all the contributors are. Maybe you already got this email, but here is the content -- there were several of them
The text was updated successfully, but these errors were encountered: