spot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nate Smith <natedogs...@gmail.com>
Subject Re: [apache/incubator-spot] One of your dependencies may have a security vulnerability
Date Wed, 07 Feb 2018 21:13:52 GMT
SPOT-262 <https://issues.apache.org/jira/browse/SPOT-262> has been opened.
https://issues.apache.org/jira/browse/SPOT-262

Assuming this is true:
>>> update suggested: jquery ~> 3.0.0.

What version should we be using besides latest?

- Nathanael

> On Feb 7, 2018, at 1:44 PM, Nate Smith <nathanael@apache.org> wrote:
> 
> Thank you for the notice,
> I’m opening a Jira right now and will work at getting this addressed.
> 
> Is there a way I can make sure that we get these notifications in the future?
> This is the first email I’ve seen regarding this and I did not get a notice from GitHub
of course.
> 
> - Nathanael
> 
>> On Feb 7, 2018, at 12:32 PM, David Fisher <wave@apache.org <mailto:wave@apache.org>>
wrote:
>> 
>> Spot PPMC - You need to be responsive to security issues.
>> 
>> Regards,
>> Dave - your friendly Incubator Shepherd
>> 
>> On 2018/01/22 15:18:06, Greg Stein <gstein@gmail.com <mailto:gstein@gmail.com>>
wrote: 
>>> Spot PPMC: FYI
>>> 
>>> ---------- Forwarded message ----------
>>> From: GitHub <notifications@github.com <mailto:notifications@github.com>>
>>> Date: Mon, Jan 22, 2018 at 9:03 AM
>>> Subject: [apache/incubator-spot] One of your dependencies may have a
>>> security vulnerability
>>> To: apache/incubator-spot <incubator-spot@noreply.github.com <mailto:incubator-spot@noreply.github.com>>
>>> Cc: Security alert <security_alert@noreply.github.com <mailto:security_alert@noreply.github.com>>
>>> 
>>> 
>>> We found a potential security vulnerabilty in one of your dependencies
>>> [image: GitHub]
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFXpNVnxDBzHy5zafBWVEwERGy1xQvT1WcV4vjgRQjszChKlBJ5qTJzlnDY3mi-2F-2BK9eTXIWE1i6wEU0lB19we8K8Y7Op6j5-2BlaLLSGmQZwurq2iZQnLMwV3LaQCwryteuhbxMJl4-2F3AbesUtE2Nd6P-2BvmGa3id4nB3dY8qh5SD9EFQfCsIkP7w-2F6avraNPlR91
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFXpNVnxDBzHy5zafBWVEwERGy1xQvT1WcV4vjgRQjszChKlBJ5qTJzlnDY3mi-2F-2BK9eTXIWE1i6wEU0lB19we8K8Y7Op6j5-2BlaLLSGmQZwurq2iZQnLMwV3LaQCwryteuhbxMJl4-2F3AbesUtE2Nd6P-2BvmGa3id4nB3dY8qh5SD9EFQfCsIkP7w-2F6avraNPlR91>>
>>> Sign
>>> in
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFOKXdI41R-2FdpIP-2FcZP-2Bkll7zSX6qhyAbI-2BhpvzveN7FsSTXG7wtQ0f5obKWCAJmRgW-2BF279Fz-2BXwAyYO-2BDgU5Ux3z0nMd0Oxj-2BF0g9kBS6iCUOQrCqQHO5rwxz71Tg72zV14g-2FWbKwV9V-2Bpz60hdeL4Yj9SsjRrZBJTeRRn1ncqmPXZWsHq5Q1nkCUbFarHoE
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFOKXdI41R-2FdpIP-2FcZP-2Bkll7zSX6qhyAbI-2BhpvzveN7FsSTXG7wtQ0f5obKWCAJmRgW-2BF279Fz-2BXwAyYO-2BDgU5Ux3z0nMd0Oxj-2BF0g9kBS6iCUOQrCqQHO5rwxz71Tg72zV14g-2FWbKwV9V-2Bpz60hdeL4Yj9SsjRrZBJTeRRn1ncqmPXZWsHq5Q1nkCUbFarHoE>>
>>> *gstein,*
>>> 
>>> We found a potential security vulnerability in a repository which you have
>>> been granted security alert access.
>>> [image: @apache] apache/incubator-spot
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp20BdrR8TCONQc2kn5pucKDG_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFNqsg7wta17av-2FL0YAUtwssIKvIOLxgykpYL1GG8Cf-2FDtEy8HozRvfYZvwCNh0L4fUwB0hG7hob5ekkbrYDND0cxogI-2FwGoPycmiYYRJohy6r-2BgefjbcoxbDegvHwgqZQbR1QIn4mPCDA7F7e2xp6dInvAi6eIOn9wDYyowY94sc4WPHChVhA9T-2FatviMXQ5C
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp20BdrR8TCONQc2kn5pucKDG_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFNqsg7wta17av-2FL0YAUtwssIKvIOLxgykpYL1GG8Cf-2FDtEy8HozRvfYZvwCNh0L4fUwB0hG7hob5ekkbrYDND0cxogI-2FwGoPycmiYYRJohy6r-2BgefjbcoxbDegvHwgqZQbR1QIn4mPCDA7F7e2xp6dInvAi6eIOn9wDYyowY94sc4WPHChVhA9T-2FatviMXQ5C>>
>>> Known * moderate severity* security vulnerability detected in jquery < 3.0.0
>>> defined in package.json
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgQtZKOKCFJwe6y-2FnyqVctZ3JJeIyxf8pLRNasmiW-2FMivwRjAVPe4SAq-2Fq-2Fh3zlEeQ_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCF1S9PT4ovvowBY2RawiibfCUSwpASOu4K08TzjIn-2FDwcTA4B4iSfaZGEOPCzHglC984SEVjniu6-2F3-2FonDbw3hea4CfDzN2UI7iglva6cmGpmlWirRvsgjfpRavnwzKYOvsWQnSxsgRg80BQdn1-2BemwwFSrTUr1-2FLIe0WvRmYoSHqTkkZUTGDITf3LUTM6nz-2F2
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgQtZKOKCFJwe6y-2FnyqVctZ3JJeIyxf8pLRNasmiW-2FMivwRjAVPe4SAq-2Fq-2Fh3zlEeQ_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCF1S9PT4ovvowBY2RawiibfCUSwpASOu4K08TzjIn-2FDwcTA4B4iSfaZGEOPCzHglC984SEVjniu6-2F3-2FonDbw3hea4CfDzN2UI7iglva6cmGpmlWirRvsgjfpRavnwzKYOvsWQnSxsgRg80BQdn1-2BemwwFSrTUr1-2FLIe0WvRmYoSHqTkkZUTGDITf3LUTM6nz-2F2>>.
>>> 
>>> package.json
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgQtZKOKCFJwe6y-2FnyqVctZ3JJeIyxf8pLRNasmiW-2FMivwRjAVPe4SAq-2Fq-2Fh3zlEeQ_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCF8CBnza9vod-2FabzU0PRnJ6ZeADu4F5UdSgQ2TpNKzmbn5M4YqcH8nkL7X2b-2FfzujYAzgezfqql5NadDrrT2J04jOP2ci-2FIqEfZZAK8maQdiQpNW6fGpXcaWB6k-2B2ataOUw9HF3DGL-2BoEA7r0eg32YqQ8bwWuNJffoGkYXnXmIK22kKgAYvoph5t5mcbGLGnqm
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgQtZKOKCFJwe6y-2FnyqVctZ3JJeIyxf8pLRNasmiW-2FMivwRjAVPe4SAq-2Fq-2Fh3zlEeQ_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCF8CBnza9vod-2FabzU0PRnJ6ZeADu4F5UdSgQ2TpNKzmbn5M4YqcH8nkL7X2b-2FfzujYAzgezfqql5NadDrrT2J04jOP2ci-2FIqEfZZAK8maQdiQpNW6fGpXcaWB6k-2B2ataOUw9HF3DGL-2BoEA7r0eg32YqQ8bwWuNJffoGkYXnXmIK22kKgAYvoph5t5mcbGLGnqm>>
>>> update suggested: jquery ~> 3.0.0.
>>> Always verify the validity and compatibility of suggestions with your
>>> codebase.
>>> Review vulnerable dependency
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgpzgw0aBkXVPTTY7yOiDwVNADWsjF7Lux-2B9zjUKTDVSs-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFNOOmrgwayH-2FgXIecW0skGr2vzZIN6W6HGXfS667Ct72ixtGrRF6eiAFijdXoZ5WV8x7Ih2SUqDY5p4wmg31K-2B3Kd76YqT-2Bnz0ux4eoDzgq4AhSPF188z6liTteHRszVbs5LdVFRNYCbAHORemlD7h5-2ByGnjXfgMvLUN4JB7Lt1qFmq8-2Bgfj9stUYLFBN9LA-2F
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21gXpHKmHObT8WHTjVVKiQgpzgw0aBkXVPTTY7yOiDwVNADWsjF7Lux-2B9zjUKTDVSs-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFNOOmrgwayH-2FgXIecW0skGr2vzZIN6W6HGXfS667Ct72ixtGrRF6eiAFijdXoZ5WV8x7Ih2SUqDY5p4wmg31K-2B3Kd76YqT-2Bnz0ux4eoDzgq4AhSPF188z6liTteHRszVbs5LdVFRNYCbAHORemlD7h5-2ByGnjXfgMvLUN4JB7Lt1qFmq8-2Bgfj9stUYLFBN9LA-2F>>
>>> ------------------------------
>>> 
>>> Only users who have been assigned access to security alerts will receive
>>> these notifications.
>>> Unsubscribe
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEycC8GiHeVeKbyBlSXelaq7-2B2FbGU-2BXUHQ5RK4GmHXPw36h6PnNOHEmratVPZhRz6VLiRg8jwRr6OU6I4Q3kwzA-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFiIG1-2F-2B-2Fghm-2BZzyU-2BMAkdR8GeXwa22nGqtrFAH9Nv2mTq8ngf11z1bn8uXeIKWCeZ5FDLF1YDyL5dyD-2FQQ-2BGUyfDmySKH0HOCiDmCjZ4VNUDd74Zw5dDVS67Lv2jBKRpYXrd-2BGOlRIK2lP06DskAp1uNdqTqsttuB4k0XC2io3wUIx5uZqgTnjLJh-2FXDcItKU
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEycC8GiHeVeKbyBlSXelaq7-2B2FbGU-2BXUHQ5RK4GmHXPw36h6PnNOHEmratVPZhRz6VLiRg8jwRr6OU6I4Q3kwzA-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFiIG1-2F-2B-2Fghm-2BZzyU-2BMAkdR8GeXwa22nGqtrFAH9Nv2mTq8ngf11z1bn8uXeIKWCeZ5FDLF1YDyL5dyD-2FQQ-2BGUyfDmySKH0HOCiDmCjZ4VNUDd74Zw5dDVS67Lv2jBKRpYXrd-2BGOlRIK2lP06DskAp1uNdqTqsttuB4k0XC2io3wUIx5uZqgTnjLJh-2FXDcItKU>>
>>> · Email preferences
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFVtJqSkZhddzmJadQJMxJrUurBquyFqQHE3WTAgYaniMPmXLWklY6PmPrZlxP0id-2FnsXRZbKNQ9Nu8crIKoK96Py6ceVFcpzFI6ty6rYLjncewvzVin1cT3lTmtC-2FObcvd0IGTFGn8roRjuEy89MHNteAKUp5ShhDGnNd12X0Ov-2FUOIvac0zmanuPWRSDplZl
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFVtJqSkZhddzmJadQJMxJrUurBquyFqQHE3WTAgYaniMPmXLWklY6PmPrZlxP0id-2FnsXRZbKNQ9Nu8crIKoK96Py6ceVFcpzFI6ty6rYLjncewvzVin1cT3lTmtC-2FObcvd0IGTFGn8roRjuEy89MHNteAKUp5ShhDGnNd12X0Ov-2FUOIvac0zmanuPWRSDplZl>>
>>> · Terms
>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFWnuc5XF-2FCw3L-2BiJFKxBfZdiYBS-2Fe4Zg8HgvXpqyg4x-2BRuL-2FJTvzw9AneX124Z4vAduNmQitXSH3PVAsVoVDXJ83RrKMUs5-2FYYZvGuPXXLoZc-2FNBFkvwlewRKqIxQ93AxkPJxTH9nzS3VulEvCwx0aKOQ8LgYplRceW9XvoNqDih2Y5uC2YR5-2FYx1vc2lB1s6
<http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFWnuc5XF-2FCw3L-2BiJFKxBfZdiYBS-2Fe4Zg8HgvXpqyg4x-2BRuL-2FJTvzw9AneX124Z4vAduNmQitXSH3PVAsVoVDXJ83RrKMUs5-2FYYZvGuPXXLoZc-2FNBFkvwlewRKqIxQ93AxkPJxTH9nzS3VulEvCwx0aKOQ8LgYplRceW9XvoNqDih2Y5uC2YR5-2FYx1vc2lB1s6>>
>>> · Privacy
>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFOL21UPGR5CgSI2njTtd26AyorxjwdGR8rlPwmX461cgVCs80PYMLEAJd1BWRi2HmmjMp3nJNe0gyzQ6ujtg995SLyYGh667cP0yC43z8Hw4kTtiO5h7Fsf1M9536JGRQtEVP1LCjdBIfC-2FMaEECwuXYyOiVXD9MN0gtfyRW3l-2F0tpBuBjW2F6PJxnHjzMVh8
<http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFOL21UPGR5CgSI2njTtd26AyorxjwdGR8rlPwmX461cgVCs80PYMLEAJd1BWRi2HmmjMp3nJNe0gyzQ6ujtg995SLyYGh667cP0yC43z8Hw4kTtiO5h7Fsf1M9536JGRQtEVP1LCjdBIfC-2FMaEECwuXYyOiVXD9MN0gtfyRW3l-2F0tpBuBjW2F6PJxnHjzMVh8>>
>>> · Sign into GitHub
>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFVueLdQs6hZ7i82KzMD47H-2FXV3uTSuEpgZI2PS1wIGME9rI3jsoHJNhIMt4CVgMPQkrPuSKtkqrs3rewge-2FzsMW6t3SggkydcgRwosldZO657DxLnTnhSioaoETNBiYjBFA8rdOHRI94QzVX7V-2FT6DsmuIRIQNvTuauhklECjPeL5eXbFeXHFnAzUL0GkWOID
<http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZL4lRLVekrLGvsUoIhNAGCFVueLdQs6hZ7i82KzMD47H-2FXV3uTSuEpgZI2PS1wIGME9rI3jsoHJNhIMt4CVgMPQkrPuSKtkqrs3rewge-2FzsMW6t3SggkydcgRwosldZO657DxLnTnhSioaoETNBiYjBFA8rdOHRI94QzVX7V-2FT6DsmuIRIQNvTuauhklECjPeL5eXbFeXHFnAzUL0GkWOID>>
>>> 
>>> GitHub, Inc.
>>> 88 Colin P Kelly Jr St.
>>> San Francisco, CA 94107
>>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g
<https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g>>
>>> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message