You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@taverna.apache.org by Stian Soiland-Reyes <st...@apache.org> on 2018/03/29 15:43:42 UTC

Re: [apache/incubator-taverna-databundle-viewer] One of your dependencies may have a security vulnerability

Any volunteers for a general update of ALL the modules of
taverna-databundle-viewer?I think this keeps happening because most of them
are out of date.

If not I suggest we retire the whole repository to Taverna Extras on GitHub
- it's not under active development (it was started as a GSOC project).

On 29 March 2018 at 16:42, Stian Soiland-Reyes <st...@apache.org> wrote:

> Thank you, we will review and fix. It seems this particular repository
> frequently appears in these GitHub reports, probably because of its Ruby
> nature.
>
>
> On 21 March 2018 at 23:17, Apache Security Team <se...@apache.org>
> wrote:
>
>> Hi Taverna PMC,
>>
>> FYI, the below was received by the security team.
>>
>> Regards,
>> Yann.
>>
>> ---------- Forwarded message ----------
>> From: GitHub <no...@github.com>
>> Date: Wed, Mar 21, 2018 at 2:11 PM
>> Subject: [apache/incubator-taverna-databundle-viewer] One of your
>> dependencies may have a security vulnerability
>> To: apache/incubator-taverna-databundle-viewer <
>> incubator-taverna-databundle-viewer@noreply.github.com>
>> Cc: Security alert <se...@noreply.github.com>
>>
>>
>> We found a potential security vulnerabilty in one of your dependencies
>> [image: GitHub]
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBG-2FogRcdXqHMmGs68zBIZMMO80oDMbBiqEP0Ab8X1nxh-2FXhlKG7ijNb-2BMO8wQH5YF1mRIPj8eKQtEvxe3XFVAlfN3NFabQMRC-2FPeaid4hr4N48qsxmHrO0rVJ34pDXG8v5m-2FDsnVxSmGzL1FrLthLinoIthM4Un3Vvs3BMdj0JdTvDDm4u0AIVjjz-2FSR-2FfD7TH> Sign
>> in
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGZmFFxj-2Bf4gbaIT1GIqs7Fg771ZKLem0ZrDprrfxKVDkktOfL-2BNpzRagDhgmwaW6GkxAhP-2Bk8m1lYKzcHK8V6bm2DASsdt045aa2eG-2Fjg1U8FZnhR-2BvtV3SArJLR1wptmU-2BVjUGWmJGxgDV0yLSxC2TbIuxNxvI4Rw1uqVO-2BC97rVnZSCUAl1ep34CL8cPfu-2F>
>> *asfsecurity,*
>>
>> We found a potential security vulnerability in a repository for which you
>> have been granted security alert access.
>> [image: @apache] apache/incubator-taverna-databundle-viewer
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21Jan87GsqhhM-2FOFgNpWRJuG8ww2z3Vue8xyibYb1owNq-2F8Jp6h-2BFjZmNQLVZvP6zo-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGST57nWHnyvKGOyg6DFXTGf24cInRL9WfPkgBHF0ZCBtMD6zL3dcSg2JE8qvf6PmpHLM24TE2p-2BwawgfMW1riMVJEWyIr53IIzOeqjpmddF1yDHCf1o5vYynkeHrRgLllnjWpx5MB0OQHfa-2BbwQeeSaeAHaISy8iKfni7vSkS7-2BDBJ1zyO9tt6Lb4OuBxZ1RC>
>> Known * moderate severity* security vulnerability detected in loofah <
>> 2.2.1 defined in Gemfile.lock
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21Jan87GsqhhM-2FOFgNpWRJuG8ww2z3Vue8xyibYb1owNrb8-2BdxHZQhvzgWaNPIBhfjhjoIGgRotZ84GspJMsazq_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGhgVMQxIx7N2bbf-2FekMTQkLc861dlkMwP7fNU4KAk6AobVZNFlf5uHDBGRMkr3BIaTr81llU-2FDZlUi1JDzp4FRcfgVaqX4epGT6YBeee1tEfAOrJMzom9vTVqy-2BWD6P02JO9gp3Zuy0bBEnMmThhM0KHs1a83mlARRMKHJ0fklfY2xIl-2BOCFG3FxoLC9WV1U-2B>.
>>
>> Gemfile.lock
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21Jan87GsqhhM-2FOFgNpWRJuG8ww2z3Vue8xyibYb1owNrb8-2BdxHZQhvzgWaNPIBhfjhjoIGgRotZ84GspJMsazq_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGPQjtKyo5RXFuRU1aa7KskadAl5FzksAMxBAXZnOQIaW5p1F6RLOaBQmQgddX9-2FV6VPstGBySwyXmQuEjA8iayk5-2FdKdgVDod3qD4yIyoTF99gLw2iE72yPwJhr1tetgsFmpqO-2BwlJpreU4zJd1wv2mjaQRn3FJVdyHM1KqLIxsAsxm42Rqs-2FagMaXrH2CP0l>
>> update suggested: loofah ~> 2.2.1.
>> Always verify the validity and compatibility of suggestions with your
>> codebase.
>> Review vulnerable dependency
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp21Jan87GsqhhM-2FOFgNpWRJuG8ww2z3Vue8xyibYb1owNqm9ogBOKll7uO11u5z-2FMokvZw42FrQExyhZrPvJ1sXe_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGq975ACwIadu5OTVLfUu376Xx0UbBtoM8NxjkziY3CERlVBojpW2ChxVOAHAA2Tg20iESm5cHXzw1jKzlBcScnkYWag2AqEYAVlrIOhZTp9hUTrUQulKyT-2FX3INc3z9Ks4vY0xaeEKwVjS4JguoVFhOoaed8ZwrG4xtjOaTRk-2BteRGK3AHKx7NELjZko1abNw>
>> ------------------------------
>>
>> Only users who have been assigned access to security alerts will receive
>> these notifications.
>> Unsubscribe
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEoYlAAeBV6ZUw9-2BzP3Afg0eqCyRJoBdypkXRH-2B1O5DQbzG-2BcNCRIfytLphSQs-2FWbzzcWl9NLMLJK1561Xp284pDihyuwTlGx00187oDz3wq4-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGFbIfsMvy7fiByN5HoX0Yl0RMOu3BlDvZa0CG4jkbDe-2F2bjS7kdZcsCumisLY0rs0jNg5jUzfSfrWRY9jBVc4EVXlLgCEPNKQkuhJpmyUPP3Y-2FOWJfBaZC287nS8PZrOu9tOumpsuPh6BSeZ5qWTW8vugNluVGY9rgxT6R3y4zILAX6J94JWZ3LRPWX4zw7hw>
>> · Email preferences
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBG-2B3WUIJ3vfeAK7AyPng1GrMVDglZr92hbViV4FHnrytYAq-2FOSjjsA5w509-2BjlyPfOrga1cLxhM89BgelfJxE2ig0T9NUyv1Ubdugb5KvdlLkEgtazVfFSWEzejyCBSqipMnjvaJXMx367NnzUTgWgg9jMN9NNmg50CkERKX5YnESQtstikurWLqK2fjhWa4CK>
>> · Terms
>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBG1z7OLdwZ-2B-2BGTZzgKyldnINMpl-2BzrN3CD1HL2B2yiDa43OAcVHK0yrmkGk32ckHVXXtu9Yy5xu5tlEB4YuVVyF0rvs-2B8cW3EMJz75rzpLDDvIXwHEWfmkVLQ935uPaV81YHG6Tj1TcWjKx9ecRMUFfIFsBvcDaxgsF-2FgPFq7phTPn946y38Zr1gmGFrrDeX-2FM>
>> · Privacy
>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGkZUALIa77RmAIdMlmSrci4curdu2STxoAc0FMx049gYoB4BTjyMlnKPV3kiBEkV-2BteptXaIIAePI3D-2Fb2VQ-2FZHRp9MQfCbNXDxkDoAPreswHTpx0-2BvmNAoBc0fNkF2b36gUK2lZs-2FhbbiXu6j-2FfEMX3oyWC3-2FkQ4sGsZmDQN48EQ4hrx2WKs8zTfo61WF4oT>
>> · Sign into GitHub
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_2A879vbSRvDFZPJYNFS2kpiO5-2Bet4KN8nFYuMlbXqQbkOWLwcH7-2BT-2Fm5nDyaV-2BBGZmFFxj-2Bf4gbaIT1GIqs7FvwejceMYASlPJzHy81Bn2dxLV5uttgx18ifPHr8drbnoywjF-2F1oxCXOcm3X-2BszaZZTMDGwVzDtEB0wXOQw4jyEU7igY2BANIeeGG87OQTTz2nFulBNIGi8FxpYGRuqEpNw3-2BDwRKdhwxwHPibLCi3PsEL58Z7i7cMtcwvRI3tf7SZ-2F7qFrtVLdX3TjD-2FGI1Lg-3D-3D>
>>
>> GitHub, Inc.
>> 88 Colin P Kelly Jr St.
>> San Francisco, CA 94107
>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D%0A+++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g>
>>
>>
>
>
> --
> Stian Soiland-Reyes
> http://orcid.org/0000-0001-9842-9718
>



-- 
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718