[PageOneX] [dev] Fwd: [numeroteca/pageonex] One of your dependencies may have a security vulnerability

Rafael Porres Molina rporres at gmail.com
Mon Jan 15 09:25:39 EST 2018


2018-01-15 15:21 GMT+01:00 pablo rey <pablo at basurama.org>:

> Hey, we have some vulnerable dependencies to update. I'll try to solve
> them asap.
>
> In case you can give a hand, ping me!
>

Nokogiri is a tricky lib to update as it depends on libxml2. Tomorrow I can
give you a hand if you need, Pablo.

Cheers,

Rafa


>
> ---------- Forwarded message ----------
> From: GitHub <notifications at github.com>
> Date: 15 January 2018 at 14:51
> Subject: [numeroteca/pageonex] One of your dependencies may have a
> security vulnerability
> To: numeroteca/pageonex <pageonex at noreply.github.com>
> Cc: Security alert <security_alert at noreply.github.com>
>
>
> We found a potential security vulnerabilty in one of your dependencies
> [image: GitHub]
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEWME0HPrt1BQ5PnvsDPqB31-2FSQrz4-2FYngQJvb-2BL9vudfBRIwEXt-2BhkxJNLWWdSynb5HCNmd8OQj2XTtdKBu217X88i0EHPAGTGCQihoTF4X7A2FT-2B1Whl-2FJjJhTzBo6CU-2FmtmQVPuHXw-2F954l-2BUD-2Bl30EnkMWyPHUGRb2z-2BANzNrM7fqUAL6aKH5AquNrWFmc> Sign
> in
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEGUbj72Rr0lcYlYl8v2Wqmu7bu000lc3cKnmkfRKKtJT3Rdmu1Q9GLa-2BsR7ylHWL0LL3-2F7j75zqLh0kUCup-2FOfDk4uB0N9PtQkHrjMBp8ycFYnuWX3LbX8MrhqodVMD7f5eg4eq7KtxQ8M9LNdhl8iS8DGyW7SYIE7eZxXLIBndtbeEsCkIbtJMzsbx45jQ4r>
> *numeroteca,*
>
> We found a potential security vulnerability in a repository which you have
> been granted security alert access.
> [image: @numeroteca] numeroteca/pageonex
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMYCXGTcqK4xebAWLnxjNknJ_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzKYRb4D2iRhp3lrgnMb9IB8bc2kJKaf3g0pA-2F5hxLYAqLReX6fyuWy23SeMXXzxa2ilzKZHogq4zhOL-2F4X-2FIUWQv4FUpz8DVhArktIVVROX87wZwQEUB1iEOe4ygJSD5-2B1ynyyrBTEPf8kF1bH8WQ8yEDEcint-2Fi6bc6RoCxhANVmuv2jMsG-2BnWj57tQayFG>
> Known * critical severity* security vulnerability detected in nokogiri <
> 1.8.1 defined in Gemfile.lock
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEZbRbhjK9e6N0NN02BTGSzqrj4TzMF6jh7OgPUfowyotfvkYPlA4EnzY6U-2FIBoDl-2FtC8Sw8Kwiq9VUVXFM0P4fL-2F3TCAI6v2DSH-2FehPQAhk140hv3bvggprKeHvqvI5UphFfeWwNoUZQXpGFMtHPEkIIU-2BCsGIJwgugEfd6M6vNlSwwipkMuHwDA71-2BdZ0mg-2B>.
>
> Gemfile.lock
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE-2BsxbqfhteWKf8d-2FqJZPkQqruHZ2-2BwP12Ece325ZKjhV2ll1xkXfF0fteUVwFlvpqqoM8A6SjNh-2FNtZVh3b0sH65JOHJLZrB-2BhhusTR9g-2FMNsnR1La-2FN-2B-2BhPDJAdArfM-2BYDS1MoJY7C3cupyJGA1SHCR2MJm5xBi6Dk-2B2uPXt5UI7c-2FyBXXeMGd2-2B3L2NPaMP>
> update suggested: nokogiri ~> 1.8.1.
> Always verify the validity and compatibility of suggestions with your
> codebase.
> Review vulnerable dependency
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMaQyBBgEH-2FcP5LeWGABnqQouCNX4H4MC3kTYw2uQev6oJZUKeGpVSPrdZUpUQzeBi8-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEe6hRrmessZ93BTPxlMU-2F1LhAUElodhWD78yaoEIab5lSWmMWsb3O2xIYL7TXv38H-2F85ET4BChStjAoH9i7qz-2BunqAfMhu2eqpZ6xXIec8Z4yJSblC9-2Bfl-2BFyCF3HfvtIMw5ZAtPP0pPCJHJRRmJcDADDApVhMg7qWiOUlyBBuv0xrpvbL4Y7FTsaoH2T7zhP>
> ------------------------------
>
> Only users who have been assigned access to security alerts will receive
> these notifications.
> Unsubscribe
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEGbP5MCHG9kw1Zc3ERxuKjJkCw-2BPOnGAsm4icCQea1udRnB-2FuR6ghUyIT0Dm6IUuyoxvPoy7VEkLcu8rH2Hgm1A-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEIkpmP3DJpxkggWd5dgOv630oRXhfmQT8MagpVyZBVXwSai7AEWtUwY3VlsO6-2FR7E7f37djsi3agEJ1EXyePVNrVCtMuKOrasqzh0y1boQN2FiDpmRU3SgkrnHSlE2D-2Bqf8todHLq3MNJNIMLa6JDMmDgV7tcqR2hAiMppDksGCuU5jlpnWbYUD6WDRE-2Behx5>
> · Email preferences
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEK-2Fx9K2djWxRcWPvK4-2Fywh3fs9I8lPPwL-2Bunb-2Bl847DD4nPVrPXWjZN8WtReBIDBkYF9rgSvsb2HqPHBTcppxudiPojE-2FLkBArlY7lAeR6AL9gGMhfmZnT2eU818-2BV0KFt8DHUfhvu-2FjcN-2BmEEFolciLQaIgNiSmEJVeLridEocuUi3FOfaZdAqLBNnDDoozP>
> · Terms
> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzbG6Ok-2Be5yUa0OAOO-2B2ZklgsT2LEEn8VvW55SZ-2FhkhwB3I6kduYN9MSqBHLL9lOZA5uhl2KyEJMsIgF6BVZGitm2v4SYUo14Z9gPRQeWUlKMz0K6kv6hSAbt2m1lXIG5pqwTig1ZmWNRznnxvRJyZv0J2LY2xST0NaE-2FgLBGqsZGN-2B-2FMU2zLzWDwfydsN42n>
> · Privacy
> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEpkDqKOvRc47v9XberbHQlA9kTchSucxCU-2Fhhlm-2B-2Fx3T0uVgSbxUiCdfRlbPjBhUJtcHGdfnstI3luusBTGGR3cNAJyzwrBdpkagAeD1JPOOvEdTlkNICGQsO5nO-2FjUwwhY7Dtk2IdkNpxYTbWMv5DxeuccxfotoXdzMn7ImnH15sgHVAYFdCtSxbugU0KfEG>
> · Sign into GitHub
> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE7VSsoicY17Toubo6I4aPm7lpmTSvCDGiq-2FOYU9dL-2FuRymue1Hdvy2KjwrWK7V90TSOEGyLVfhWrvwenj1vOB37IlnPIA-2FN-2BOmaXAeqv2bzf0UM-2FNZhp3pKkWRhbgk54S6Y37MRB7eU5kUrY1GzvxLPE3fs0Gelex6o2riQ6suu8LQlMiEzKIh2YGcwkqccS-2B>
>
> GitHub, Inc.
> 88 Colin P Kelly Jr St.
> San Francisco, CA 94107
> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g>
>
>
> _______________________________________________
> Pageonexdev mailing list
> Pageonexdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/pageonexdev/attachments/20180115/11d16937/attachment-0001.html


More information about the Pageonexdev mailing list