[PageOneX] [dev] Fwd: [numeroteca/pageonex] One of your dependencies may have a security vulnerability

pablo rey pablo at basurama.org
Mon Jan 15 11:47:33 EST 2018


Thanks Rafa, I'll try and report what I find.
best,
p

On 15 January 2018 at 15:25, Rafael Porres Molina <rporres at gmail.com> wrote:

>
> 2018-01-15 15:21 GMT+01:00 pablo rey <pablo at basurama.org>:
>
>> Hey, we have some vulnerable dependencies to update. I'll try to solve
>> them asap.
>>
>> In case you can give a hand, ping me!
>>
>
> Nokogiri is a tricky lib to update as it depends on libxml2. Tomorrow I
> can give you a hand if you need, Pablo.
>
> Cheers,
>
> Rafa
>
>
>>
>> ---------- Forwarded message ----------
>> From: GitHub <notifications at github.com>
>> Date: 15 January 2018 at 14:51
>> Subject: [numeroteca/pageonex] One of your dependencies may have a
>> security vulnerability
>> To: numeroteca/pageonex <pageonex at noreply.github.com>
>> Cc: Security alert <security_alert at noreply.github.com>
>>
>>
>> We found a potential security vulnerabilty in one of your dependencies
>> [image: GitHub]
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEWME0HPrt1BQ5PnvsDPqB31-2FSQrz4-2FYngQJvb-2BL9vudfBRIwEXt-2BhkxJNLWWdSynb5HCNmd8OQj2XTtdKBu217X88i0EHPAGTGCQihoTF4X7A2FT-2B1Whl-2FJjJhTzBo6CU-2FmtmQVPuHXw-2F954l-2BUD-2Bl30EnkMWyPHUGRb2z-2BANzNrM7fqUAL6aKH5AquNrWFmc> Sign
>> in
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEGUbj72Rr0lcYlYl8v2Wqmu7bu000lc3cKnmkfRKKtJT3Rdmu1Q9GLa-2BsR7ylHWL0LL3-2F7j75zqLh0kUCup-2FOfDk4uB0N9PtQkHrjMBp8ycFYnuWX3LbX8MrhqodVMD7f5eg4eq7KtxQ8M9LNdhl8iS8DGyW7SYIE7eZxXLIBndtbeEsCkIbtJMzsbx45jQ4r>
>> *numeroteca,*
>>
>> We found a potential security vulnerability in a repository which you
>> have been granted security alert access.
>> [image: @numeroteca] numeroteca/pageonex
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMYCXGTcqK4xebAWLnxjNknJ_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzKYRb4D2iRhp3lrgnMb9IB8bc2kJKaf3g0pA-2F5hxLYAqLReX6fyuWy23SeMXXzxa2ilzKZHogq4zhOL-2F4X-2FIUWQv4FUpz8DVhArktIVVROX87wZwQEUB1iEOe4ygJSD5-2B1ynyyrBTEPf8kF1bH8WQ8yEDEcint-2Fi6bc6RoCxhANVmuv2jMsG-2BnWj57tQayFG>
>> Known * critical severity* security vulnerability detected in nokogiri <
>> 1.8.1 defined in Gemfile.lock
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEZbRbhjK9e6N0NN02BTGSzqrj4TzMF6jh7OgPUfowyotfvkYPlA4EnzY6U-2FIBoDl-2FtC8Sw8Kwiq9VUVXFM0P4fL-2F3TCAI6v2DSH-2FehPQAhk140hv3bvggprKeHvqvI5UphFfeWwNoUZQXpGFMtHPEkIIU-2BCsGIJwgugEfd6M6vNlSwwipkMuHwDA71-2BdZ0mg-2B>.
>>
>> Gemfile.lock
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE-2BsxbqfhteWKf8d-2FqJZPkQqruHZ2-2BwP12Ece325ZKjhV2ll1xkXfF0fteUVwFlvpqqoM8A6SjNh-2FNtZVh3b0sH65JOHJLZrB-2BhhusTR9g-2FMNsnR1La-2FN-2B-2BhPDJAdArfM-2BYDS1MoJY7C3cupyJGA1SHCR2MJm5xBi6Dk-2B2uPXt5UI7c-2FyBXXeMGd2-2B3L2NPaMP>
>> update suggested: nokogiri ~> 1.8.1.
>> Always verify the validity and compatibility of suggestions with your
>> codebase.
>> Review vulnerable dependency
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMaQyBBgEH-2FcP5LeWGABnqQouCNX4H4MC3kTYw2uQev6oJZUKeGpVSPrdZUpUQzeBi8-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEe6hRrmessZ93BTPxlMU-2F1LhAUElodhWD78yaoEIab5lSWmMWsb3O2xIYL7TXv38H-2F85ET4BChStjAoH9i7qz-2BunqAfMhu2eqpZ6xXIec8Z4yJSblC9-2Bfl-2BFyCF3HfvtIMw5ZAtPP0pPCJHJRRmJcDADDApVhMg7qWiOUlyBBuv0xrpvbL4Y7FTsaoH2T7zhP>
>> ------------------------------
>>
>> Only users who have been assigned access to security alerts will receive
>> these notifications.
>> Unsubscribe
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEGbP5MCHG9kw1Zc3ERxuKjJkCw-2BPOnGAsm4icCQea1udRnB-2FuR6ghUyIT0Dm6IUuyoxvPoy7VEkLcu8rH2Hgm1A-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEIkpmP3DJpxkggWd5dgOv630oRXhfmQT8MagpVyZBVXwSai7AEWtUwY3VlsO6-2FR7E7f37djsi3agEJ1EXyePVNrVCtMuKOrasqzh0y1boQN2FiDpmRU3SgkrnHSlE2D-2Bqf8todHLq3MNJNIMLa6JDMmDgV7tcqR2hAiMppDksGCuU5jlpnWbYUD6WDRE-2Behx5>
>> · Email preferences
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEK-2Fx9K2djWxRcWPvK4-2Fywh3fs9I8lPPwL-2Bunb-2Bl847DD4nPVrPXWjZN8WtReBIDBkYF9rgSvsb2HqPHBTcppxudiPojE-2FLkBArlY7lAeR6AL9gGMhfmZnT2eU818-2BV0KFt8DHUfhvu-2FjcN-2BmEEFolciLQaIgNiSmEJVeLridEocuUi3FOfaZdAqLBNnDDoozP>
>> · Terms
>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzbG6Ok-2Be5yUa0OAOO-2B2ZklgsT2LEEn8VvW55SZ-2FhkhwB3I6kduYN9MSqBHLL9lOZA5uhl2KyEJMsIgF6BVZGitm2v4SYUo14Z9gPRQeWUlKMz0K6kv6hSAbt2m1lXIG5pqwTig1ZmWNRznnxvRJyZv0J2LY2xST0NaE-2FgLBGqsZGN-2B-2FMU2zLzWDwfydsN42n>
>> · Privacy
>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEpkDqKOvRc47v9XberbHQlA9kTchSucxCU-2Fhhlm-2B-2Fx3T0uVgSbxUiCdfRlbPjBhUJtcHGdfnstI3luusBTGGR3cNAJyzwrBdpkagAeD1JPOOvEdTlkNICGQsO5nO-2FjUwwhY7Dtk2IdkNpxYTbWMv5DxeuccxfotoXdzMn7ImnH15sgHVAYFdCtSxbugU0KfEG>
>> · Sign into GitHub
>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE7VSsoicY17Toubo6I4aPm7lpmTSvCDGiq-2FOYU9dL-2FuRymue1Hdvy2KjwrWK7V90TSOEGyLVfhWrvwenj1vOB37IlnPIA-2FN-2BOmaXAeqv2bzf0UM-2FNZhp3pKkWRhbgk54S6Y37MRB7eU5kUrY1GzvxLPE3fs0Gelex6o2riQ6suu8LQlMiEzKIh2YGcwkqccS-2B>
>>
>> GitHub, Inc.
>> 88 Colin P Kelly Jr St.
>> San Francisco, CA 94107
>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g>
>>
>>
>> _______________________________________________
>> Pageonexdev mailing list
>> Pageonexdev at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>>
>>
>
> _______________________________________________
> Pageonexdev mailing list
> Pageonexdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/pageonexdev/attachments/20180115/374d4f1b/attachment-0001.html


More information about the Pageonexdev mailing list