Security updates by github-actions[bot] · Pull Request #2 · vivarium-collective/vEcoli-spatial-voronoi

github-actions · 2025-12-02T00:58:01Z

Security Vulnerability Report

Generated on: 2026-03-05 01:13:37

Summary

Found vulnerabilities in 14 packages requiring updates.

Package Upgrades Overview

Package	Current Version	Recommended Version	Vulnerabilities
aiohttp	3.12.14	3.13.3	8
biopython	1.85	Unknown	1
filelock	3.18.0	3.20.3	2
fonttools	4.58.4	4.60.2	1
marimo	0.14.7	0.16.4	1
nbconvert	7.16.6	7.17.0	1
orjson	3.10.18	Unknown	1
pillow	11.3.0	12.1.1	1
protobuf	6.31.1	6.33.5	1
pyasn1	0.6.1	0.6.2	1
pymdown-extensions	10.16	10.16.1	1
starlette	0.47.2	0.49.1	1
urllib3	2.5.0	2.6.3	3
virtualenv	20.31.2	20.36.1	1

Detailed Vulnerability Information

aiohttp (v3.12.14)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-69223	3.13.3	GHSA-6mq8-rvhq-8wgg
CVE-2025-69224	3.13.3	GHSA-69f9-5gxw-wvc2
CVE-2025-69228	3.13.3	GHSA-6jhg-hg63-jvvf
CVE-2025-69229	3.13.3	GHSA-g84x-mcqj-x9qq
CVE-2025-69230	3.13.3	GHSA-fh55-r93g-j68g
CVE-2025-69226	3.13.3	GHSA-54jq-c3m8-4m76
CVE-2025-69227	3.13.3	GHSA-jj3x-wxrx-4x23
CVE-2025-69225	3.13.3	GHSA-mqqc-3gqh-h2x8

biopython (v1.85)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68463		GHSA-x3vf-39hj-gxr4

filelock (v3.18.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68146	3.20.1	GHSA-w853-jp5j-5j7f
CVE-2026-22701	3.20.3	GHSA-qmgc-5h2g-mvrw

fonttools (v4.58.4)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-66034	4.60.2	GHSA-768j-98cg-p3fv

marimo (v0.14.7)

Vulnerability ID	Fix Versions	Aliases
GHSA-xjv7-6w92-42r7	0.16.4

nbconvert (v7.16.6)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-53000	7.17.0	GHSA-xm59-rqc7-hhvf

orjson (v3.10.18)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-67221		GHSA-hx9q-6w63-j58v

pillow (v11.3.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-25990	12.1.1	GHSA-cfh3-3jmp-rvhc, BIT-pillow-2026-25990

protobuf (v6.31.1)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-0994	5.29.6, 6.33.5	GHSA-7gcm-g887-7qv7

pyasn1 (v0.6.1)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-23490	0.6.2	GHSA-63vm-454h-vhhq

pymdown-extensions (v10.16)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68142	10.16.1	GHSA-r6h4-mm7h-8pmq

starlette (v0.47.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-62727	0.49.1	GHSA-7f5h-v6xp-fcq8

urllib3 (v2.5.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-66418	2.6.0	GHSA-gm62-xv2j-4w53
CVE-2025-66471	2.6.0	GHSA-2xpw-w6gg-jr37
CVE-2026-21441	2.6.3	GHSA-38jv-5279-wg99

virtualenv (v20.31.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-22702	20.36.1	BIT-virtualenv-2026-22702, GHSA-597g-3phw-6986

Recommended Actions

Review the vulnerability details above.
Close and reopen this PR to trigger CI/CD tests.
Approve and merge the PR if everything looks good.

This report was generated automatically. Please verify all upgrades before applying.

github-actions bot force-pushed the security-updates branch 4 times, most recently from 6fb065d to bdaf4d4 Compare December 10, 2025 00:59

github-actions bot force-pushed the security-updates branch 2 times, most recently from 9caef3c to 1199f28 Compare December 17, 2025 00:55

github-actions bot force-pushed the security-updates branch from 1199f28 to b73aa7e Compare December 24, 2025 00:59

github-actions bot force-pushed the security-updates branch 3 times, most recently from 0a21c05 to 3058ba2 Compare January 8, 2026 01:00

github-actions bot force-pushed the security-updates branch 3 times, most recently from 14ef42f to d6a66d1 Compare January 20, 2026 01:00

github-actions bot force-pushed the security-updates branch 4 times, most recently from 5bdbd29 to e95e873 Compare February 4, 2026 01:10

github-actions bot force-pushed the security-updates branch 2 times, most recently from e404da0 to b31e28a Compare February 12, 2026 01:16

fix(security): update package versions

e016c6c

github-actions bot force-pushed the security-updates branch from b31e28a to e016c6c Compare February 24, 2026 01:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security updates#2

Security updates#2
github-actions[bot] wants to merge 1 commit intomaya_ptools_vizfrom
security-updates

github-actions bot commented Dec 2, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

github-actions bot commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Security Vulnerability Report

Summary

Package Upgrades Overview

Detailed Vulnerability Information

aiohttp (v3.12.14)

biopython (v1.85)

filelock (v3.18.0)

fonttools (v4.58.4)

marimo (v0.14.7)

nbconvert (v7.16.6)

orjson (v3.10.18)

pillow (v11.3.0)

protobuf (v6.31.1)

pyasn1 (v0.6.1)

pymdown-extensions (v10.16)

starlette (v0.47.2)

urllib3 (v2.5.0)

virtualenv (v20.31.2)

Recommended Actions

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

github-actions bot commented Dec 2, 2025 •

edited

Loading