Security updates by github-actions[bot] · Pull Request #2 · vivarium-collective/vEcoli

github-actions · 2025-07-15T01:38:30Z

Security Vulnerability Report

Generated on: 2026-03-05 01:54:25

Summary

Found vulnerabilities in 15 packages requiring updates.

Package Upgrades Overview

Package	Current Version	Recommended Version	Vulnerabilities
aiohttp	3.12.14	3.13.3	8
biopython	1.85	Unknown	1
filelock	3.18.0	3.20.3	2
fonttools	4.58.4	4.60.2	1
jupyterlab	4.4.3	4.4.8	1
marimo	0.14.7	0.16.4	1
nbconvert	7.16.6	7.17.0	1
orjson	3.10.18	Unknown	1
pillow	11.3.0	12.1.1	1
protobuf	6.31.1	6.33.5	1
pyasn1	0.6.1	0.6.2	1
pymdown-extensions	10.16	10.16.1	1
starlette	0.47.2	0.49.1	1
urllib3	2.5.0	2.6.3	3
virtualenv	20.31.2	20.36.1	1

Detailed Vulnerability Information

aiohttp (v3.12.14)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-69223	3.13.3	GHSA-6mq8-rvhq-8wgg
CVE-2025-69224	3.13.3	GHSA-69f9-5gxw-wvc2
CVE-2025-69228	3.13.3	GHSA-6jhg-hg63-jvvf
CVE-2025-69229	3.13.3	GHSA-g84x-mcqj-x9qq
CVE-2025-69230	3.13.3	GHSA-fh55-r93g-j68g
CVE-2025-69226	3.13.3	GHSA-54jq-c3m8-4m76
CVE-2025-69227	3.13.3	GHSA-jj3x-wxrx-4x23
CVE-2025-69225	3.13.3	GHSA-mqqc-3gqh-h2x8

biopython (v1.85)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68463		GHSA-x3vf-39hj-gxr4

filelock (v3.18.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68146	3.20.1	GHSA-w853-jp5j-5j7f
CVE-2026-22701	3.20.3	GHSA-qmgc-5h2g-mvrw

fonttools (v4.58.4)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-66034	4.60.2	GHSA-768j-98cg-p3fv

jupyterlab (v4.4.3)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-59842	4.4.8	BIT-jupyterlab-2025-59842, GHSA-vvfj-2jqx-52jm

marimo (v0.14.7)

Vulnerability ID	Fix Versions	Aliases
GHSA-xjv7-6w92-42r7	0.16.4

nbconvert (v7.16.6)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-53000	7.17.0	GHSA-xm59-rqc7-hhvf

orjson (v3.10.18)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-67221		GHSA-hx9q-6w63-j58v

pillow (v11.3.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-25990	12.1.1	BIT-pillow-2026-25990, GHSA-cfh3-3jmp-rvhc

protobuf (v6.31.1)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-0994	5.29.6, 6.33.5	GHSA-7gcm-g887-7qv7

pyasn1 (v0.6.1)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-23490	0.6.2	GHSA-63vm-454h-vhhq

pymdown-extensions (v10.16)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-68142	10.16.1	GHSA-r6h4-mm7h-8pmq

starlette (v0.47.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-62727	0.49.1	GHSA-7f5h-v6xp-fcq8

urllib3 (v2.5.0)

Vulnerability ID	Fix Versions	Aliases
CVE-2025-66418	2.6.0	GHSA-gm62-xv2j-4w53
CVE-2025-66471	2.6.0	GHSA-2xpw-w6gg-jr37
CVE-2026-21441	2.6.3	GHSA-38jv-5279-wg99

virtualenv (v20.31.2)

Vulnerability ID	Fix Versions	Aliases
CVE-2026-22702	20.36.1	GHSA-597g-3phw-6986, BIT-virtualenv-2026-22702

Recommended Actions

Review the vulnerability details above.
Close and reopen this PR to trigger CI/CD tests.
Approve and merge the PR if everything looks good.

This report was generated automatically. Please verify all upgrades before applying.

github-actions bot force-pushed the security-updates branch from 94870d6 to 721b7b2 Compare July 22, 2025 01:27

github-actions bot force-pushed the security-updates branch from 721b7b2 to ca76d6e Compare September 27, 2025 01:11

github-actions bot force-pushed the security-updates branch from ca76d6e to 55036c5 Compare October 6, 2025 19:17

github-actions bot force-pushed the security-updates branch from 55036c5 to 11ecf3d Compare October 29, 2025 01:21

github-actions bot force-pushed the security-updates branch 2 times, most recently from 76bf7a7 to c6357a3 Compare November 25, 2025 01:19

github-actions bot force-pushed the security-updates branch 3 times, most recently from f604a5f to c60d678 Compare December 7, 2025 01:38

github-actions bot force-pushed the security-updates branch 2 times, most recently from 2536027 to ff3c495 Compare December 10, 2025 01:23

github-actions bot force-pushed the security-updates branch from ff3c495 to eb48d39 Compare December 17, 2025 01:20

github-actions bot force-pushed the security-updates branch 3 times, most recently from 927a66d to 973e24c Compare January 8, 2026 01:27

github-actions bot force-pushed the security-updates branch 3 times, most recently from 8662111 to b83db32 Compare January 20, 2026 01:26

github-actions bot force-pushed the security-updates branch 3 times, most recently from bb0ab2f to 87467d0 Compare February 4, 2026 01:52

github-actions bot force-pushed the security-updates branch 2 times, most recently from 5cc6d2f to 067d566 Compare February 12, 2026 01:59

fix(security): update package versions

f894812

github-actions bot force-pushed the security-updates branch from 067d566 to f894812 Compare February 24, 2026 01:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security updates#2

Security updates#2
github-actions[bot] wants to merge 1 commit intomasterfrom
security-updates

github-actions bot commented Jul 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

github-actions bot commented Jul 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Security Vulnerability Report

Summary

Package Upgrades Overview

Detailed Vulnerability Information

aiohttp (v3.12.14)

biopython (v1.85)

filelock (v3.18.0)

fonttools (v4.58.4)

jupyterlab (v4.4.3)

marimo (v0.14.7)

nbconvert (v7.16.6)

orjson (v3.10.18)

pillow (v11.3.0)

protobuf (v6.31.1)

pyasn1 (v0.6.1)

pymdown-extensions (v10.16)

starlette (v0.47.2)

urllib3 (v2.5.0)

virtualenv (v20.31.2)

Recommended Actions

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

github-actions bot commented Jul 15, 2025 •

edited

Loading