Skip to content

Security updates#1

Open
github-actions[bot] wants to merge 1 commit intosRNA-regulationfrom
security-updates
Open

Security updates#1
github-actions[bot] wants to merge 1 commit intosRNA-regulationfrom
security-updates

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 3, 2025
edited
Loading

Security Vulnerability Report

Generated on: 2026-03-05 01:43:48

Summary

Found vulnerabilities in 15 packages requiring updates.

Package Upgrades Overview

Package Current Version Recommended Version Vulnerabilities
aiohttp 3.12.13 3.13.3 9
biopython 1.85 Unknown 1
filelock 3.18.0 3.20.3 2
fonttools 4.58.4 4.60.2 1
jupyterlab 4.4.3 4.4.8 1
marimo 0.14.7 0.16.4 1
nbconvert 7.16.6 7.17.0 1
orjson 3.10.18 Unknown 1
pillow 11.3.0 12.1.1 1
protobuf 6.31.1 6.33.5 1
pyasn1 0.6.1 0.6.2 1
pymdown-extensions 10.16 10.16.1 1
starlette 0.47.1 0.49.1 2
urllib3 2.5.0 2.6.3 3
virtualenv 20.31.2 20.36.1 1

Detailed Vulnerability Information

aiohttp (v3.12.13)

Vulnerability ID Fix Versions Aliases
CVE-2025-53643 3.12.14 GHSA-9548-qrrj-x5pj
CVE-2025-69223 3.13.3 GHSA-6mq8-rvhq-8wgg
CVE-2025-69224 3.13.3 GHSA-69f9-5gxw-wvc2
CVE-2025-69228 3.13.3 GHSA-6jhg-hg63-jvvf
CVE-2025-69229 3.13.3 GHSA-g84x-mcqj-x9qq
CVE-2025-69230 3.13.3 GHSA-fh55-r93g-j68g
CVE-2025-69226 3.13.3 GHSA-54jq-c3m8-4m76
CVE-2025-69227 3.13.3 GHSA-jj3x-wxrx-4x23
CVE-2025-69225 3.13.3 GHSA-mqqc-3gqh-h2x8

biopython (v1.85)

Vulnerability ID Fix Versions Aliases
CVE-2025-68463 GHSA-x3vf-39hj-gxr4

filelock (v3.18.0)

Vulnerability ID Fix Versions Aliases
CVE-2025-68146 3.20.1 GHSA-w853-jp5j-5j7f
CVE-2026-22701 3.20.3 GHSA-qmgc-5h2g-mvrw

fonttools (v4.58.4)

Vulnerability ID Fix Versions Aliases
CVE-2025-66034 4.60.2 GHSA-768j-98cg-p3fv

jupyterlab (v4.4.3)

Vulnerability ID Fix Versions Aliases
CVE-2025-59842 4.4.8 GHSA-vvfj-2jqx-52jm, BIT-jupyterlab-2025-59842

marimo (v0.14.7)

Vulnerability ID Fix Versions Aliases
GHSA-xjv7-6w92-42r7 0.16.4

nbconvert (v7.16.6)

Vulnerability ID Fix Versions Aliases
CVE-2025-53000 7.17.0 GHSA-xm59-rqc7-hhvf

orjson (v3.10.18)

Vulnerability ID Fix Versions Aliases
CVE-2025-67221 GHSA-hx9q-6w63-j58v

pillow (v11.3.0)

Vulnerability ID Fix Versions Aliases
CVE-2026-25990 12.1.1 GHSA-cfh3-3jmp-rvhc, BIT-pillow-2026-25990

protobuf (v6.31.1)

Vulnerability ID Fix Versions Aliases
CVE-2026-0994 5.29.6, 6.33.5 GHSA-7gcm-g887-7qv7

pyasn1 (v0.6.1)

Vulnerability ID Fix Versions Aliases
CVE-2026-23490 0.6.2 GHSA-63vm-454h-vhhq

pymdown-extensions (v10.16)

Vulnerability ID Fix Versions Aliases
CVE-2025-68142 10.16.1 GHSA-r6h4-mm7h-8pmq

starlette (v0.47.1)

Vulnerability ID Fix Versions Aliases
CVE-2025-54121 0.47.2 GHSA-2c2j-9gv5-cj73
CVE-2025-62727 0.49.1 GHSA-7f5h-v6xp-fcq8

urllib3 (v2.5.0)

Vulnerability ID Fix Versions Aliases
CVE-2025-66418 2.6.0 GHSA-gm62-xv2j-4w53
CVE-2025-66471 2.6.0 GHSA-2xpw-w6gg-jr37
CVE-2026-21441 2.6.3 GHSA-38jv-5279-wg99

virtualenv (v20.31.2)

Vulnerability ID Fix Versions Aliases
CVE-2026-22702 20.36.1 BIT-virtualenv-2026-22702, GHSA-597g-3phw-6986

Recommended Actions

  1. Review the vulnerability details above.
  2. Close and reopen this PR to trigger CI/CD tests.
  3. Approve and merge the PR if everything looks good.

This report was generated automatically. Please verify all upgrades before applying.

@github-actions github-actions bot force-pushed the security-updates branch 2 times, most recently from 0a80cfb to e9c94be Compare September 27, 2025 01:03
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from 889e7e8 to 4e45e51 Compare November 26, 2025 01:12
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from a550a8e to 8f62a1f Compare December 7, 2025 01:20
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from 2d3edee to 12b7e85 Compare December 12, 2025 01:15
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from 4517173 to 71364cb Compare January 8, 2026 01:18
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from ad32188 to 64f11e5 Compare January 20, 2026 01:17
@github-actions github-actions bot force-pushed the security-updates branch 3 times, most recently from 393cbfd to 210217b Compare February 4, 2026 01:29
@github-actions github-actions bot force-pushed the security-updates branch 2 times, most recently from 755f023 to 004dbcb Compare February 12, 2026 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants