[SEC-890] [listenbrainz-server] GHSA-36jr-mh4h-2g58: d3-color < 3.1.0

Type: Task
Resolution: Invalid
Priority: Normal
Component/s: LB
Labels:
None

GitHub Alert ID:
2,963,431,818

GHSA-36jr-mh4h-2g58 affects package d3-color < 3.1.0 which metabrainz/listenbrainz-server depends on.

Please self-assign this ticket and check metabrainz/listenbrainz-server alerts, then:

Dismiss the corresponding alert in GitHub if there is a valid reason (patch in progress, no bandwidth, tolerable risk, inaccurate alert, or unused code) for.
Create a new ticket in the affected JIRA project, link it to this ticket (do not move this ticket to another project), and address that new ticket.

In both case, GitHub Bot will close this ticket for you, except if you backport a patch on a vulnerable dependency.

This ticket has been created by SEC automation.

GitHub Bot added a comment - 2023-05-02 17:27

Alert has been resolved according to GitHub.

GitHub Bot added a comment - 2023-05-02 17:27 Alert has been resolved according to GitHub.

GitHub Bot added a comment - 2023-05-02 17:17

Alert dismissed by MonkeyDo on GitHub for the following reason:
A fix has already been started

GitHub Bot added a comment - 2023-05-02 17:17 Alert dismissed by MonkeyDo on GitHub for the following reason: A fix has already been started

yvanzo added a comment - 2023-03-28 17:57

dependabot bot reopened this from #2388 March 12, 2023 14:10

The above comment by kartik1712 is probably still current.

yvanzo added a comment - 2023-03-28 17:57 dependabot bot reopened this from #2388 March 12, 2023 14:10 The above comment by kartik1712 is probably still current.

yvanzo added a comment - 2023-01-17 19:26

Actually fixed or invalid, the resolution field has not been set by GitHub bot in due time.

yvanzo added a comment - 2023-01-17 19:26 Actually fixed or invalid, the resolution field has not been set by GitHub bot in due time.

GitHub Bot added a comment - 2022-12-09 10:55

Alert has been resolved according to GitHub.

GitHub Bot added a comment - 2022-12-09 10:55 Alert has been resolved according to GitHub.

amCap1712 added a comment - 2022-11-24 18:12

Need to update nivo/color once it merges https://github.com/plouc/nivo/pull/2142 and releases a new version.

amCap1712 added a comment - 2022-11-24 18:12 Need to update nivo/color once it merges https://github.com/plouc/nivo/pull/2142 and releases a new version.

Assignee:: amCap1712

Reporter:: GitHub Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022-09-29 17:18

Updated:: 2023-05-02 17:27

Resolved:: 2023-05-02 17:17

Version	Package

Details

Description

Attachments

Activity

Collapse comment: GitHub Bot added a comment - 2023-05-02 17:27

Expand comment: GitHub Bot added a comment - 2023-05-02 17:27

Collapse comment: GitHub Bot added a comment - 2023-05-02 17:17

Expand comment: GitHub Bot added a comment - 2023-05-02 17:17

Collapse comment: yvanzo added a comment - 2023-03-28 17:57

Expand comment: yvanzo added a comment - 2023-03-28 17:57

Collapse comment: yvanzo added a comment - 2023-01-17 19:26

Expand comment: yvanzo added a comment - 2023-01-17 19:26

Collapse comment: GitHub Bot added a comment - 2022-12-09 10:55

Expand comment: GitHub Bot added a comment - 2022-12-09 10:55

Collapse comment: amCap1712 added a comment - 2022-11-24 18:12

Expand comment: amCap1712 added a comment - 2022-11-24 18:12

People

Dates

Packages