Well, that's nice of them: Github has started giving security alerts for software in public repositories that have vulnerabilities.
See https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ "GitHub tracks public vulnerabilities in Ruby gems and NPM packages on MITRE's Common Vulnerabilities and Exposures (CVE) List <https://cve.mitre.org/>. When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories. You can also configure security alerts for additional people or teams working in organization-owned repositories. GitHub never publicly discloses identified vulnerabilities for any repository." -- Jord van der Elst. _______________________________________________ boinc_dev mailing list boinc_dev@ssl.berkeley.edu https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
