⬆ Bump actions/checkout from 6 to 7 by dependabot[bot] · Pull Request #694 · dymmond/ravyn

An automation triggered a pipeline warning

Found 37 vulnerabilities. An additional 1 vulnerabilities have been marked as unaffected.

Output from Automations

4 rules were checked:

If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If there is a dependency where the license risk is at least high
then send a pipeline warning

✔️ The rule did not trigger. Manage rule

If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning

⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule

Vulnerability	CVSS2	CVSS3	CVSS4	Dependency	Dependency Licenses
CVE-2015-5607	6.8	8.8	N/A	ipython (pypi)	Unknown License
CVE-2026-44660	N/A	7.5	8.7	ujson (pypi)	BSD-3-Clause
CVE-2025-6176	N/A	7.5	N/A	brotli (pypi)	MIT
CVE-2026-32597	N/A	7.5	N/A	PyJWT (pypi)	MIT
CVE-2026-32874	N/A	7.5	N/A	ujson (pypi)	BSD-3-Clause
CVE-2026-32875	N/A	7.5	N/A	ujson (pypi)	BSD-3-Clause
CVE-2024-27454	N/A	7.5	N/A	orjson (pypi)	MIT
CVE-2025-67221	N/A	7.5	N/A	orjson (pypi)	MIT
CVE-2023-30861	N/A	7.5	N/A	flask (pypi)	BSD-3-Clause
CVE-2026-48526	N/A	7.4	N/A	PyJWT (pypi)	MIT
CVE-2025-45768	N/A	7	N/A	PyJWT (pypi)	MIT
CVE-2023-24816	N/A	7	N/A	ipython (pypi)	Unknown License
CVE-2014-3429	6.8	N/A	N/A	ipython (pypi)	Unknown License
CVE-2025-71176	N/A	6.8	N/A	pytest (pypi)	MIT
CVE-2015-7337	6.8	N/A	N/A	ipython (pypi)	Unknown License
CVE-2023-28859	N/A	6.5	N/A	redis (pypi)	Unknown License
CVE-2015-4707	4.3	6.1	N/A	ipython (pypi)	Unknown License
CVE-2015-4706	4.3	6.1	N/A	ipython (pypi)	Unknown License
CVE-2024-22195	N/A	6.1	N/A	jinja2 (pypi)	BSD-3-Clause
CVE-2013-0178	3.6	5.5	N/A	redis (pypi)	Unknown License
CVE-2013-0180	3.6	5.5	N/A	redis (pypi)	Unknown License
CVE-2026-48523	N/A	5.4	N/A	PyJWT (pypi)	MIT
CVE-2024-34064	N/A	5.4	N/A	jinja2 (pypi)	BSD-3-Clause
CVE-2024-56201	N/A	8.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2024-56326	N/A	7.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2025-27516	N/A	8.8	5.4	jinja2 (pypi)	BSD-3-Clause
CVE-2026-48525	N/A	5.3	N/A	PyJWT (pypi)	MIT
CVE-2015-6938	4.3	N/A	N/A	ipython (pypi)	Unknown License
CVE-2026-48522	N/A	4.2	N/A	PyJWT (pypi)	MIT
CVE-2023-28858	N/A	3.7	N/A	redis (pypi)	Unknown License
CVE-2026-48524	N/A	3.7	N/A	PyJWT (pypi)	MIT
CVE-2026-27205	N/A	4.3	2.3	flask (pypi)	BSD-3-Clause
GMS-2015-23	N/A	N/A	N/A	ipython (pypi)	Unknown License
debricked-234932	N/A	N/A	N/A	ipython (pypi)	Unknown License
debricked-234931	N/A	N/A	N/A	ipython (pypi)	Unknown License
CVE-2026-48061	N/A	N/A	N/A	litestar (pypi)	MIT
CVE-2026-48060	N/A	N/A	N/A	litestar (pypi)	MIT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

⬆ Bump actions/checkout from 6 to 7#694

⬆ Bump actions/checkout from 6 to 7#694
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-7

Uh oh!

An automation triggered a pipeline warning

Output from Automations

4 rules were checked:

Re-running checks...