At 16:38 on 26 March 2021, Automated monitoring alerted our team via Synk that a packaged used on our Beta instance was vulnerable to Arbitrary Code Execution. Within an hour, we determined there was no risk.
16:38 - RhinosF1 gets email from Synk
16:43 - MirahezeBots puts together a response
17:04 - Upgrade of requests-cache is complete on our system & deployed.
17:13 - Miraheze Security (Southparkfan) begin reviewing the advisory to assist us.
17:32 - The determination we are not likely to be impacted on our hosted systems is made.
18:12 - This post & https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-v5pg-jm72-mqwf are published.