forked from ProtonMail/WebClients
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.grype.yaml
More file actions
142 lines (140 loc) · 3.61 KB
/
.grype.yaml
File metadata and controls
142 lines (140 loc) · 3.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
fail-on-severity: 'critical'
ignore:
# Statuses
- fix-state: not-fixed
- fix-state: unknown
- fix-state: wont-fix
# Vulnerabilities
# How to fix them:
# - remove the entry you aim to fix from the following list
# - check in the CI that is failing
# - patch/update the target dependency accordingly
# - the CI should be green and that's it
## Criticals
### Go
- vulnerability: GHSA-v778-237x-gjrc
package:
name: golang.org/x/crypto
type: go-module
version: v0.0.0-20210322153248-0c34fe9e7dc2
- vulnerability: GHSA-v778-237x-gjrc
package:
name: golang.org/x/crypto
type: go-module
version: v0.0.0-20220829220503-c86fa9a7ed90
- vulnerability: CVE-2024-24790
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29405
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29404
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29402
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24540
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24538
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24531
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2022-23806
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2021-38297
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2020-29511
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2020-29509
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2024-24790
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29405
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29404
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29402
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24540
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24538
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24531
package:
name: stdlib
type: go-module
version: go1.18.8
### Npm
- vulnerability: GHSA-phwq-j96m-2c2q
package:
name: ejs
type: npm
version: 2.7.4
- vulnerability: GHSA-vjh7-7g9h-fjfh
package:
name: elliptic
type: npm
version: 6.5.7
- vulnerability: GHSA-593f-38f6-jp5m
package:
name: koa
type: npm
version: 2.15.3
- vulnerability: GHSA-76p3-8jx3-jpfq
package:
name: loader-utils
type: npm
version: 0.2.17
- vulnerability: GHSA-cf4h-3jhx-xvhq
package:
name: underscore
type: npm
version: 1.7.0