Merge branch 'master' into dependabot/go_modules/golang.org/x/mod-0.31.0

Author: afsmeira

.circleci/config.yml

@@ -7,9 +7,9 @@ orbs:
 references:
   install_trivy_and_download_dbs: &install_trivy_and_download_dbs
     persist_to_workspace: true
-    # https://aquasecurity.github.io/trivy/v0.65/getting-started/installation/#install-script
+    # https://trivy.dev/docs/v0.68/getting-started/installation/#installing-trivy
     cmd: |
-      curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.66.0
+      curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.68.2
       mkdir cache
       ./trivy --cache-dir ./cache image --download-db-only
 

docs/multiple-tests/all-patterns/results.xml

@@ -21,6 +21,12 @@
             message="Insecure dependency maven/org.apache.logging.log4j/[email protected] (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/[email protected] (CVE-2025-68161: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...) (update to 2.25.3)"
+            severity="warning"
+        />
         <error
             source="vulnerability_critical"
             line="2"

docs/multiple-tests/pattern-vulnerability-critical/results.xml

@@ -7,6 +7,12 @@
             message="Insecure dependency golang/[email protected] (CVE-2024-24790: golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses) (update to 1.21.11)"
             severity="error"
         />
+        <error
+            source="vulnerability_critical"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2025-63389: Ollama Platform has missing authentication enabling attackers to perform model management operations) (no fix available)"
+            severity="error"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">

docs/multiple-tests/pattern-vulnerability-high/results.xml

@@ -85,19 +85,13 @@
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency golang/[email protected] (CVE-2025-58186: Despite HTTP headers having a default limit of 1MB, the number of cook ...) (update to 1.24.8)"
-            severity="high"
-        />
-        <error
-            source="vulnerability_high"
-            line="5"
-            message="Insecure dependency golang/[email protected] (CVE-2025-58187: Due to the design of the name constraint checking algorithm, the proce ...) (update to 1.24.9)"
+            message="Insecure dependency golang/[email protected] (CVE-2025-58183: golang: archive/tar: Unbounded allocation when parsing GNU sparse map) (update to 1.24.8)"
             severity="high"
         />
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency golang/[email protected] (CVE-2025-58183: golang: archive/tar: Unbounded allocation when parsing GNU sparse map) (update to 1.24.8)"
+            message="Insecure dependency golang/[email protected] (CVE-2025-61729: crypto/x509: Excessive resource consumption when printing error string for host certificate validation in crypto/x509) (update to 1.24.11)"
             severity="high"
         />
     </file>

docs/multiple-tests/pattern-vulnerability-medium/results.xml

@@ -170,9 +170,33 @@
             message="Insecure dependency golang/[email protected] (CVE-2025-58188: crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509) (update to 1.24.8)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/[email protected] (CVE-2025-58186: golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http) (update to 1.24.8)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/[email protected] (CVE-2025-58187: crypto/x509: Quadratic complexity when checking name constraints in crypto/x509) (update to 1.24.9)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/[email protected] (CVE-2025-61727: golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs) (update to 1.24.11)"
+            severity="warning"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/[email protected] (CVE-2025-68161: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...) (update to 2.25.3)"
+            severity="warning"
+        />
         <error
             source="vulnerability_medium"
             line="1"
@@ -188,6 +212,12 @@
             message="Insecure dependency maven/org.apache.logging.log4j/[email protected] (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="14"
+            message="Insecure dependency maven/org.apache.logging.log4j/[email protected] (CVE-2025-68161: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...) (update to 2.25.3)"
+            severity="warning"
+        />
     </file>
 
     <file name="javascript/package-lock.json">