Skip to content

Commit ff3c728

Browse files
osv-robotgithub-actions[bot]
osv-robot
authored and
github-actions[bot]
committed
test: update cassettes
1 parent 3ba958c commit ff3c728

File tree

11 files changed

+675
-307
lines changed

11 files changed

+675
-307
lines changed

cmd/osv-scanner/fix/__snapshots__/command_test.snap

Lines changed: 85 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -5259,14 +5259,14 @@ unsupported strategy "force" - must be one of: in-place, relax, override
52595259
---
52605260

52615261
[TestCommand/fix_non-interactive_in-place_package-lock.json - 1]
5262-
Found 14 vulnerabilities matching the filter
5263-
Can fix 7/14 matching vulnerabilities by changing 5 dependencies
5262+
Found 15 vulnerabilities matching the filter
5263+
Can fix 8/15 matching vulnerabilities by changing 5 dependencies
52645264
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
5265+
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
52655266
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
5266-
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
52675267
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
52685268
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
5269-
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
5269+
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
52705270
REMAINING-VULNS: 7
52715271
UNFIXABLE-VULNS: 7
52725272

@@ -5378,9 +5378,9 @@ UNFIXABLE-VULNS: 7
53785378
}
53795379
},
53805380
"node_modules/brace-expansion": {
5381-
"version": "1.1.12",
5382-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
5383-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
5381+
"version": "1.1.13",
5382+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
5383+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
53845384
"dependencies": {
53855385
"concat-map": "0.0.1",
53865386
"balanced-match": "^1.0.0"
@@ -6298,9 +6298,9 @@ UNFIXABLE-VULNS: 7
62986298
}
62996299
},
63006300
"brace-expansion": {
6301-
"version": "1.1.12",
6302-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
6303-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
6301+
"version": "1.1.13",
6302+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
6303+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
63046304
"requires": {
63056305
"concat-map": "0.0.1",
63066306
"balanced-match": "^1.0.0"
@@ -7101,6 +7101,15 @@ UNFIXABLE-VULNS: 7
71017101
],
71027102
"unactionable": true
71037103
},
7104+
{
7105+
"id": "GHSA-f886-m6hf-6m8v",
7106+
"packages": [
7107+
{
7108+
"name": "brace-expansion",
7109+
"version": "1.1.11"
7110+
}
7111+
]
7112+
},
71047113
{
71057114
"id": "GHSA-fjxv-7rqg-78g4",
71067115
"packages": [
@@ -7183,19 +7192,28 @@ UNFIXABLE-VULNS: 7
71837192
{
71847193
"packageUpdates": [
71857194
{
7186-
"name": "ajv",
7187-
"versionFrom": "6.12.6",
7188-
"versionTo": "6.14.0",
7195+
"name": "brace-expansion",
7196+
"versionFrom": "1.1.11",
7197+
"versionTo": "1.1.13",
71897198
"transitive": true
71907199
}
71917200
],
71927201
"fixed": [
71937202
{
7194-
"id": "GHSA-2g4f-4pwh-qvx6",
7203+
"id": "GHSA-f886-m6hf-6m8v",
71957204
"packages": [
71967205
{
7197-
"name": "ajv",
7198-
"version": "6.12.6"
7206+
"name": "brace-expansion",
7207+
"version": "1.1.11"
7208+
}
7209+
]
7210+
},
7211+
{
7212+
"id": "GHSA-v6h2-p8h4-qcjw",
7213+
"packages": [
7214+
{
7215+
"name": "brace-expansion",
7216+
"version": "1.1.11"
71997217
}
72007218
]
72017219
}
@@ -7204,19 +7222,19 @@ UNFIXABLE-VULNS: 7
72047222
{
72057223
"packageUpdates": [
72067224
{
7207-
"name": "brace-expansion",
7208-
"versionFrom": "1.1.11",
7209-
"versionTo": "1.1.12",
7225+
"name": "ajv",
7226+
"versionFrom": "6.12.6",
7227+
"versionTo": "6.14.0",
72107228
"transitive": true
72117229
}
72127230
],
72137231
"fixed": [
72147232
{
7215-
"id": "GHSA-v6h2-p8h4-qcjw",
7233+
"id": "GHSA-2g4f-4pwh-qvx6",
72167234
"packages": [
72177235
{
7218-
"name": "brace-expansion",
7219-
"version": "1.1.11"
7236+
"name": "ajv",
7237+
"version": "6.12.6"
72207238
}
72217239
]
72227240
}
@@ -7375,9 +7393,9 @@ UNFIXABLE-VULNS: 7
73757393
}
73767394
},
73777395
"node_modules/brace-expansion": {
7378-
"version": "1.1.12",
7379-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
7380-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
7396+
"version": "1.1.13",
7397+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
7398+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
73817399
"dependencies": {
73827400
"concat-map": "0.0.1",
73837401
"balanced-match": "^1.0.0"
@@ -8295,9 +8313,9 @@ UNFIXABLE-VULNS: 7
82958313
}
82968314
},
82978315
"brace-expansion": {
8298-
"version": "1.1.12",
8299-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
8300-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
8316+
"version": "1.1.13",
8317+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
8318+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
83018319
"requires": {
83028320
"concat-map": "0.0.1",
83038321
"balanced-match": "^1.0.0"
@@ -9012,6 +9030,16 @@ UNFIXABLE-VULNS: 7
90129030
}
90139031
]
90149032
},
9033+
{
9034+
"id": "GHSA-6fmv-xxpf-w3cw",
9035+
"packages": [
9036+
{
9037+
"name": "org.codehaus.plexus:plexus-utils",
9038+
"version": "3.0"
9039+
}
9040+
],
9041+
"unactionable": true
9042+
},
90159043
{
90169044
"id": "GHSA-78wr-2p64-hpwj",
90179045
"packages": [
@@ -9468,15 +9496,15 @@ UNFIXABLE-VULNS: 7
94689496
---
94699497

94709498
[TestCommand/fix_non-interactive_override_pom.xml - 1]
9471-
Found 12 vulnerabilities matching the filter
9472-
Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
9499+
Found 13 vulnerabilities matching the filter
9500+
Can fix 12/13 matching vulnerabilities by overriding 4 dependencies
94739501
OVERRIDE-PACKAGE: org.apache.httpcomponents:httpclient,4.5.13
94749502
OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,3.0.24
94759503
OVERRIDE-PACKAGE: commons-io:commons-io,2.14.0
94769504
OVERRIDE-PACKAGE: org.jsoup:jsoup,1.15.3
94779505
FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
9478-
REMAINING-VULNS: 0
9479-
UNFIXABLE-VULNS: 0
9506+
REMAINING-VULNS: 1
9507+
UNFIXABLE-VULNS: 1
94809508

94819509
---
94829510

@@ -9565,14 +9593,14 @@ UNFIXABLE-VULNS: 4
95659593
---
95669594

95679595
[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 1]
9568-
Found 14 vulnerabilities matching the filter
9569-
Can fix 7/14 matching vulnerabilities by changing 5 dependencies
9596+
Found 15 vulnerabilities matching the filter
9597+
Can fix 8/15 matching vulnerabilities by changing 5 dependencies
95709598
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
9599+
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
95719600
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
9572-
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
95739601
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
95749602
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
9575-
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
9603+
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
95769604
REMAINING-VULNS: 7
95779605
UNFIXABLE-VULNS: 7
95789606

@@ -9684,9 +9712,9 @@ UNFIXABLE-VULNS: 7
96849712
}
96859713
},
96869714
"node_modules/brace-expansion": {
9687-
"version": "1.1.12",
9688-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
9689-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
9715+
"version": "1.1.13",
9716+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
9717+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
96909718
"dependencies": {
96919719
"concat-map": "0.0.1",
96929720
"balanced-match": "^1.0.0"
@@ -10604,9 +10632,9 @@ UNFIXABLE-VULNS: 7
1060410632
}
1060510633
},
1060610634
"brace-expansion": {
10607-
"version": "1.1.12",
10608-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
10609-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
10635+
"version": "1.1.13",
10636+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
10637+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
1061010638
"requires": {
1061110639
"concat-map": "0.0.1",
1061210640
"balanced-match": "^1.0.0"
@@ -11307,13 +11335,13 @@ UNFIXABLE-VULNS: 7
1130711335
---
1130811336

1130911337
[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 1]
11310-
Found 12 vulnerabilities matching the filter
11311-
Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
11338+
Found 13 vulnerabilities matching the filter
11339+
Can fix 13/13 matching vulnerabilities by overriding 4 dependencies
1131211340
OVERRIDE-PACKAGE: org.apache.httpcomponents:httpclient,4.5.13
11313-
OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,3.0.24
11341+
OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,4.0.3
1131411342
OVERRIDE-PACKAGE: commons-io:commons-io,2.14.0
1131511343
OVERRIDE-PACKAGE: org.jsoup:jsoup,1.15.3
11316-
FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
11344+
FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-6fmv-xxpf-w3cw,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
1131711345
REMAINING-VULNS: 0
1131811346
UNFIXABLE-VULNS: 0
1131911347

@@ -11364,7 +11392,7 @@ UNFIXABLE-VULNS: 0
1136411392
<dependency>
1136511393
<groupId>org.codehaus.plexus</groupId>
1136611394
<artifactId>plexus-utils</artifactId>
11367-
<version>3.0.24</version>
11395+
<version>4.0.3</version>
1136811396
</dependency>
1136911397
</dependencies>
1137011398
</project>
@@ -11381,14 +11409,14 @@ manifest or lockfile is required
1138111409
---
1138211410

1138311411
[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 1]
11384-
Found 14 vulnerabilities matching the filter
11385-
Can fix 7/14 matching vulnerabilities by changing 5 dependencies
11412+
Found 15 vulnerabilities matching the filter
11413+
Can fix 8/15 matching vulnerabilities by changing 5 dependencies
1138611414
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
11415+
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
1138711416
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
11388-
UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
1138911417
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
1139011418
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
11391-
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
11419+
FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
1139211420
REMAINING-VULNS: 7
1139311421
UNFIXABLE-VULNS: 7
1139411422

@@ -11500,9 +11528,9 @@ UNFIXABLE-VULNS: 7
1150011528
}
1150111529
},
1150211530
"node_modules/brace-expansion": {
11503-
"version": "1.1.12",
11504-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
11505-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
11531+
"version": "1.1.13",
11532+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
11533+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
1150611534
"dependencies": {
1150711535
"concat-map": "0.0.1",
1150811536
"balanced-match": "^1.0.0"
@@ -12420,9 +12448,9 @@ UNFIXABLE-VULNS: 7
1242012448
}
1242112449
},
1242212450
"brace-expansion": {
12423-
"version": "1.1.12",
12424-
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
12425-
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
12451+
"version": "1.1.13",
12452+
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
12453+
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
1242612454
"requires": {
1242712455
"concat-map": "0.0.1",
1242812456
"balanced-match": "^1.0.0"

0 commit comments

Comments
 (0)