Squashed 'csaf-validator-lib/' changes from ab91859..9745448

9745448 Merge pull request #273 from secvisogram/chore/release
cca12b2 2.0.0
7810411 Merge pull request #271 from secvisogram/chore/csaf-updates
5e1de8c Merge pull request #272 from secvisogram/chore/dependency-updates
d7ddd77 chore: update dependencies
f5f7ba7 feat: update csaf submodule
9bb25d8 Merge pull request #270 from secvisogram/269-update-cwe-catalogue
5550466 feat!: update cwe catalogue
526f2a6 Merge pull request #206 from secvisogram/fix/#205-missing_await_in_informativeTest_6_3_8
b31a4d3 Merge pull request #260 from secvisogram/231-remove-npmrc-always-auth-field
b989ba64 chore: remove always-auth field from npmrc
0765b90 fix(informative test): #205 replaced OASIS CSAF TC in test with Example Pub
d7f7342 fix(informative test): #205 use minimalDoc to define csaf test data
a9430d3 fix(informative test): #205 replaced test csaf files by template literals  in the code
132c7e1 fix(informative test): #205 changed test. It is now clearer which entries are mocked
c1f6ed4 fix(informative test): #205 add await to check branches, add additional test for informativeTest_6_3_8

git-subtree-dir: csaf-validator-lib
git-subtree-split: 97454485cf0b2d5abbb758e9421a90c5b858c109

Author: domachine

.npmrc

@@ -1,3 +1,2 @@
 //registry.npmjs.org/:_authToken=${NPM_TOKEN}
 @secvisogram:registry=https://registry.npmjs.org/
-always-auth=true

csaf

@@ -304,7 +304,7 @@ export default async function informativeTest_6_3_8(
         `${prefix}${branchIndex}/product/name`,
         branch.product?.name
       )
-      checkBranches(
+      await checkBranches(
         `${prefix}${branchIndex}/branches/`,
         Array.isArray(branch.branches) ? branch.branches : []
       )

lib/informativeTests/informativeTest_6_3_8.js

@@ -25,7 +25,7 @@ export default /** @type {const} */ ({
     { id: 'CWE-1038', name: 'Insecure Automated Optimizations' },
     {
       id: 'CWE-1039',
-      name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations',
+      name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism',
     },
     {
       id: 'CWE-104',
@@ -739,7 +739,16 @@ export default /** @type {const} */ ({
       id: 'CWE-1427',
       name: 'Improper Neutralization of Input Used for LLM Prompting',
     },
+    { id: 'CWE-1428', name: 'Reliance on HTTP instead of HTTPS' },
+    {
+      id: 'CWE-1429',
+      name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface',
+    },
     { id: 'CWE-143', name: 'Improper Neutralization of Record Delimiters' },
+    {
+      id: 'CWE-1431',
+      name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs',
+    },
     { id: 'CWE-144', name: 'Improper Neutralization of Line Delimiters' },
     { id: 'CWE-145', name: 'Improper Neutralization of Section Delimiters' },
     {