test: update e2e fixtures

G-Rath · Dec 10, 2023 · 10a3233 · 10a3233
1 parent a330927
commit 10a3233
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 12 deletions.
diff --git a/fixtures/locks-e2e/1-Pipfile.lock.out.txt b/fixtures/locks-e2e/1-Pipfile.lock.out.txt
diff --git a/fixtures/locks-e2e/1-poetry.lock.out.txt b/fixtures/locks-e2e/1-poetry.lock.out.txt
diff --git a/fixtures/locks-e2e/1-yarn.lock.out.txt b/fixtures/locks-e2e/1-yarn.lock.out.txt
@@ -26,7 +26,7 @@ fixtures/locks-e2e/1-yarn.lock: found 1678 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-6h5x-7c5m-7cr7: Exposure of Sensitive Information in eventsource (https://github.com/advisories/GHSA-6h5x-7c5m-7cr7)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-6g8v-hpgw-h2v7: Prototype pollution in gsap (https://github.com/advisories/GHSA-6g8v-hpgw-h2v7)
   [email protected] is affected by the following vulnerabilities:

diff --git a/fixtures/locks-e2e/2-go.mod.out.txt b/fixtures/locks-e2e/2-go.mod.out.txt
@@ -10,8 +10,8 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-6jvc-q2x7-pchv: AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field (https://github.com/advisories/GHSA-6jvc-q2x7-pchv)
     GHSA-7f33-f4f5-xwgw: In-band key negotiation issue in AWS S3 Crypto SDK for golang (https://github.com/advisories/GHSA-7f33-f4f5-xwgw)
   github.com/hashicorp/[email protected] is affected by the following vulnerabilities:
-    GHSA-27rq-4943-qcwp: Insertion of Sensitive Information into Log File in Hashicorp go-getter (https://github.com/advisories/GHSA-27rq-4943-qcwp)
     GHSA-28r2-q6m8-9hpx: HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion (https://github.com/advisories/GHSA-28r2-q6m8-9hpx)
+    GHSA-27rq-4943-qcwp: Insertion of Sensitive Information into Log File in Hashicorp go-getter (https://github.com/advisories/GHSA-27rq-4943-qcwp)
     GHSA-cjr4-fv6c-f3mv: HashiCorp go-getter unsafe downloads could lead to arbitrary host access (https://github.com/advisories/GHSA-cjr4-fv6c-f3mv)
     GHSA-fcgg-rvwg-jv58: HashiCorp go-getter unsafe downloads (https://github.com/advisories/GHSA-fcgg-rvwg-jv58)
     GHSA-jpxj-2jvg-6jv9: Data Amplification in HashiCorp go-getter (https://github.com/advisories/GHSA-jpxj-2jvg-6jv9)
@@ -26,6 +26,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-69cg-p879-7622: golang.org/x/net/http2 Denial of Service vulnerability (https://github.com/advisories/GHSA-69cg-p879-7622)
     GHSA-83g2-8m93-v3w7: golang.org/x/net/html Infinite Loop vulnerability (https://github.com/advisories/GHSA-83g2-8m93-v3w7)
     GHSA-h86h-8ppg-mxmh: golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion (https://github.com/advisories/GHSA-h86h-8ppg-mxmh)
+    GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
     GHSA-vvpx-j8f3-3w6h: Uncontrolled Resource Consumption (https://github.com/advisories/GHSA-vvpx-j8f3-3w6h)
     GO-2022-0288: Unbounded memory growth in net/http and golang.org/x/net/http2
     GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2
@@ -38,4 +39,4 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-m425-mq94-257g: gRPC-Go HTTP/2 Rapid Reset vulnerability (https://github.com/advisories/GHSA-m425-mq94-257g)
     GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
 
-  25 known vulnerabilities found in fixtures/locks-e2e/2-go.mod
+  26 known vulnerabilities found in fixtures/locks-e2e/2-go.mod
diff --git a/fixtures/locks-e2e/2-package-lock.json.out.txt b/fixtures/locks-e2e/2-package-lock.json.out.txt
diff --git a/fixtures/locks-e2e/2-poetry.lock.out.txt b/fixtures/locks-e2e/2-poetry.lock.out.txt
diff --git a/fixtures/locks-e2e/2-pom.xml.out.txt b/fixtures/locks-e2e/2-pom.xml.out.txt
@@ -19,5 +19,6 @@ fixtures/locks-e2e/2-pom.xml: found 8 packages
     GHSA-7c2q-5qmr-v76q: DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 (https://github.com/advisories/GHSA-7c2q-5qmr-v76q)
     GHSA-8m5h-hrqm-pxm2: Path traversal in the OWASP Enterprise Security API (https://github.com/advisories/GHSA-8m5h-hrqm-pxm2)
     GHSA-q77q-vx4q-xx6q: Cross-site Scripting in org.owasp.esapi:esapi (https://github.com/advisories/GHSA-q77q-vx4q-xx6q)
+    GHSA-r68h-jhhj-9jvm: Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year (https://github.com/advisories/GHSA-r68h-jhhj-9jvm)
 
-  12 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml
+  13 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml
diff --git a/fixtures/locks-e2e/2-yarn.lock.out.txt b/fixtures/locks-e2e/2-yarn.lock.out.txt
@@ -45,9 +45,9 @@ fixtures/locks-e2e/2-yarn.lock: found 1991 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-4q6p-r6v2-jvc5: Chaijs/get-func-name vulnerable to ReDoS (https://github.com/advisories/GHSA-4q6p-r6v2-jvc5)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-7wwv-vh3v-89cq: ReDOS vulnerabities: multiple grammars (https://github.com/advisories/GHSA-7wwv-vh3v-89cq)
   [email protected] is affected by the following vulnerabilities:

diff --git a/fixtures/locks-e2e/3-yarn.lock.out.txt b/fixtures/locks-e2e/3-yarn.lock.out.txt
@@ -17,7 +17,7 @@ fixtures/locks-e2e/3-yarn.lock: found 1225 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-w573-4hg7-7wgq: decode-uri-component vulnerable to Denial of Service (DoS) (https://github.com/advisories/GHSA-w573-4hg7-7wgq)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket (https://github.com/advisories/GHSA-pfrx-2q88-qq97)
   [email protected] is affected by the following vulnerabilities: