From 962af1dfd91c70229850509dec1f097c69f2dfbf Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sun, 29 Oct 2023 13:42:25 +1300 Subject: [PATCH] test: regenerate e2e fixtures (#232) --- fixtures/locks-e2e/1-package-lock.json.out.txt | 6 +++++- fixtures/locks-e2e/1-yarn.lock.out.txt | 4 +++- fixtures/locks-e2e/2-go.mod.out.txt | 4 +++- fixtures/locks-e2e/2-package-lock.json.out.txt | 4 +++- fixtures/locks-e2e/2-pom.xml.out.txt | 3 ++- fixtures/locks-e2e/2-yarn.lock.out.txt | 3 ++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/fixtures/locks-e2e/1-package-lock.json.out.txt b/fixtures/locks-e2e/1-package-lock.json.out.txt index b3e63ba2..d42b5408 100644 --- a/fixtures/locks-e2e/1-package-lock.json.out.txt +++ b/fixtures/locks-e2e/1-package-lock.json.out.txt @@ -10,6 +10,10 @@ fixtures/locks-e2e/1-package-lock.json: found 1273 packages GHSA-93q8-gq69-wqmw: Inefficient Regular Expression Complexity in chalk/ansi-regex (https://github.com/advisories/GHSA-93q8-gq69-wqmw) ansi-regex@5.0.0 is affected by the following vulnerabilities: GHSA-93q8-gq69-wqmw: Inefficient Regular Expression Complexity in chalk/ansi-regex (https://github.com/advisories/GHSA-93q8-gq69-wqmw) + browserify-sign@4.2.1 is affected by the following vulnerabilities: + GHSA-x9w5-v3q2-3rhw: browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack (https://github.com/advisories/GHSA-x9w5-v3q2-3rhw) + crypto-js@4.1.1 is affected by the following vulnerabilities: + GHSA-xwcq-pm8m-c4vf: crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard (https://github.com/advisories/GHSA-xwcq-pm8m-c4vf) engine.io@6.2.1 is affected by the following vulnerabilities: GHSA-q9mw-68c2-j6m5: engine.io Uncaught Exception vulnerability (https://github.com/advisories/GHSA-q9mw-68c2-j6m5) get-func-name@2.0.0 is affected by the following vulnerabilities: @@ -35,4 +39,4 @@ fixtures/locks-e2e/1-package-lock.json: found 1273 packages word-wrap@1.2.3 is affected by the following vulnerabilities: GHSA-j8xg-fqg3-53r7: word-wrap vulnerable to Regular Expression Denial of Service (https://github.com/advisories/GHSA-j8xg-fqg3-53r7) - 15 known vulnerabilities found in fixtures/locks-e2e/1-package-lock.json + 17 known vulnerabilities found in fixtures/locks-e2e/1-package-lock.json diff --git a/fixtures/locks-e2e/1-yarn.lock.out.txt b/fixtures/locks-e2e/1-yarn.lock.out.txt index 1ea4f2cd..98f414e5 100644 --- a/fixtures/locks-e2e/1-yarn.lock.out.txt +++ b/fixtures/locks-e2e/1-yarn.lock.out.txt @@ -12,6 +12,8 @@ fixtures/locks-e2e/1-yarn.lock: found 1678 packages GHSA-93q8-gq69-wqmw: Inefficient Regular Expression Complexity in chalk/ansi-regex (https://github.com/advisories/GHSA-93q8-gq69-wqmw) async@2.6.3 is affected by the following vulnerabilities: GHSA-fwr7-v2mv-hh25: Prototype Pollution in async (https://github.com/advisories/GHSA-fwr7-v2mv-hh25) + browserify-sign@4.2.1 is affected by the following vulnerabilities: + GHSA-x9w5-v3q2-3rhw: browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack (https://github.com/advisories/GHSA-x9w5-v3q2-3rhw) debug@4.1.1 is affected by the following vulnerabilities: GHSA-gxpj-cx7g-858c: Regular Expression Denial of Service in debug (https://github.com/advisories/GHSA-gxpj-cx7g-858c) decode-uri-component@0.2.0 is affected by the following vulnerabilities: @@ -105,4 +107,4 @@ fixtures/locks-e2e/1-yarn.lock: found 1678 packages word-wrap@1.2.3 is affected by the following vulnerabilities: GHSA-j8xg-fqg3-53r7: word-wrap vulnerable to Regular Expression Denial of Service (https://github.com/advisories/GHSA-j8xg-fqg3-53r7) - 59 known vulnerabilities found in fixtures/locks-e2e/1-yarn.lock + 60 known vulnerabilities found in fixtures/locks-e2e/1-yarn.lock diff --git a/fixtures/locks-e2e/2-go.mod.out.txt b/fixtures/locks-e2e/2-go.mod.out.txt index bb9ad4c7..70bfa541 100644 --- a/fixtures/locks-e2e/2-go.mod.out.txt +++ b/fixtures/locks-e2e/2-go.mod.out.txt @@ -37,5 +37,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages golang.org/x/text@0.3.5 is affected by the following vulnerabilities: GHSA-69ch-w2m2-3vjp: golang.org/x/text/language Denial of service via crafted Accept-Language header (https://github.com/advisories/GHSA-69ch-w2m2-3vjp) GHSA-ppp9-7jff-5vj2: golang.org/x/text/language Out-of-bounds Read vulnerability (https://github.com/advisories/GHSA-ppp9-7jff-5vj2) + google.golang.org/grpc@1.32.0 is affected by the following vulnerabilities: + GHSA-m425-mq94-257g: gRPC-Go HTTP/2 Rapid Reset vulnerability (https://github.com/advisories/GHSA-m425-mq94-257g) - 26 known vulnerabilities found in fixtures/locks-e2e/2-go.mod + 27 known vulnerabilities found in fixtures/locks-e2e/2-go.mod diff --git a/fixtures/locks-e2e/2-package-lock.json.out.txt b/fixtures/locks-e2e/2-package-lock.json.out.txt index 2ef8577a..bd930f30 100644 --- a/fixtures/locks-e2e/2-package-lock.json.out.txt +++ b/fixtures/locks-e2e/2-package-lock.json.out.txt @@ -20,6 +20,8 @@ fixtures/locks-e2e/2-package-lock.json: found 1468 packages GHSA-fwr7-v2mv-hh25: Prototype Pollution in async (https://github.com/advisories/GHSA-fwr7-v2mv-hh25) axios@0.21.1 is affected by the following vulnerabilities: GHSA-cph5-m8f7-6c5x: axios Inefficient Regular Expression Complexity vulnerability (https://github.com/advisories/GHSA-cph5-m8f7-6c5x) + browserify-sign@4.2.1 is affected by the following vulnerabilities: + GHSA-x9w5-v3q2-3rhw: browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack (https://github.com/advisories/GHSA-x9w5-v3q2-3rhw) decode-uri-component@0.2.0 is affected by the following vulnerabilities: GHSA-w573-4hg7-7wgq: decode-uri-component vulnerable to Denial of Service (DoS) (https://github.com/advisories/GHSA-w573-4hg7-7wgq) ejs@2.7.4 is affected by the following vulnerabilities: @@ -126,4 +128,4 @@ fixtures/locks-e2e/2-package-lock.json: found 1468 packages yargs-parser@10.1.0 is affected by the following vulnerabilities: GHSA-p9pc-299p-vxgp: yargs-parser Vulnerable to Prototype Pollution (https://github.com/advisories/GHSA-p9pc-299p-vxgp) - 69 known vulnerabilities found in fixtures/locks-e2e/2-package-lock.json + 70 known vulnerabilities found in fixtures/locks-e2e/2-package-lock.json diff --git a/fixtures/locks-e2e/2-pom.xml.out.txt b/fixtures/locks-e2e/2-pom.xml.out.txt index 77f91046..c767ec0c 100644 --- a/fixtures/locks-e2e/2-pom.xml.out.txt +++ b/fixtures/locks-e2e/2-pom.xml.out.txt @@ -16,7 +16,8 @@ fixtures/locks-e2e/2-pom.xml: found 8 packages GHSA-m72m-mhq2-9p6c: Uncaught Exception in jsoup (https://github.com/advisories/GHSA-m72m-mhq2-9p6c) org.owasp.esapi:esapi@2.1.0 is affected by the following vulnerabilities: GHSA-2g56-7jv7-wxxq: Missing Cryptographic Step in OWASP Enterprise Security API for Java (https://github.com/advisories/GHSA-2g56-7jv7-wxxq) + GHSA-7c2q-5qmr-v76q: DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 (https://github.com/advisories/GHSA-7c2q-5qmr-v76q) GHSA-8m5h-hrqm-pxm2: Path traversal in the OWASP Enterprise Security API (https://github.com/advisories/GHSA-8m5h-hrqm-pxm2) GHSA-q77q-vx4q-xx6q: Cross-site Scripting in org.owasp.esapi:esapi (https://github.com/advisories/GHSA-q77q-vx4q-xx6q) - 11 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml + 12 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml diff --git a/fixtures/locks-e2e/2-yarn.lock.out.txt b/fixtures/locks-e2e/2-yarn.lock.out.txt index 27b19e32..451a9afa 100644 --- a/fixtures/locks-e2e/2-yarn.lock.out.txt +++ b/fixtures/locks-e2e/2-yarn.lock.out.txt @@ -28,6 +28,8 @@ fixtures/locks-e2e/2-yarn.lock: found 1991 packages GHSA-fwr7-v2mv-hh25: Prototype Pollution in async (https://github.com/advisories/GHSA-fwr7-v2mv-hh25) async@3.2.0 is affected by the following vulnerabilities: GHSA-fwr7-v2mv-hh25: Prototype Pollution in async (https://github.com/advisories/GHSA-fwr7-v2mv-hh25) + browserify-sign@4.2.0 is affected by the following vulnerabilities: + GHSA-x9w5-v3q2-3rhw: browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack (https://github.com/advisories/GHSA-x9w5-v3q2-3rhw) debug@3.2.6 is affected by the following vulnerabilities: GHSA-gxpj-cx7g-858c: Regular Expression Denial of Service in debug (https://github.com/advisories/GHSA-gxpj-cx7g-858c) debug@4.1.1 is affected by the following vulnerabilities: @@ -68,7 +70,6 @@ fixtures/locks-e2e/2-yarn.lock: found 1991 packages lodash@4.17.19 is affected by the following vulnerabilities: GHSA-29mw-wpgm-hmr9: Regular Expression Denial of Service (ReDoS) in lodash (https://github.com/advisories/GHSA-29mw-wpgm-hmr9) GHSA-35jh-r3h4-6jhm: Command Injection in lodash (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) - GHSA-p6mc-m468-83gw: Prototype Pollution in lodash (https://github.com/advisories/GHSA-p6mc-m468-83gw) minimatch@3.0.4 is affected by the following vulnerabilities: GHSA-f8q6-p94x-37v3: minimatch ReDoS vulnerability (https://github.com/advisories/GHSA-f8q6-p94x-37v3) minimist@1.2.5 is affected by the following vulnerabilities: