diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index bec805373f3..bd01e2f2e36 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -66,11 +66,21 @@ Loaded filter from: /fixtures/locks-many/osv-scanner.toml "version": "2.1.0", "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "/r/n", "/n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -78,11 +88,22 @@ Loaded filter from: /fixtures/locks-many/osv-scanner.toml "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "properties": {} @@ -165,6 +186,7 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip "version": "2.1.0", "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -172,37 +194,58 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip "index": -1, "uri": "file:///fixtures/locks-many/package-lock.json" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "/r/n", "/n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///fixtures/locks-many/package-lock.json" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'ansi-html@0.0.1' is vulnerable to 'CVE-2021-23424' (also known as 'GHSA-whgm-jr23-g3j9')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2021-23424", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -210,8 +253,11 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -230,14 +276,22 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip "properties": { "security-severity": "7.5" }, + "relationships": [], "shortDescription": { "markdown": "CVE-2021-23424: Uncontrolled Resource Consumption in ansi-html" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "properties": {} @@ -1416,6 +1470,7 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as "version": "2.1.0", "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1423,58 +1478,91 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as "index": -1, "uri": "file:///fixtures/locks-insecure/osv-scanner-flutter-deps.json" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "/r/n", "/n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///fixtures/locks-insecure/osv-scanner-flutter-deps.json" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'https://github.com/brendan-duncan/archive.git@9de7a054' is vulnerable to 'CVE-2023-39137' (also known as 'GHSA-r285-q736-9v95')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2023-39137", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///fixtures/locks-insecure/osv-scanner-flutter-deps.json" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'https://github.com/brendan-duncan/archive.git@9de7a054' is vulnerable to 'CVE-2023-39139' (also known as 'GHSA-9v85-q87q-g4vg')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2023-39139", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1482,8 +1570,11 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1502,6 +1593,7 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as "properties": { "security-severity": "7.8" }, + "relationships": [], "shortDescription": { "markdown": "CVE-2023-39137" } @@ -1523,14 +1615,22 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as "properties": { "security-severity": "7.8" }, + "relationships": [], "shortDescription": { "markdown": "CVE-2023-39139" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "properties": {} diff --git a/go.mod b/go.mod index c6c227054d8..9d741e295cd 100644 --- a/go.mod +++ b/go.mod @@ -10,56 +10,56 @@ require ( github.com/BurntSushi/toml v1.5.0 github.com/CycloneDX/cyclonedx-go v0.9.2 github.com/charmbracelet/bubbles v0.21.0 - github.com/charmbracelet/bubbletea v1.3.5 + github.com/charmbracelet/bubbletea v1.3.6 github.com/charmbracelet/glamour v0.10.0 github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 github.com/gkampitakis/go-snaps v0.5.13 github.com/go-git/go-billy/v5 v5.6.2 github.com/go-git/go-git/v5 v5.16.2 github.com/google/go-cmp v0.7.0 - github.com/google/osv-scalibr v0.3.1-0.20250709041632-ed2676c6ae1b + github.com/google/osv-scalibr v0.3.1 github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5 github.com/jedib0t/go-pretty/v6 v6.6.7 github.com/muesli/reflow v0.3.0 github.com/opencontainers/go-digest v1.0.0 github.com/ossf/osv-schema/bindings/go v0.0.0-20250701001340-180f03cc6901 - github.com/owenrumney/go-sarif/v3 v3.2.0 + github.com/owenrumney/go-sarif/v3 v3.2.1 github.com/package-url/packageurl-go v0.1.3 github.com/pandatix/go-cvss v0.6.2 github.com/tidwall/gjson v1.18.0 github.com/tidwall/pretty v1.2.1 github.com/tidwall/sjson v1.2.5 github.com/urfave/cli/v3 v3.3.8 - golang.org/x/net v0.41.0 - golang.org/x/sync v0.15.0 - golang.org/x/term v0.32.0 + golang.org/x/net v0.42.0 + golang.org/x/sync v0.16.0 + golang.org/x/term v0.33.0 golang.org/x/vuln v1.1.4 google.golang.org/grpc v1.73.0 google.golang.org/protobuf v1.36.6 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v3 v3.0.1 - osv.dev/bindings/go v0.0.0-20250703002655-86a45a84b008 + osv.dev/bindings/go v0.0.0-20250711005142-008c9112d045 ) require ( - dario.cat/mergo v1.0.1 // indirect - deps.dev/api/v3alpha v0.0.0-20250616031631-419a06b41f9b // indirect - deps.dev/util/pypi v0.0.0-20250616031631-419a06b41f9b // indirect + dario.cat/mergo v1.0.2 // indirect + deps.dev/api/v3alpha v0.0.0-20250630145910-0bba51f925b0 // indirect + deps.dev/util/pypi v0.0.0-20250630145910-0bba51f925b0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect + github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa // indirect github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.13.0 // indirect - github.com/ProtonMail/go-crypto v1.1.6 // indirect - github.com/alecthomas/chroma/v2 v2.14.0 // indirect - github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 // indirect + github.com/ProtonMail/go-crypto v1.3.0 // indirect + github.com/alecthomas/chroma/v2 v2.19.0 // indirect + github.com/anchore/go-struct-converter v0.0.0-20250211213226-cce56d595160 // indirect github.com/atotto/clipboard v0.1.4 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/aymerick/douceur v0.2.0 // indirect - github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect - github.com/charmbracelet/x/ansi v0.8.0 // indirect + github.com/charmbracelet/colorprofile v0.3.1 // indirect + github.com/charmbracelet/x/ansi v0.9.3 // indirect github.com/charmbracelet/x/cellbuf v0.0.13 // indirect - github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf // indirect + github.com/charmbracelet/x/exp/slice v0.0.0-20250711012602-b1f986320f7e // indirect github.com/charmbracelet/x/term v0.2.1 // indirect github.com/cloudflare/circl v1.6.1 // indirect github.com/containerd/cgroups/v3 v3.0.5 // indirect @@ -78,16 +78,16 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/dlclark/regexp2 v1.11.0 // indirect - github.com/docker/cli v28.2.2+incompatible // indirect + github.com/dlclark/regexp2 v1.11.5 // indirect + github.com/docker/cli v28.3.2+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v28.2.2+incompatible // indirect + github.com/docker/docker v28.3.2+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go-connections v0.5.0 // indirect - github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect + github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect - github.com/edsrzf/mmap-go v1.1.0 // indirect + github.com/edsrzf/mmap-go v1.2.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/erikvarga/go-rpmdb v0.0.0-20250523120114-a15a62cd4593 // indirect @@ -132,7 +132,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.12.0 // indirect - github.com/pjbgf/sha1cd v0.3.2 // indirect + github.com/pjbgf/sha1cd v0.4.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/rivo/uniseg v0.4.7 // indirect @@ -141,10 +141,10 @@ require ( github.com/saferwall/pe v1.5.7 // indirect github.com/sahilm/fuzzy v0.1.1 // indirect github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d // indirect - github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/sergi/go-diff v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.3.1 // indirect - github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect + github.com/spdx/gordf v0.0.0-20250128162952-000978ccd6fb // indirect github.com/spdx/tools-golang v0.5.5 // indirect github.com/tidwall/jsonc v0.3.2 // indirect github.com/tidwall/match v1.1.1 // indirect @@ -154,34 +154,35 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - github.com/yuin/goldmark v1.7.8 // indirect - github.com/yuin/goldmark-emoji v1.0.5 // indirect - go.etcd.io/bbolt v1.4.1 // indirect + github.com/yuin/goldmark v1.7.12 // indirect + github.com/yuin/goldmark-emoji v1.0.6 // indirect + go.etcd.io/bbolt v1.4.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.36.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect + go.opentelemetry.io/otel v1.37.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect + go.opentelemetry.io/otel/metric v1.37.0 // indirect + go.opentelemetry.io/otel/trace v1.37.0 // indirect go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.39.0 // indirect - golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect - golang.org/x/mod v0.25.0 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect - golang.org/x/text v0.26.0 // indirect - golang.org/x/tools v0.34.0 // indirect - golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect + go.yaml.in/yaml/v2 v2.4.2 // indirect + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc // indirect + golang.org/x/mod v0.26.0 // indirect + golang.org/x/sys v0.34.0 // indirect + golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b // indirect + golang.org/x/text v0.27.0 // indirect + golang.org/x/tools v0.35.0 // indirect + golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect + google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - modernc.org/libc v1.65.10 // indirect + modernc.org/libc v1.66.3 // indirect modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect modernc.org/sqlite v1.38.0 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect + sigs.k8s.io/yaml v1.5.0 // indirect www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7 // indirect ) diff --git a/go.sum b/go.sum index fab6058ec03..9f0171ba934 100644 --- a/go.sum +++ b/go.sum @@ -1,22 +1,22 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= +dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= deps.dev/api/v3 v3.0.0-20250630145910-0bba51f925b0 h1:zdDzsfnmut9NRg97rLvTUz18a5/PT8bD86+Lznjr7ZU= deps.dev/api/v3 v3.0.0-20250630145910-0bba51f925b0/go.mod h1:RSb9WX7VQfXyyAGG1rGmmq946waxJv728xvrYryI1/4= -deps.dev/api/v3alpha v0.0.0-20250616031631-419a06b41f9b h1:xO1kaQM4lCsZVuQ6MHVHiwP6TaHfmrJllDC+PIy28jA= -deps.dev/api/v3alpha v0.0.0-20250616031631-419a06b41f9b/go.mod h1:n8TeIsqiv9yuAQwdHfd85jfDp8Ed0Xka5iysKkQ7Zxw= +deps.dev/api/v3alpha v0.0.0-20250630145910-0bba51f925b0 h1:wrI8rh7j+MExb5TUhZiUbPVXPqsT6z9+Dj0k39zFB5o= +deps.dev/api/v3alpha v0.0.0-20250630145910-0bba51f925b0/go.mod h1:n8TeIsqiv9yuAQwdHfd85jfDp8Ed0Xka5iysKkQ7Zxw= deps.dev/util/maven v0.0.0-20250630145910-0bba51f925b0 h1:fYyqMczDgGedwh0iuaZ/CU3NlVA0oEQ+FGBBtuElDgM= deps.dev/util/maven v0.0.0-20250630145910-0bba51f925b0/go.mod h1:eGrXziwI7scSGrwIj+5EBHtTeSxAZD/yi8Hb3nFXesA= -deps.dev/util/pypi v0.0.0-20250616031631-419a06b41f9b h1:/wLobRCsov+VygLKSnBzv1WuHO/KHxnodBIU7Q7RdTw= -deps.dev/util/pypi v0.0.0-20250616031631-419a06b41f9b/go.mod h1:qmA0z/Lsfa1FMtuLd9JmVZLMHR3GBX/EmbM6z1X3EDU= +deps.dev/util/pypi v0.0.0-20250630145910-0bba51f925b0 h1:a1JzU74qfv/L+sQ/eQ9bzqzltR/gKXM0oXEQveboIQ4= +deps.dev/util/pypi v0.0.0-20250630145910-0bba51f925b0/go.mod h1:qmA0z/Lsfa1FMtuLd9JmVZLMHR3GBX/EmbM6z1X3EDU= deps.dev/util/resolve v0.0.0-20250630145910-0bba51f925b0 h1:TZFTsskP82X/WnRcKoAfjIPHgLDKWv9uxe6m1iDJsmA= deps.dev/util/resolve v0.0.0-20250630145910-0bba51f925b0/go.mod h1:pobYJ3ugv0kbuuizXt//fwvia+u1DrHpx+FewNHXloY= deps.dev/util/semver v0.0.0-20250630145910-0bba51f925b0 h1:1XAKrFwg/X3V3FX33+bD4Xc6Aauad95TQ1WeyFbs2fY= deps.dev/util/semver v0.0.0-20250630145910-0bba51f925b0/go.mod h1:jjJweVqtuMQ7Q4zlTQ/kCHpboojkRvpMYlhy/c93DVU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa h1:x6kFzdPgBoLbyoNkA/jny0ENpoEz4wqY8lPTQL2DPkg= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -31,17 +31,17 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= github.com/Microsoft/hcsshim v0.13.0/go.mod h1:9KWJ/8DgU+QzYGupX4tzMhRQE8h6w90lH6HAaclpEok= -github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= -github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/alecthomas/assert/v2 v2.7.0 h1:QtqSACNS3tF7oasA8CU6A6sXZSBDqnm7RfpLl9bZqbE= -github.com/alecthomas/assert/v2 v2.7.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= -github.com/alecthomas/chroma/v2 v2.14.0 h1:R3+wzpnUArGcQz7fCETQBzO5n9IMNi13iIs46aU4V9E= -github.com/alecthomas/chroma/v2 v2.14.0/go.mod h1:QolEbTfmUHIMVpBqxeDnNBj2uoeI4EbYP4i6n68SG4I= +github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= +github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= +github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= +github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= +github.com/alecthomas/chroma/v2 v2.19.0 h1:Im+SLRgT8maArxv81mULDWN8oKxkzboH07CHesxElq4= +github.com/alecthomas/chroma/v2 v2.19.0/go.mod h1:RVX6AvYm4VfYe/zsk7mjHueLDZor3aWCNE14TFlepBk= github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc= github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= -github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 h1:6COpXWpHbhWM1wgcQN95TdsmrLTba8KQfPgImBXzkjA= -github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= +github.com/anchore/go-struct-converter v0.0.0-20250211213226-cce56d595160 h1:r8/1fxpbDMlQO6GgQiud1uL5eAu3p/NVUmfNx95/KY8= +github.com/anchore/go-struct-converter v0.0.0-20250211213226-cce56d595160/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -61,22 +61,22 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs= github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg= -github.com/charmbracelet/bubbletea v1.3.5 h1:JAMNLTbqMOhSwoELIr0qyP4VidFq72/6E9j7HHmRKQc= -github.com/charmbracelet/bubbletea v1.3.5/go.mod h1:TkCnmH+aBd4LrXhXcqrKiYwRs7qyQx5rBgH5fVY3v54= -github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs= -github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk= +github.com/charmbracelet/bubbletea v1.3.6 h1:VkHIxPJQeDt0aFJIsVxw8BQdh/F/L2KKZGsK6et5taU= +github.com/charmbracelet/bubbletea v1.3.6/go.mod h1:oQD9VCRQFF8KplacJLo28/jofOI2ToOfGYeFgBBxHOc= +github.com/charmbracelet/colorprofile v0.3.1 h1:k8dTHMd7fgw4bnFd7jXTLZrSU/CQrKnL3m+AxCzDz40= +github.com/charmbracelet/colorprofile v0.3.1/go.mod h1:/GkGusxNs8VB/RSOh3fu0TJmQ4ICMMPApIIVn0KszZ0= github.com/charmbracelet/glamour v0.10.0 h1:MtZvfwsYCx8jEPFJm3rIBFIMZUfUJ765oX8V6kXldcY= github.com/charmbracelet/glamour v0.10.0/go.mod h1:f+uf+I/ChNmqo087elLnVdCiVgjSKWuXa/l6NU2ndYk= github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 h1:ZR7e0ro+SZZiIZD7msJyA+NjkCNNavuiPBLgerbOziE= github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834/go.mod h1:aKC/t2arECF6rNOnaKaVU6y4t4ZeHQzqfxedE/VkVhA= -github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE= -github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q= +github.com/charmbracelet/x/ansi v0.9.3 h1:BXt5DHS/MKF+LjuK4huWrC6NCvHtexww7dMayh6GXd0= +github.com/charmbracelet/x/ansi v0.9.3/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE= github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k= github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs= github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91 h1:payRxjMjKgx2PaCWLZ4p3ro9y97+TVLZNaRZgJwSVDQ= github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U= -github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf h1:rLG0Yb6MQSDKdB52aGX55JT1oi0P0Kuaj7wi1bLUpnI= -github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf/go.mod h1:B3UgsnsBZS/eX42BlaNiJkD1pPOUa+oF1IYC6Yd2CEU= +github.com/charmbracelet/x/exp/slice v0.0.0-20250711012602-b1f986320f7e h1:uuxP7L/srRKTMRPUCZsARYBr9x/bULlN6Sc28aUAIJU= +github.com/charmbracelet/x/exp/slice v0.0.0-20250711012602-b1f986320f7e/go.mod h1:vI5nDVMWi6veaYH+0Fmvpbe/+cv/iJfMntdh+N0+Tms= github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ= github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -117,26 +117,27 @@ github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb h1:4W/2rQ3wzEimF5s+J6 github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb/go.mod h1:B3tI9iGHi4imdLi4Asdha1Sc6feLMTfPLXh9IUYmysk= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= -github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/docker/cli v28.2.2+incompatible h1:qzx5BNUDFqlvyq4AHzdNB7gSyVTmU4cgsyN9SdInc1A= -github.com/docker/cli v28.2.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= +github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/docker/cli v28.3.2+incompatible h1:mOt9fcLE7zaACbxW1GeS65RI67wIJrTnqS3hP2huFsY= +github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw= -github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA= +github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 h1:EHZfspsnLAz8Hzccd67D5abwLiqoqym2jz/jOS39mCk= +github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= +github.com/edsrzf/mmap-go v1.2.0 h1:hXLYlkbaPzt1SaQk+anYwKSRNhufIDCchSPkUD6dD84= +github.com/edsrzf/mmap-go v1.2.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= @@ -212,8 +213,8 @@ github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 h1:5/4TSDzpDnHQ8rKEEQBjRlYx77mHOvXu08oGchxej7o= github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932/go.mod h1:cC6EdPbj/17GFCPDK39NRarlMI+kt+O60S12cNB5J9Y= -github.com/google/osv-scalibr v0.3.1-0.20250709041632-ed2676c6ae1b h1:d0JKpldDQBInjI1mx0kX+NL0ZXEcfPB9c6QKBLfwRDo= -github.com/google/osv-scalibr v0.3.1-0.20250709041632-ed2676c6ae1b/go.mod h1:dUF/iQx3OboIV/z1N1S2Bji1esSvAj/sWlLzQ7BXhmo= +github.com/google/osv-scalibr v0.3.1 h1:bXSaKfhlh7Q4ysLLjfFRJ1HONFsLyYvPOXD9v94yi0M= +github.com/google/osv-scalibr v0.3.1/go.mod h1:dUF/iQx3OboIV/z1N1S2Bji1esSvAj/sWlLzQ7BXhmo= github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs= github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -307,14 +308,14 @@ github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplU github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/ossf/osv-schema/bindings/go v0.0.0-20250701001340-180f03cc6901 h1:WqiL5LXnCYjEgibZc+M8+jamka8gi1ySjNiuqFWWKEE= github.com/ossf/osv-schema/bindings/go v0.0.0-20250701001340-180f03cc6901/go.mod h1:lILztSxHU7VsdlYqCnwgxSDBhbXMf7iEQWtldJCDXPo= -github.com/owenrumney/go-sarif/v3 v3.2.0 h1:CeEyt2zFTT37rMhzWefVISV9fpyhA8AmqgK7VnKi1Bc= -github.com/owenrumney/go-sarif/v3 v3.2.0/go.mod h1:S2sdyDnv0sxN5x+M8iFZIzZE2+uTX/1uXlwTRx0efT0= +github.com/owenrumney/go-sarif/v3 v3.2.1 h1:Dogf2wkOxxRkG3O/B9T6dokyDSl36q19tlMYtXOTThE= +github.com/owenrumney/go-sarif/v3 v3.2.1/go.mod h1:S2sdyDnv0sxN5x+M8iFZIzZE2+uTX/1uXlwTRx0efT0= github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs= github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0= github.com/pandatix/go-cvss v0.6.2 h1:TFiHlzUkT67s6UkelHmK6s1INKVUG7nlKYiWWDTITGI= github.com/pandatix/go-cvss v0.6.2/go.mod h1:jDXYlQBZrc8nvrMUVVvTG8PhmuShOnKrxP53nOFkt8Q= -github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= -github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= +github.com/pjbgf/sha1cd v0.4.0 h1:NXzbL1RvjTUi6kgYZCX3fPwwl27Q1LJndxtUDVfJGRY= +github.com/pjbgf/sha1cd v0.4.0/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -341,16 +342,16 @@ github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA= github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y= github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d h1:RQqyEogx5J6wPdoxqL132b100j8KjcVHO1c0KLRoIhc= github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d/go.mod h1:PegD7EVqlN88z7TpCqH92hHP+GBpfomGCCnw1PFtNOA= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= +github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY= -github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= +github.com/spdx/gordf v0.0.0-20250128162952-000978ccd6fb h1:7G2Czq97VORM5xNRrD8tSQdhoXPRs8s+Otlc7st9TS0= +github.com/spdx/gordf v0.0.0-20250128162952-000978ccd6fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/tools-golang v0.5.5 h1:61c0KLfAcNqAjlg6UNMdkwpMernhw3zVRwDZ2x9XOmk= github.com/spdx/tools-golang v0.5.5/go.mod h1:MVIsXx8ZZzaRWNQpUDhC4Dud34edUYJYecciXgrw5vE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -400,55 +401,58 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJu github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= -github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -github.com/yuin/goldmark-emoji v1.0.5 h1:EMVWyCGPlXJfUXBXpuMu+ii3TIaxbVBnEX9uaDC4cIk= -github.com/yuin/goldmark-emoji v1.0.5/go.mod h1:tTkZEbwu5wkPmgTcitqddVxY9osFZiavD+r4AzQrh1U= -go.etcd.io/bbolt v1.4.1 h1:5mOV+HWjIPLEAlUGMsveaUvK2+byZMFOzojoi7bh7uI= -go.etcd.io/bbolt v1.4.1/go.mod h1:c8zu2BnXWTu2XM4XcICtbGSl9cFwsXtcf9zLt2OncM8= +github.com/yuin/goldmark v1.7.12 h1:YwGP/rrea2/CnCtUHgjuolG/PnMxdQtPMO5PvaE2/nY= +github.com/yuin/goldmark v1.7.12/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg= +github.com/yuin/goldmark-emoji v1.0.6 h1:QWfF2FYaXwL74tfGOW5izeiZepUDroDJfWubQI9HTHs= +github.com/yuin/goldmark-emoji v1.0.6/go.mod h1:ukxJDKFpdFb5x0a5HqbdlcKtebh086iJpI31LTKmWuA= +go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I= +go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= +go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= +go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE= +go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= -golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM= -golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8= +golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc h1:TS73t7x3KarrNd5qAipmspBDS1rkMcgVG/fS1aRb4Rc= +golang.org/x/exp v0.0.0-20250711185948-6ae5c78190dc/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= -golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= +golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -461,8 +465,8 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -470,8 +474,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= -golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -487,21 +491,21 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= -golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b h1:DU+gwOBXU+6bO0sEyO7o/NeMlxZxCZEvI7v+J4a1zRQ= +golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= -golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= +golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= +golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= +golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= +golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -513,27 +517,31 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= +golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= +golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I= golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= +golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY= +golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 h1:hE3bRWtU6uceqlh4fhrSnUyjKHMKB9KrTLLG+bc0ddM= -google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 h1:FGOcxvKlJgRBVbXeugjljCfCgfKWhC42FBoYmTCWVBs= +google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:249YoW4b1INqFTEop2T4aJgiO7UBYJrpejsaLvjWfI8= +google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU= +google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -569,16 +577,18 @@ gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -modernc.org/cc/v4 v4.26.1 h1:+X5NtzVBn0KgsBCBe+xkDC7twLb/jNVj9FPgiwSQO3s= -modernc.org/cc/v4 v4.26.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= +modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM= +modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU= modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE= -modernc.org/fileutil v1.3.3 h1:3qaU+7f7xxTUmvU1pJTZiDLAIoJVdUSSauJNHg9yXoA= -modernc.org/fileutil v1.3.3/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc= +modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM= +modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc= modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito= -modernc.org/libc v1.65.10 h1:ZwEk8+jhW7qBjHIT+wd0d9VjitRyQef9BnzlzGwMODc= -modernc.org/libc v1.65.10/go.mod h1:StFvYpx7i/mXtBAfVOjaU0PWZOvIRoZSgXhrwXzr8Po= +modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks= +modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI= +modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ= +modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8= modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI= @@ -593,9 +603,10 @@ modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= -osv.dev/bindings/go v0.0.0-20250703002655-86a45a84b008 h1:EpO1KNnv4zZV+VMe43JE3SgT9Si+krssSIzeLRZTTww= -osv.dev/bindings/go v0.0.0-20250703002655-86a45a84b008/go.mod h1:MMrvBuSUE6W8k5wqf0UqbT9uj6ilcsTx5tVH5izPwsA= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +osv.dev/bindings/go v0.0.0-20250711005142-008c9112d045 h1:lC6e/vQLzA+tl4+6rizH+Yr4gqMbS5Kdr5q06IEt71U= +osv.dev/bindings/go v0.0.0-20250711005142-008c9112d045/go.mod h1:MMrvBuSUE6W8k5wqf0UqbT9uj6ilcsTx5tVH5izPwsA= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ= +sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4= www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7 h1:BMX/37sYwX+8JhHt+YNbPfbx7dXG1w1L1mXonNBtjt0= www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7/go.mod h1:pxSECT5mWM3goJ4sxB4HCJNKnKqiAlpyT8XnvBwkLGU= diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index f103dadae19..a07036e09b4 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -16,6 +16,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -23,7 +24,8 @@ "index": -1, "uri": "file:///path/to/sub-rust-project/Cargo.lock" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -31,79 +33,124 @@ "index": -1, "uri": "file:///path/to/go.mod" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///path/to/sub-rust-project/Cargo.lock" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'regex@1.5.1' is vulnerable to 'CVE-2022-24713' (also known as 'RUSTSEC-2022-0013', 'GHSA-m5pq-gvj9-9vr8')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2022-24713", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///path/to/go.mod" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'github.com/gogo/protobuf@1.3.1' is vulnerable to 'CVE-2021-3121' (also known as 'GO-2021-0053', 'GHSA-c3h9-896r-86jm')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2021-3121", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "file:///path/to/sub-rust-project/Cargo.lock" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'regex@1.5.1' is vulnerable to 'CVE-2022-24713' (also known as 'RUSTSEC-2022-0013', 'GHSA-m5pq-gvj9-9vr8')." }, "rank": -1, + "relatedLocations": [], "ruleId": "CVE-2022-24713", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -111,8 +158,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -132,6 +182,7 @@ "properties": { "security-severity": "7.5" }, + "relationships": [], "shortDescription": { "markdown": "CVE-2022-24713: Regexes with large repetitions on empty sub-expressions take a very long time to parse" } @@ -151,14 +202,22 @@ }, "id": "CVE-2021-3121", "name": "CVE-2021-3121", + "relationships": [], "shortDescription": { "markdown": "CVE-2021-3121: Panic due to improper input validation in github.com/gogo/protobuf" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -171,11 +230,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -183,11 +252,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -200,11 +280,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -212,11 +302,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -229,11 +330,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -241,11 +352,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -258,11 +380,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -270,11 +402,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -287,11 +430,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -299,11 +452,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -316,11 +480,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -328,11 +502,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -345,11 +530,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -357,11 +552,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -374,11 +580,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -386,11 +602,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -403,11 +630,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -415,11 +652,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -432,11 +680,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -444,11 +702,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -461,11 +730,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -473,11 +752,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -490,11 +780,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -502,11 +802,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -519,11 +830,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -531,11 +852,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -548,11 +880,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -560,11 +902,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -577,11 +930,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -589,11 +952,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -606,11 +980,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -618,11 +1002,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -635,11 +1030,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -647,11 +1052,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -664,6 +1080,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -671,7 +1088,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -679,7 +1097,8 @@ "index": -1, "uri": "path/to/my/third/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -687,79 +1106,124 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/third/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -767,8 +1231,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -783,6 +1250,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -800,14 +1268,22 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -820,6 +1296,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -827,7 +1304,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -835,7 +1313,8 @@ "index": -1, "uri": "path/to/my/third/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -843,79 +1322,124 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/third/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -923,8 +1447,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -939,6 +1466,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -956,14 +1484,22 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -976,6 +1512,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -983,7 +1520,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -991,7 +1529,8 @@ "index": -1, "uri": "path/to/my/third/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -999,79 +1538,124 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@abcxzy' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/third/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@abc123' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1079,8 +1663,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1095,6 +1682,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -1112,14 +1700,22 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1132,6 +1728,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1139,37 +1736,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1177,8 +1795,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1193,14 +1814,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1213,6 +1842,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1220,37 +1850,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1258,8 +1909,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1274,14 +1928,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1294,6 +1956,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1301,37 +1964,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1339,8 +2023,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1355,14 +2042,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1375,6 +2070,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1382,37 +2078,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1420,8 +2137,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1436,14 +2156,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1456,6 +2184,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1463,7 +2192,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -1471,142 +2201,223 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-3'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-3", - "ruleIndex": 2 + "ruleIndex": 2, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1614,8 +2425,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1630,6 +2444,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -1647,6 +2462,7 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } @@ -1664,6 +2480,7 @@ }, "id": "OSV-3", "name": "OSV-3", + "relationships": [], "shortDescription": { "markdown": "OSV-3: Something mildly scary!" } @@ -1681,14 +2498,22 @@ }, "id": "OSV-5", "name": "OSV-5", + "relationships": [], "shortDescription": { "markdown": "OSV-5: Something scarier!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1701,6 +2526,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1708,7 +2534,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -1716,142 +2543,223 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-3'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-3", - "ruleIndex": 2 + "ruleIndex": 2, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1859,8 +2767,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -1875,6 +2786,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -1892,6 +2804,7 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } @@ -1909,6 +2822,7 @@ }, "id": "OSV-3", "name": "OSV-3", + "relationships": [], "shortDescription": { "markdown": "OSV-3: Something mildly scary!" } @@ -1926,14 +2840,22 @@ }, "id": "OSV-5", "name": "OSV-5", + "relationships": [], "shortDescription": { "markdown": "OSV-5: Something scarier!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1946,11 +2868,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -1958,11 +2890,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -1975,6 +2918,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -1982,7 +2926,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -1990,7 +2935,8 @@ "index": -1, "uri": "path/to/my/third/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -1998,79 +2944,124 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/third/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2078,8 +3069,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -2094,6 +3088,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -2111,14 +3106,22 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2131,6 +3134,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -2138,7 +3142,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -2146,142 +3151,223 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-3'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-3", - "ruleIndex": 2 + "ruleIndex": 2, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@1.2.3' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2289,8 +3375,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -2305,6 +3394,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -2322,6 +3412,7 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } @@ -2339,6 +3430,7 @@ }, "id": "OSV-3", "name": "OSV-3", + "relationships": [], "shortDescription": { "markdown": "OSV-3: Something mildly scary!" } @@ -2356,14 +3448,22 @@ }, "id": "OSV-5", "name": "OSV-5", + "relationships": [], "shortDescription": { "markdown": "OSV-5: Something scarier!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2376,6 +3476,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -2383,7 +3484,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -2391,142 +3493,223 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-3'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-3", - "ruleIndex": 2 + "ruleIndex": 2, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@1.2.3' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2534,8 +3717,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -2550,6 +3736,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -2567,6 +3754,7 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } @@ -2584,6 +3772,7 @@ }, "id": "OSV-3", "name": "OSV-3", + "relationships": [], "shortDescription": { "markdown": "OSV-3: Something mildly scary!" } @@ -2601,14 +3790,22 @@ }, "id": "OSV-5", "name": "OSV-5", + "relationships": [], "shortDescription": { "markdown": "OSV-5: Something scarier!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2621,6 +3818,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -2628,7 +3826,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -2636,142 +3835,223 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@123abc' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@abcxyz' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-3'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-3", - "ruleIndex": 2 + "ruleIndex": 2, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author1/mine1@123abc' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'author3/mine3@0.4.1' is vulnerable to 'OSV-5'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-5", - "ruleIndex": 3 + "ruleIndex": 3, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2779,8 +4059,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -2795,6 +4078,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } @@ -2812,6 +4096,7 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2: Something less scary!" } @@ -2829,6 +4114,7 @@ }, "id": "OSV-3", "name": "OSV-3", + "relationships": [], "shortDescription": { "markdown": "OSV-3: Something mildly scary!" } @@ -2846,14 +4132,22 @@ }, "id": "OSV-5", "name": "OSV-5", + "relationships": [], "shortDescription": { "markdown": "OSV-5: Something scarier!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2866,11 +4160,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2878,11 +4182,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2895,11 +4210,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2907,11 +4232,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2924,11 +4260,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2936,11 +4282,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2953,11 +4310,21 @@ "properties": {}, "runs": [ { + "addresses": [], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], + "results": [], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -2965,11 +4332,22 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], + "rules": [], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -2982,6 +4360,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -2989,58 +4368,91 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'GHSA-123'." }, "rank": -1, + "relatedLocations": [], "ruleId": "GHSA-123", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3048,8 +4460,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3064,6 +4479,7 @@ }, "id": "GHSA-123", "name": "GHSA-123", + "relationships": [], "shortDescription": { "markdown": "GHSA-123: Something scarier!" } @@ -3081,14 +4497,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3101,6 +4525,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3108,37 +4533,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3146,8 +4592,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3162,14 +4611,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3182,6 +4639,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3189,37 +4647,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3227,8 +4706,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3243,14 +4725,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3263,6 +4753,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3270,37 +4761,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3308,8 +4820,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3324,14 +4839,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3344,6 +4867,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3351,37 +4875,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3389,8 +4934,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3405,14 +4953,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3425,6 +4981,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3432,58 +4989,91 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3491,8 +5081,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3508,14 +5101,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3528,6 +5129,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3535,58 +5137,91 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3594,8 +5229,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3611,14 +5249,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3631,6 +5277,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3638,37 +5285,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@abc123' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3676,8 +5344,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3692,14 +5363,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3712,6 +5391,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3719,37 +5399,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@abc123' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3757,8 +5458,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3773,14 +5477,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3793,6 +5505,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3800,58 +5513,91 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine3@0.10.2-rc' is vulnerable to 'OSV-2'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-2", - "ruleIndex": 1 + "ruleIndex": 1, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3859,8 +5605,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3875,6 +5624,7 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1" } @@ -3892,14 +5642,22 @@ }, "id": "OSV-2", "name": "OSV-2", + "relationships": [], "shortDescription": { "markdown": "OSV-2" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3912,6 +5670,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -3919,37 +5678,58 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -3957,8 +5737,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -3973,14 +5756,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0" @@ -3993,6 +5784,7 @@ "properties": {}, "runs": [ { + "addresses": [], "artifacts": [ { "length": -1, @@ -4000,7 +5792,8 @@ "index": -1, "uri": "path/to/my/first/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] }, { "length": -1, @@ -4008,58 +5801,91 @@ "index": -1, "uri": "path/to/my/second/lockfile" }, - "parentIndex": -1 + "parentIndex": -1, + "roles": [] } ], + "graphs": [], + "invocations": [], "language": "en-US", + "logicalLocations": [], "newlineSequences": [ "\r\n", "\n" ], + "policies": [], + "redactionTokens": [], "results": [ { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/first/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] }, { + "attachments": [], + "codeFlows": [], + "fixes": [], + "graphTraversals": [], + "graphs": [], "kind": "fail", "level": "warning", "locations": [ { + "annotations": [], "id": -1, + "logicalLocations": [], "physicalLocation": { "artifactLocation": { "index": -1, "uri": "path/to/my/second/lockfile" } - } + }, + "relationships": [] } ], "message": { + "arguments": [], "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." }, "rank": -1, + "relatedLocations": [], "ruleId": "OSV-1", - "ruleIndex": 0 + "ruleIndex": 0, + "stacks": [], + "taxa": [] } ], + "runAggregates": [], + "taxonomies": [], + "threadFlowLocations": [], "tool": { "driver": { "contents": [ @@ -4067,8 +5893,11 @@ "nonLocalizedData" ], "informationUri": "https://github.com/google/osv-scanner", + "isComprehensive": false, "language": "en-US", + "locations": [], "name": "osv-scanner", + "notifications": [], "rules": [ { "deprecatedIds": [ @@ -4083,14 +5912,22 @@ }, "id": "OSV-1", "name": "OSV-1", + "relationships": [], "shortDescription": { "markdown": "OSV-1: Something scary!" } } ], + "supportedTaxonomies": [], + "taxa": [], "version": "2.1.0" - } - } + }, + "extensions": [] + }, + "translations": [], + "versionControlProvenance": [], + "webRequests": [], + "webResponses": [] } ], "version": "2.1.0"