test: update snapshots

[osv-robot]

The snapshots have changed, probably due to OSV advisories being changed.
Please review the differences to make sure that they're expected!

[cuixq]

I think the unit tests fail due to exit code mismatch - expected no vulnerability reported, we need to either manually modify the exit code (not preferred) or find a new test image with no vulnerability.

[G-Rath]

@cuixq I think checkout what Rex did for #2060

[another-rex]

@hogo6002 Can you have a look at picking another image (or updating this one)? I think what I did before won't work here, as this is the last package that has "unimportant" vulns, so if we ignore this we ignore everything. (Unless we just ignore this specific vuln I guess, but preferably we just update the image).

[hogo6002]

@hogo6002 Can you have a look at picking another image (or updating this one)? I think what I did before won't work here, as this is the last package that has "unimportant" vulns, so if we ignore this we ignore everything. (Unless we just ignore this specific vuln I guess, but preferably we just update the image).

It's meant to fail. It catches issues. It's uncommon for a vulnerability to go from unimportant to important. The issue is that Ubuntu has moved some priority tags from ecosystem-specific fields to severity fields (e.g. https://osv.dev/vulnerability/UBUNTU-CVE-2019-20838). We are still reading the tags from the ecosystem-specific section. But this transition is still in progress, some records only have priority under the ecosystem-specific section (https://osv.dev/vulnerability/UBUNTU-CVE-2017-7244). The fix here should be for us to read from both sections. I will make a different PR to fix it.

[hogo6002]

I will need to release osv.dev first to get Ubuntu severity type out first

[hogo6002]

fixed in #2076