Skip to content

Commit 4e43d47

Browse files
authored
Merge branch 'master' into dependabot/go_modules/github.com/hashicorp/go-getter-1.8.6
2 parents 4aacd19 + 53dda9a commit 4e43d47

6 files changed

Lines changed: 72 additions & 12 deletions

File tree

docs/multiple-tests/all-patterns/results.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,18 @@
2727
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification) (update to 2.25.3)"
2828
severity="warning"
2929
/>
30+
<error
31+
source="vulnerability_medium"
32+
line="1"
33+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
34+
severity="warning"
35+
/>
36+
<error
37+
source="vulnerability_medium"
38+
line="1"
39+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
40+
severity="warning"
41+
/>
3042
<error
3143
source="vulnerability_critical"
3244
line="2"

docs/multiple-tests/pattern-vulnerability-critical/results.xml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,13 @@
4343
<error
4444
source="vulnerability_critical"
4545
line="14"
46-
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF) (update to 1.15.0)"
46+
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
47+
severity="error"
48+
/>
49+
<error
50+
source="vulnerability_critical"
51+
line="14"
52+
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
4753
severity="error"
4854
/>
4955
</file>
@@ -52,7 +58,13 @@
5258
<error
5359
source="vulnerability_critical"
5460
line="5"
55-
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF) (update to 1.15.0)"
61+
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
62+
severity="error"
63+
/>
64+
<error
65+
source="vulnerability_critical"
66+
line="5"
67+
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
5668
severity="error"
5769
/>
5870
</file>

docs/multiple-tests/pattern-vulnerability-high/results.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,18 @@
112112
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-25679: net/url: Incorrect parsing of IPv6 host literals in net/url) (update to 1.25.8)"
113113
severity="high"
114114
/>
115+
<error
116+
source="vulnerability_high"
117+
line="5"
118+
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32280: During chain building, the amount of work that is done is not correctl ...) (update to 1.25.9)"
119+
severity="high"
120+
/>
121+
<error
122+
source="vulnerability_high"
123+
line="5"
124+
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32282: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root) (update to 1.25.9)"
125+
severity="high"
126+
/>
115127
</file>
116128

117129
<file name="javascript/package-lock.json">

docs/multiple-tests/pattern-vulnerability-medium/results.xml

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -239,6 +239,18 @@
239239
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
240240
severity="warning"
241241
/>
242+
<error
243+
source="vulnerability_medium"
244+
line="1"
245+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
246+
severity="warning"
247+
/>
248+
<error
249+
source="vulnerability_medium"
250+
line="1"
251+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
252+
severity="warning"
253+
/>
242254
</file>
243255

244256
<file name="java/pom.xml">
@@ -254,6 +266,18 @@
254266
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification) (update to 2.25.3)"
255267
severity="warning"
256268
/>
269+
<error
270+
source="vulnerability_medium"
271+
line="14"
272+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
273+
severity="warning"
274+
/>
275+
<error
276+
source="vulnerability_medium"
277+
line="14"
278+
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
279+
severity="warning"
280+
/>
257281
</file>
258282

259283
<file name="javascript/package-lock.json">
@@ -271,8 +295,8 @@
271295
/>
272296
<error
273297
source="vulnerability_medium"
274-
line="14"
275-
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-39865: axios: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption) (update to 1.13.2)"
298+
line="23"
299+
message="Insecure dependency npm/follow-redirects@1.15.6 (GHSA-r4q5-vmmm-2653: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets) (update to 1.16.0)"
276300
severity="warning"
277301
/>
278302
</file>
@@ -292,8 +316,8 @@
292316
/>
293317
<error
294318
source="vulnerability_medium"
295-
line="5"
296-
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-39865: axios: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption) (update to 1.13.2)"
319+
line="12"
320+
message="Insecure dependency npm/follow-redirects@1.15.6 (GHSA-r4q5-vmmm-2653: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets) (update to 1.16.0)"
297321
severity="warning"
298322
/>
299323
</file>

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ require (
1313
github.com/sirupsen/logrus v1.9.4 // Logrus is the logging library used in codacy-engine-golang-seed
1414
github.com/stretchr/testify v1.11.1
1515
go.uber.org/mock v0.6.0
16-
golang.org/x/mod v0.34.0
16+
golang.org/x/mod v0.35.0
1717
)
1818

1919
require (
@@ -388,7 +388,7 @@ require (
388388
golang.org/x/term v0.41.0 // indirect
389389
golang.org/x/text v0.35.0 // indirect
390390
golang.org/x/time v0.15.0 // indirect
391-
golang.org/x/tools v0.42.0 // indirect
391+
golang.org/x/tools v0.43.0 // indirect
392392
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
393393
google.golang.org/api v0.271.0 // indirect
394394
google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect

go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1168,8 +1168,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
11681168
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
11691169
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
11701170
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
1171-
golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
1172-
golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
1171+
golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
1172+
golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
11731173
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
11741174
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
11751175
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1247,8 +1247,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
12471247
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
12481248
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
12491249
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
1250-
golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
1251-
golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
1250+
golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
1251+
golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
12521252
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
12531253
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
12541254
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

0 commit comments

Comments
 (0)