fix: Add expected vulnerable test dependencies (#281)

afsmeira · web-flow · commit 4e5b06498b1d · 2026-04-29T17:02:00.000+02:00
diff --git a/docs/multiple-tests/pattern-vulnerability-critical/results.xml b/docs/multiple-tests/pattern-vulnerability-critical/results.xml
@@ -39,36 +39,6 @@
         />
     </file>
 
-    <file name="javascript/package-lock.json">
-        <error
-            source="vulnerability_critical"
-            line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
-            severity="error"
-        />
-        <error
-            source="vulnerability_critical"
-            line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
-            severity="error"
-        />
-    </file>
-
-    <file name="javascript/yarn.lock">
-        <error
-            source="vulnerability_critical"
-            line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
-            severity="error"
-        />
-        <error
-            source="vulnerability_critical"
-            line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
-            severity="error"
-        />
-    </file>
-
     <file name="python/Pipfile.lock">
         <error
             source="vulnerability_critical"
diff --git a/docs/multiple-tests/pattern-vulnerability-high/results.xml b/docs/multiple-tests/pattern-vulnerability-high/results.xml
@@ -115,13 +115,19 @@
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32280: During chain building, the amount of work that is done is not correctl ...) (update to 1.25.9)"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32280: crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building) (update to 1.25.9)"
             severity="high"
         />
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32282: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root) (update to 1.25.9)"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32281: crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation) (update to 1.25.9)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32283: If one side of the TLS connection sends multiple key update messages p ...) (update to 1.25.9)"
             severity="high"
         />
     </file>
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -209,19 +209,25 @@
         <error
             source="vulnerability_medium"
             line="3"
-            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32281: crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation) (update to 1.25.9)"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32288: archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive) (update to 1.25.9)"
             severity="warning"
         />
         <error
             source="vulnerability_medium"
             line="3"
-            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32288: archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive) (update to 1.25.9)"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32289: html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals) (update to 1.25.9)"
             severity="warning"
         />
         <error
             source="vulnerability_medium"
             line="3"
-            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32289: html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals) (update to 1.25.9)"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-22870: golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net) (update to 1.23.7)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32282: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root) (update to 1.25.9)"
             severity="warning"
         />
     </file>
@@ -287,6 +293,18 @@
             message="Insecure dependency npm/axios@0.21.0 (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="14"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="14"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
+            severity="warning"
+        />
         <error
             source="vulnerability_medium"
             line="14"
@@ -314,6 +332,18 @@
             message="Insecure dependency npm/axios@0.21.0 (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 0.28.0)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="5"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="5"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
+            severity="warning"
+        />
         <error
             source="vulnerability_medium"
             line="12"
