fix: Add expected vulnerabilities to tests (#278)

afsmeira · web-flow · commit 9120504ff5a2 · 2026-04-20T11:52:06.000+01:00
diff --git a/docs/multiple-tests/all-patterns/results.xml b/docs/multiple-tests/all-patterns/results.xml
@@ -30,13 +30,13 @@
         <error
             source="vulnerability_medium"
             line="1"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging) (update to 2.25.4)"
             severity="warning"
         />
         <error
             source="vulnerability_medium"
             line="1"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification) (update to 2.25.4)"
             severity="warning"
         />
         <error
diff --git a/docs/multiple-tests/pattern-vulnerability-critical/results.xml b/docs/multiple-tests/pattern-vulnerability-critical/results.xml
@@ -43,13 +43,13 @@
         <error
             source="vulnerability_critical"
             line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
             severity="error"
         />
         <error
             source="vulnerability_critical"
             line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
             severity="error"
         />
     </file>
@@ -58,13 +58,13 @@
         <error
             source="vulnerability_critical"
             line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 0.31.0)"
             severity="error"
         />
         <error
             source="vulnerability_critical"
             line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: axios: Axios: Remote Code Execution via Prototype Pollution escalation) (update to 0.31.0)"
             severity="error"
         />
     </file>
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -242,13 +242,13 @@
         <error
             source="vulnerability_medium"
             line="1"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging) (update to 2.25.4)"
             severity="warning"
         />
         <error
             source="vulnerability_medium"
             line="1"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification) (update to 2.25.4)"
             severity="warning"
         />
     </file>
@@ -269,13 +269,13 @@
         <error
             source="vulnerability_medium"
             line="14"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging) (update to 2.25.4)"
             severity="warning"
         />
         <error
             source="vulnerability_medium"
             line="14"
-            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification) (update to 2.25.4)"
             severity="warning"
         />
     </file>
