test: update snapshots

osv-robot · github-actions[bot] · commit 8dd9676edddd · 2026-03-02T19:08:18.000Z
diff --git a/tools/apitester/__snapshots__/cassette_TestCommand.snap b/tools/apitester/__snapshots__/cassette_TestCommand.snap
@@ -2700,9 +2700,8 @@
 
 [Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1]
 {
-  "results": [
-    {}
-  ]
+  "code": 504,
+  "message": "upstream request timeout"
 }
 
 ---
diff --git a/tools/apitester/__snapshots__/cassette_single_query.snap b/tools/apitester/__snapshots__/cassette_single_query.snap
@@ -3383,6 +3383,7 @@
       "details": "## Summary\n\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= 1.19.1`.\n\n## Severity\n\nThe maintainers have assessed this as **Medium** severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne researcher `d4d`.",
       "modified": "<RFC3339 date with the year 2026>",
       "published": "2026-02-18T21:57:38Z",
+      "related": ["CGA-wm7m-2wf3-587h"],
       "database_specific": "<Any value>",
       "references": [
         {

Original file line number	Diff line number	Diff line change
`@@ -2700,9 +2700,8 @@`
`2700`	`2700`
`2701`	`2701`	`[Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1]`
`2702`	`2702`	`{`
`2703`		`- "results": [`
`2704`		`- {}`
`2705`		`- ]`
	`2703`	`+ "code": 504,`
	`2704`	`+ "message": "upstream request timeout"`
`2706`	`2705`	`}`
`2707`	`2706`
`2708`	`2707`	`---`
Original file line number	Diff line number	Diff line change
`@@ -3383,6 +3383,7 @@`
`3383`	`3383`	"details": "## Summary\n\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= 1.19.1`.\n\n## Severity\n\nThe maintainers have assessed this as Medium severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne researcher `d4d`.",
`3384`	`3384`	`"modified": "<RFC3339 date with the year 2026>",`
`3385`	`3385`	`"published": "2026-02-18T21:57:38Z",`
	`3386`	`+ "related": ["CGA-wm7m-2wf3-587h"],`
`3386`	`3387`	`"database_specific": "<Any value>",`
`3387`	`3388`	`"references": [`
`3388`	`3389`	`{`