Merge pull request #221 from quinnturner/fix/advisory-list

fix: update npm fixtures
IBM · Mar 11, 2022 · ead08ed · ead08ed
2 parents a7a3d90 + 2ae1ab4
commit ead08ed
Show file tree

Hide file tree

Showing 15 changed files with 65 additions and 55 deletions.
diff --git a/test/Model.js b/test/Model.js
@@ -48,12 +48,12 @@ describe("Model", () => {
 
     const parsedAuditOutput = {
       advisories: {
-        1040620: {
-          id: 1040620,
+        1066786: {
+          id: 1066786,
           title: "Command Injection",
           module_name: "open",
           severity: "critical",
-          url: "https://npmjs.com/advisories/1040620",
+          url: "https://npmjs.com/advisories/1066786",
           findings: [{ paths: ["open"] }],
         },
       },
@@ -63,7 +63,7 @@ describe("Model", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         failedLevelsFound: ["critical"],
-        advisoriesFound: [1040620],
+        advisoriesFound: [1066786],
       })
     );
   });

diff --git a/test/npm-auditer.js b/test/npm-auditer.js
@@ -27,7 +27,7 @@ describe("npm-auditer", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         failedLevelsFound: ["critical"],
-        advisoriesFound: [1040620],
+        advisoriesFound: [1066786],
       })
     );
   });
@@ -55,7 +55,7 @@ describe("npm-auditer", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         failedLevelsFound: ["high"],
-        advisoriesFound: [1039985],
+        advisoriesFound: [1066151],
       })
     );
   });
@@ -72,7 +72,7 @@ describe("npm-auditer", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         failedLevelsFound: ["moderate"],
-        advisoriesFound: [1040003],
+        advisoriesFound: [1066169],
       })
     );
   });
@@ -93,13 +93,13 @@ describe("npm-auditer", () => {
       config({
         directory: testDir("npm-moderate"),
         levels: { moderate: true },
-        allowlist: new Allowlist([1040003]),
+        allowlist: new Allowlist([1066169]),
       }),
       (_summary) => _summary
     );
     expect(summary).to.eql(
       summaryWithDefault({
-        allowlistedAdvisoriesFound: [1040003],
+        allowlistedAdvisoriesFound: [1066169],
       })
     );
   });
@@ -117,7 +117,7 @@ describe("npm-auditer", () => {
       summaryWithDefault({
         allowlistedAdvisoriesNotFound: [659],
         failedLevelsFound: ["moderate"],
-        advisoriesFound: [1040003],
+        advisoriesFound: [1066169],
       })
     );
   });
@@ -230,7 +230,7 @@ describe("npm-auditer", () => {
     expect(summary).to.eql(
       summaryWithDefault({
         failedLevelsFound: ["low"],
-        advisoriesFound: [1038984],
+        advisoriesFound: [1065151],
       })
     );
   });

diff --git a/test/npm-critical/npm-output.json b/test/npm-critical/npm-output.json
@@ -5,7 +5,7 @@
       "action": "install",
       "resolves": [
         {
-          "id": 1040620,
+          "id": 1066786,
           "path": "open",
           "dev": false,
           "optional": false,
@@ -17,7 +17,7 @@
     }
   ],
   "advisories": {
-    "1040620": {
+    "1066786": {
       "findings": [
         {
           "version": "0.0.5",
@@ -40,12 +40,14 @@
       },
       "updated": "2019-06-20T15:35:08.000Z",
       "recommendation": "Upgrade to version 6.0.0 or later",
-      "cwe": "[\"CWE-77\"]",
+      "cwe": [
+        "CWE-77"
+      ],
       "found_by": null,
       "deleted": null,
-      "id": 1040620,
+      "id": 1066786,
       "references": "- https://github.com/pwnall/node-open/issues/68\n- https://github.com/pwnall/node-open/issues/69\n- https://hackerone.com/reports/319473\n- https://nodesecurity.io/advisories/663\n- https://www.npmjs.com/advisories/663\n- https://github.com/advisories/GHSA-28xh-wpgr-7fm8",
-      "created": "2022-03-07T18:00:45.492Z",
+      "created": "2022-03-11T08:00:43.923Z",
       "reported_by": null,
       "title": "Command Injection in open",
       "npm_advisory_id": null,
@@ -67,5 +69,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 1
   },
-  "runId": "5a14976d-31b8-49d0-b5aa-68ba103bb2a1"
+  "runId": "f19113b6-7662-4c29-9af6-ca20bcf8d863"
 }
diff --git a/test/npm-critical/npm7-output.json b/test/npm-critical/npm7-output.json
@@ -7,7 +7,7 @@
       "isDirect": true,
       "via": [
         {
-          "source": 1040620,
+          "source": 1066786,
           "name": "open",
           "dependency": "open",
           "title": "Command Injection in open",

diff --git a/test/npm-high/npm-output.json b/test/npm-high/npm-output.json
@@ -5,7 +5,7 @@
       "module": "cryo",
       "resolves": [
         {
-          "id": 1039985,
+          "id": 1066151,
           "path": "cryo",
           "dev": false,
           "bundled": false,
@@ -15,7 +15,7 @@
     }
   ],
   "advisories": {
-    "1039985": {
+    "1066151": {
       "findings": [
         {
           "version": "0.0.6",
@@ -40,12 +40,14 @@
       },
       "updated": "2020-08-31T18:32:59.000Z",
       "recommendation": "None",
-      "cwe": "[\"CWE-94\"]",
+      "cwe": [
+        "CWE-94"
+      ],
       "found_by": null,
       "deleted": null,
-      "id": 1039985,
+      "id": 1066151,
       "references": "- https://nvd.nist.gov/vuln/detail/CVE-2018-3784\n- https://hackerone.com/reports/350418\n- https://github.com/advisories/GHSA-38f5-ghc2-fcmv\n- https://www.npmjs.com/advisories/690",
-      "created": "2022-03-07T18:00:45.442Z",
+      "created": "2022-03-11T08:00:43.889Z",
       "reported_by": null,
       "title": "Code Injection in cryo",
       "npm_advisory_id": null,
@@ -67,5 +69,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 1
   },
-  "runId": "1ca937ea-f527-4b76-923c-b9a3ae59273c"
+  "runId": "0711adfe-fc4e-4a94-80fc-e518c13a63d2"
 }
diff --git a/test/npm-high/npm7-output.json b/test/npm-high/npm7-output.json
@@ -7,7 +7,7 @@
       "isDirect": true,
       "via": [
         {
-          "source": 1039985,
+          "source": 1066151,
           "name": "cryo",
           "dependency": "cryo",
           "title": "Code Injection in cryo",

diff --git a/test/npm-low/npm-output.json b/test/npm-low/npm-output.json
@@ -5,7 +5,7 @@
       "action": "install",
       "resolves": [
         {
-          "id": 1038984,
+          "id": 1065151,
           "path": "chownr",
           "dev": false,
           "optional": false,
@@ -17,7 +17,7 @@
     }
   ],
   "advisories": {
-    "1038984": {
+    "1065151": {
       "findings": [
         {
           "version": "1.0.0",
@@ -42,12 +42,14 @@
       },
       "updated": "2021-05-12T20:23:30.000Z",
       "recommendation": "Upgrade to version 1.1.0 or later",
-      "cwe": "[\"CWE-367\"]",
+      "cwe": [
+        "CWE-367"
+      ],
       "found_by": null,
       "deleted": null,
-      "id": 1038984,
+      "id": 1065151,
       "references": "- https://nvd.nist.gov/vuln/detail/CVE-2017-18869\n- https://github.com/isaacs/chownr/issues/14\n- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985\n- https://bugzilla.redhat.com/show_bug.cgi?id=1611614\n- https://snyk.io/vuln/npm:chownr:20180731\n- https://github.com/advisories/GHSA-c6rq-rjc2-86v2",
-      "created": "2022-03-07T18:00:45.341Z",
+      "created": "2022-03-11T08:00:43.827Z",
       "reported_by": null,
       "title": "Time-of-check Time-of-use (TOCTOU) Race Condition in chownr",
       "npm_advisory_id": null,
@@ -69,5 +71,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 1
   },
-  "runId": "9a93f0a4-81ec-478e-a3f4-6918eb674781"
+  "runId": "551a22cb-de06-40d7-a95b-b50ee8ceb7c3"
 }
diff --git a/test/npm-low/npm7-output.json b/test/npm-low/npm7-output.json
@@ -7,7 +7,7 @@
       "isDirect": true,
       "via": [
         {
-          "source": 1038984,
+          "source": 1065151,
           "name": "chownr",
           "dependency": "chownr",
           "title": "Time-of-check Time-of-use (TOCTOU) Race Condition in chownr",

diff --git a/test/npm-moderate/npm-output.json b/test/npm-moderate/npm-output.json
@@ -5,7 +5,7 @@
       "action": "install",
       "resolves": [
         {
-          "id": 1040003,
+          "id": 1066169,
           "path": "base64url",
           "dev": false,
           "optional": false,
@@ -17,7 +17,7 @@
     }
   ],
   "advisories": {
-    "1040003": {
+    "1066169": {
       "findings": [
         {
           "version": "2.0.0",
@@ -40,12 +40,14 @@
       },
       "updated": "2020-08-31T18:31:39.000Z",
       "recommendation": "Upgrade to version 3.0.0 or later",
-      "cwe": "[\"CWE-125\"]",
+      "cwe": [
+        "CWE-125"
+      ],
       "found_by": null,
       "deleted": null,
-      "id": 1040003,
+      "id": 1066169,
       "references": "- https://hackerone.com/reports/321687\n- https://www.npmjs.com/advisories/658\n- https://github.com/brianloveswords/base64url/pull/25\n- https://github.com/advisories/GHSA-rvg8-pwq2-xj7q",
-      "created": "2022-03-07T18:00:45.443Z",
+      "created": "2022-03-11T08:00:43.890Z",
       "reported_by": null,
       "title": "Out-of-bounds Read in base64url",
       "npm_advisory_id": null,
@@ -67,5 +69,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 1
   },
-  "runId": "3de20c44-f5cf-4f8a-a232-8a859f13c6a3"
+  "runId": "23801c4d-646f-474d-b982-4aadac1b22ef"
 }
diff --git a/test/npm-moderate/npm7-output.json b/test/npm-moderate/npm7-output.json
@@ -7,7 +7,7 @@
       "isDirect": true,
       "via": [
         {
-          "source": 1040003,
+          "source": 1066169,
           "name": "base64url",
           "dependency": "base64url",
           "title": "Out-of-bounds Read in base64url",

diff --git a/test/npm-none/npm-output.json b/test/npm-none/npm-output.json
@@ -15,5 +15,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 1
   },
-  "runId": "8cde013e-fcde-467a-96dd-9d92f4d61e86"
+  "runId": "9507f2c5-f65d-46d8-86bf-d7a6ddd5e923"
 }
diff --git a/test/npm-skip-dev/npm-output.json b/test/npm-skip-dev/npm-output.json
@@ -5,7 +5,7 @@
       "action": "install",
       "resolves": [
         {
-          "id": 1040620,
+          "id": 1066786,
           "path": "open",
           "dev": true,
           "optional": false,
@@ -17,7 +17,7 @@
     }
   ],
   "advisories": {
-    "1040620": {
+    "1066786": {
       "findings": [
         {
           "version": "0.0.5",
@@ -40,12 +40,14 @@
       },
       "updated": "2019-06-20T15:35:08.000Z",
       "recommendation": "Upgrade to version 6.0.0 or later",
-      "cwe": "[\"CWE-77\"]",
+      "cwe": [
+        "CWE-77"
+      ],
       "found_by": null,
       "deleted": null,
-      "id": 1040620,
+      "id": 1066786,
       "references": "- https://github.com/pwnall/node-open/issues/68\n- https://github.com/pwnall/node-open/issues/69\n- https://hackerone.com/reports/319473\n- https://nodesecurity.io/advisories/663\n- https://www.npmjs.com/advisories/663\n- https://github.com/advisories/GHSA-28xh-wpgr-7fm8",
-      "created": "2022-03-07T18:00:45.492Z",
+      "created": "2022-03-11T08:00:43.923Z",
       "reported_by": null,
       "title": "Command Injection in open",
       "npm_advisory_id": null,
@@ -67,5 +69,5 @@
     "optionalDependencies": 0,
     "totalDependencies": 2
   },
-  "runId": "d06e8251-49da-40ff-b7ff-cbf00d7abc56"
+  "runId": "5e72c881-fe14-48a6-9005-3bb350ff03bf"
 }
diff --git a/test/npm-skip-dev/npm7-output.json b/test/npm-skip-dev/npm7-output.json
@@ -7,7 +7,7 @@
       "isDirect": true,
       "via": [
         {
-          "source": 1040620,
+          "source": 1066786,
           "name": "open",
           "dependency": "open",
           "title": "Command Injection in open",