test: update e2e fixtures (#203)

* test: update e2e fixtures * test: update fixtures
G-Rath · Aug 19, 2023 · 52d3d19 · 52d3d19
1 parent ef568d0
commit 52d3d19
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/fixtures/locks-e2e/1-Gemfile.lock.out.txt b/fixtures/locks-e2e/1-Gemfile.lock.out.txt
@@ -15,11 +15,11 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
     GHSA-xp5h-f8jf-rc8q: rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements (https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)
   activerecord@5.2.6 is affected by the following vulnerabilities:
     GHSA-3hhc-qp5v-9p2j: Active Record RCE bug with Serialized Columns (https://github.com/advisories/GHSA-3hhc-qp5v-9p2j)
-    GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749)
+    GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749)
   activestorage@5.2.6 is affected by the following vulnerabilities:
     GHSA-w749-p3v6-hccq: Possible code injection vulnerability in Rails / Active Storage (https://github.com/advisories/GHSA-w749-p3v6-hccq)
   activesupport@5.2.6 is affected by the following vulnerabilities:
-    GHSA-j6gc-792m-qgm2: ReDoS based DoS vulnerability in Active Support’s underscore (https://github.com/advisories/GHSA-j6gc-792m-qgm2)
+    GHSA-j6gc-792m-qgm2: ReDoS based DoS vulnerability in Active Support's underscore (https://github.com/advisories/GHSA-j6gc-792m-qgm2)
     GHSA-pj73-v5mw-pm9j: Possible XSS Security Vulnerability in SafeBuffer#bytesplice (https://github.com/advisories/GHSA-pj73-v5mw-pm9j)
   addressable@2.7.0 is affected by the following vulnerabilities:
     GHSA-jxhc-q857-3j6g: Regular Expression Denial of Service in Addressable templates (https://github.com/advisories/GHSA-jxhc-q857-3j6g)
@@ -48,14 +48,15 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
     GHSA-xxx9-3xcr-gjj3: XML Injection in Xerces Java affects Nokogiri (https://github.com/advisories/GHSA-xxx9-3xcr-gjj3)
   puma@4.3.5 is affected by the following vulnerabilities:
     GHSA-48w2-rm65-62xx: Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling (https://github.com/advisories/GHSA-48w2-rm65-62xx)
+    GHSA-68xg-gqqm-vgj8: Puma HTTP Request/Response Smuggling vulnerability (https://github.com/advisories/GHSA-68xg-gqqm-vgj8)
     GHSA-h99w-9q5r-gjq9: Puma vulnerable to HTTP Request Smuggling (https://github.com/advisories/GHSA-h99w-9q5r-gjq9)
     GHSA-q28m-8xjw-8vr5: Puma's Keepalive Connections Causing Denial Of Service (https://github.com/advisories/GHSA-q28m-8xjw-8vr5)
     GHSA-rmj8-8hhh-gv5h: Puma used with Rails may lead to Information Exposure (https://github.com/advisories/GHSA-rmj8-8hhh-gv5h)
   rack@2.2.3 is affected by the following vulnerabilities:
     GHSA-3h57-hmj3-gj3p: Rack has possible DoS Vulnerability in Multipart MIME parsing (https://github.com/advisories/GHSA-3h57-hmj3-gj3p)
     GHSA-65f5-mfpf-vfhj: Denial of service via header parsing in Rack (https://github.com/advisories/GHSA-65f5-mfpf-vfhj)
     GHSA-93pm-5p5f-3ghx: Denial of Service Vulnerability in Rack Content-Disposition parsing (https://github.com/advisories/GHSA-93pm-5p5f-3ghx)
-    GHSA-c6qg-cjj8-47qp: Possible Denial of Service Vulnerability in Rack’s header parsing (https://github.com/advisories/GHSA-c6qg-cjj8-47qp)
+    GHSA-c6qg-cjj8-47qp: Possible Denial of Service Vulnerability in Rack's header parsing (https://github.com/advisories/GHSA-c6qg-cjj8-47qp)
     GHSA-hxqx-xwvh-44m2: Denial of Service Vulnerability in Rack Multipart Parsing (https://github.com/advisories/GHSA-hxqx-xwvh-44m2)
     GHSA-rqv2-275x-2jq5: Denial of service via multipart parsing in Rack (https://github.com/advisories/GHSA-rqv2-275x-2jq5)
     GHSA-wq4h-7r42-5hrr: Possible shell escape sequence injection vulnerability in Rack (https://github.com/advisories/GHSA-wq4h-7r42-5hrr)
@@ -75,4 +76,4 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
   tzinfo@1.2.9 is affected by the following vulnerabilities:
     GHSA-5cm2-9h8c-rvfx: TZInfo relative path traversal vulnerability allows loading of arbitrary files (https://github.com/advisories/GHSA-5cm2-9h8c-rvfx)
 
-  52 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock
+  53 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock
diff --git a/fixtures/locks-e2e/2-Gemfile.lock.out.txt b/fixtures/locks-e2e/2-Gemfile.lock.out.txt
@@ -16,12 +16,12 @@ fixtures/locks-e2e/2-Gemfile.lock: found 426 packages
     GHSA-xp5h-f8jf-rc8q: rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements (https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)
   activerecord@6.0.4.1 is affected by the following vulnerabilities:
     GHSA-3hhc-qp5v-9p2j: Active Record RCE bug with Serialized Columns (https://github.com/advisories/GHSA-3hhc-qp5v-9p2j)
-    GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749)
+    GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749)
     GHSA-hq7p-j377-6v63: SQL Injection Vulnerability via ActiveRecord comments (https://github.com/advisories/GHSA-hq7p-j377-6v63)
   activestorage@6.0.4.1 is affected by the following vulnerabilities:
     GHSA-w749-p3v6-hccq: Possible code injection vulnerability in Rails / Active Storage (https://github.com/advisories/GHSA-w749-p3v6-hccq)
   activesupport@6.0.4.1 is affected by the following vulnerabilities:
-    GHSA-j6gc-792m-qgm2: ReDoS based DoS vulnerability in Active Support’s underscore (https://github.com/advisories/GHSA-j6gc-792m-qgm2)
+    GHSA-j6gc-792m-qgm2: ReDoS based DoS vulnerability in Active Support's underscore (https://github.com/advisories/GHSA-j6gc-792m-qgm2)
     GHSA-pj73-v5mw-pm9j: Possible XSS Security Vulnerability in SafeBuffer#bytesplice (https://github.com/advisories/GHSA-pj73-v5mw-pm9j)
   globalid@1.0.0 is affected by the following vulnerabilities:
     GHSA-23c2-gwp5-pxw9: ReDoS based DoS vulnerability in GlobalID (https://github.com/advisories/GHSA-23c2-gwp5-pxw9)
@@ -38,11 +38,13 @@ fixtures/locks-e2e/2-Gemfile.lock: found 426 packages
     GHSA-cgx6-hpwq-fhv5: Integer Overflow or Wraparound in libxml2 affects Nokogiri (https://github.com/advisories/GHSA-cgx6-hpwq-fhv5)
     GHSA-pxvg-2qj5-37jq: Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs (https://github.com/advisories/GHSA-pxvg-2qj5-37jq)
     GHSA-xh29-r2w5-wx8m: Nokogiri Improperly Handles Unexpected Data Type (https://github.com/advisories/GHSA-xh29-r2w5-wx8m)
+  puma@5.6.4 is affected by the following vulnerabilities:
+    GHSA-68xg-gqqm-vgj8: Puma HTTP Request/Response Smuggling vulnerability (https://github.com/advisories/GHSA-68xg-gqqm-vgj8)
   rack@2.2.3 is affected by the following vulnerabilities:
     GHSA-3h57-hmj3-gj3p: Rack has possible DoS Vulnerability in Multipart MIME parsing (https://github.com/advisories/GHSA-3h57-hmj3-gj3p)
     GHSA-65f5-mfpf-vfhj: Denial of service via header parsing in Rack (https://github.com/advisories/GHSA-65f5-mfpf-vfhj)
     GHSA-93pm-5p5f-3ghx: Denial of Service Vulnerability in Rack Content-Disposition parsing (https://github.com/advisories/GHSA-93pm-5p5f-3ghx)
-    GHSA-c6qg-cjj8-47qp: Possible Denial of Service Vulnerability in Rack’s header parsing (https://github.com/advisories/GHSA-c6qg-cjj8-47qp)
+    GHSA-c6qg-cjj8-47qp: Possible Denial of Service Vulnerability in Rack's header parsing (https://github.com/advisories/GHSA-c6qg-cjj8-47qp)
     GHSA-hxqx-xwvh-44m2: Denial of Service Vulnerability in Rack Multipart Parsing (https://github.com/advisories/GHSA-hxqx-xwvh-44m2)
     GHSA-rqv2-275x-2jq5: Denial of service via multipart parsing in Rack (https://github.com/advisories/GHSA-rqv2-275x-2jq5)
     GHSA-wq4h-7r42-5hrr: Possible shell escape sequence injection vulnerability in Rack (https://github.com/advisories/GHSA-wq4h-7r42-5hrr)
@@ -55,4 +57,4 @@ fixtures/locks-e2e/2-Gemfile.lock: found 426 packages
   tzinfo@1.2.9 is affected by the following vulnerabilities:
     GHSA-5cm2-9h8c-rvfx: TZInfo relative path traversal vulnerability allows loading of arbitrary files (https://github.com/advisories/GHSA-5cm2-9h8c-rvfx)
 
-  37 known vulnerabilities found in fixtures/locks-e2e/2-Gemfile.lock
+  38 known vulnerabilities found in fixtures/locks-e2e/2-Gemfile.lock
diff --git a/pkg/semantic/version-pypi.go b/pkg/semantic/version-pypi.go
@@ -313,7 +313,7 @@ func (pv PyPIVersion) compareLocal(pw PyPIVersion) int {
 	}
 
 	// Additionally a local version with a great number of segments will always compare as greater than a local version with fewer segments,
-	// as long as the shorter local version’s segments match the beginning of the longer local version’s segments exactly.
+	// as long as the shorter local version's segments match the beginning of the longer local version's segments exactly.
 	if len(pv.local) > len(pw.local) {
 		return +1
 	}