AMD64
Shell
Git
Scroll to End of Log
0.14s0.10s0.00s0.11sTopworker_info1Worker information2hostname: 74fdbbb8-5fb8-42de-8477-4d2a1ae7d1cf@1.worker-n2-com-779d777f7b-9jv6t.gce-production-13version: 6.2.22 https://github.com/travis-ci/worker/tree/858cb91994a513269f2fe9782c15fc113e9662314instance: travis-job-fa1e537e-46da-40d7-a432-d9435f3b2cb6 travis-ci-ubuntu-2204-1698932501-7a1a9a36 (via amqp)5startup: 6.430793752ssystem_info7Build system information8Build language: shell9Build dist: jammy10Build id: 26966088011Job id: 61971275212Runtime kernel version: 6.2.0-1018-gcp13travis-build version: 5c36a08f14Build image provisioning date and time15Thu Nov 2 02:14:52 PM UTC 202316Operating System Details17Distributor ID: Ubuntu18Description: Ubuntu 22.04.3 LTS19Release: 22.0420Codename: jammy21Systemd Version22systemd 249 (249.11-0ubuntu3.11)23Cookbooks Version24f5d122e https://github.com/travis-ci/travis-cookbooks/tree/f5d122e25git version26git version 2.42.027bash version28GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)29gcc version30gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.031docker version32Client:33 Version: 24.0.534 API version: 1.4335 Go version: go1.20.336 Git commit: 24.0.5-0ubuntu1~22.04.137 Built: Mon Aug 21 19:50:14 202338 OS/Arch: linux/amd6439 Context: default41Server:42 Engine:43 Version: 24.0.544 API version: 1.43 (minimum version 1.12)45 Go version: go1.20.346 Git commit: 24.0.5-0ubuntu1~22.04.147 Built: Mon Aug 21 19:50:14 202348 OS/Arch: linux/amd6449 Experimental: false50 containerd:51 Version: 1.7.252 GitCommit:53 runc:54 Version: 1.1.7-0ubuntu1~22.04.155 GitCommit:56 docker-init:57 Version: 0.19.058 GitCommit:59clang version60clang version 16.0.061jq version62jq-1.663bats version64Bats 0.4.065shellcheck version660.7.267shfmt version68v3.2.169ccache version704.5.171cmake version72cmake version 3.26.373heroku version74heroku/8.7.0 linux-x64 node-v16.19.075imagemagick version76Version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org77md5deep version784.479mercurial version80version 5.381mysql version82mysql Ver 8.0.35-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))83openssl version84OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)85packer version861.7.587postgresql client version88psql (PostgreSQL) 14.9 (Ubuntu 14.9-0ubuntu0.22.04.1)89ragel version90Ragel State Machine Compiler version 6.10 March 201791sudo version921.9.993gzip version94gzip 1.1095zip version96Zip 3.097vim version98VIM - Vi IMproved 8.2 (2019 Dec 12, compiled Oct 16 2023 18:15:38)99iptables version100iptables v1.8.7 (nf_tables)101curl version102curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16103wget version104GNU Wget 1.21.2 built on linux-gnu.105rsync version106rsync version 3.2.7 protocol version 31107gimme version108v1.5.4109nvm version1100.39.5111perlbrew version112/home/travis/perl5/perlbrew/bin/perlbrew - App::perlbrew/0.95113phpenv version114rbenv 1.2.0115rvm version116rvm 1.29.12 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]117default ruby version118ruby 2.7.8p225 (2023-03-30 revision 1f4d455848) [x86_64-linux]119default python version120Python 3.10.12121ElasticSearch version1227.16.3123Installed Firefox version124firefox 63.0.1125MongoDB version126MongoDB 6.0.11127Pre-installed Go versions1281.18.3129ant version130Apache Ant(TM) version 1.10.12 compiled on January 17 1970131mvn version132Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546)133gradle version134Gradle 5.1.1!135lein version136Leiningen 2.10.0 on Java 11.0.21 OpenJDK 64-Bit Server VM137Pre-installed Node.js versions138v10.24.1139v12.22.12140v14.21.3141v16.20.2142v18.18.2143v20.9.0144v4.9.1145v6.17.1146v8.17.0147v8.9148phpenv versions149 system150 8.1151* 8.1.2 (set by /home/travis/.phpenv/version)152 hhvm-stable153 hhvm154composer --version155Composer version 2.3.7 2022-06-06 16:43:28156Pre-installed Ruby versions157ruby-2.7.8158ruby-3.0.4159ruby-3.1.21620.00s0.07s0.00s0.02s0.20s0.00s0.00s0.00s0.01s0.00s0.10s0.01s1.15s0.00s0.08s6.05s0.00s3.77s0.00s2.47sdocker_mtu_and_registry_mirrorsresolvconfgit.checkout1630.01s1.70s$ git clone --depth=10 --branch=bfsy-304-ent-am https://github.com/travis-ci/travis-yml.git travis-ci/travis-yml164Cloning into 'travis-ci/travis-yml'...165$ cd travis-ci/travis-yml166$ git checkout -qf 4126f6f514c480807eaa8f1bd5e5820a12d4d6911680.01s169Setting environment variables from repository settings170$ export QUAY_ROBOT_HANDLE=[secure]171$ export QUAY_ROBOT_TOKEN=[secure]173$ bash -c 'echo $BASH_VERSION'1745.1.16(1)-release176Skipping the before_install step, as specified in the configuration.177Skipping the install step, as specified in the configuration.179docker build --pull --no-cache -t travisci/travis-yml:4126f6f .180DEPRECATED: The legacy builder is deprecated and will be removed in a future release.181 Install the buildx component to build images with BuildKit:182 https://docs.docker.com/go/buildx/184Sending build context to Docker daemon 3.469MB185Step 1/18 : FROM ruby:2.6.10-slim as base1862.6.10-slim: Pulling from library/ruby1871fe172e4850f: Pulling fs layer188100f29d0fcb2: Pulling fs layer189937a564b41a1: Pulling fs layer19096ed6bd3a152: Pulling fs layer19103e23c2ed14b: Pulling fs layer19296ed6bd3a152: Waiting19303e23c2ed14b: Waiting194937a564b41a1: Verifying Checksum195937a564b41a1: Download complete196100f29d0fcb2: Verifying Checksum197100f29d0fcb2: Download complete1981fe172e4850f: Verifying Checksum1991fe172e4850f: Download complete20003e23c2ed14b: Verifying Checksum20103e23c2ed14b: Download complete20296ed6bd3a152: Verifying Checksum20396ed6bd3a152: Download complete2041fe172e4850f: Pull complete205100f29d0fcb2: Pull complete206937a564b41a1: Pull complete20796ed6bd3a152: Pull complete20803e23c2ed14b: Pull complete209Digest: sha256:3d641979a7dc819b4c253dc62d2f74800817053247005f72b871d164498109df210Status: Downloaded newer image for ruby:2.6.10-slim211 ---> 6c7e929006b0212Step 2/18 : RUN apt-get update > /dev/null 2>&1 && apt-get upgrade -y > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*213 ---> Running in ed012451536f214Removing intermediate container ed012451536f215 ---> 0e69730a3440216Step 3/18 : WORKDIR /app217 ---> Running in 1c7ab72b864e218Removing intermediate container 1c7ab72b864e219 ---> 629a35b803f1220Step 4/18 : RUN gem update --system 3.4.13 > /dev/null 2>&1221 ---> Running in c17bf7fb7a91222Removing intermediate container c17bf7fb7a91223 ---> dbba8744172a224Step 5/18 : RUN echo "gem: --no-document" >> ~/.gemrc225 ---> Running in 08c37d047b33226Removing intermediate container 08c37d047b33227 ---> 856c41fabf89228Step 6/18 : RUN bundle config set --global no-cache 'true' && bundle config set --global frozen 'true' && bundle config set --global deployment 'true' && bundle config set --global without 'development test' && bundle config set --global clean 'true' && bundle config set --global jobs `expr $(cat /proc/cpuinfo | grep -c 'cpu cores')` && bundle config set --global retry 3229 ---> Running in 41598356ed2e230Removing intermediate container 41598356ed2e231 ---> c6c9da53050d232Step 7/18 : FROM base as builder233 ---> c6c9da53050d234Step 8/18 : RUN apt-get update > /dev/null 2>&1 && apt-get install -y --no-install-recommends git make gcc g++ > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*235 ---> Running in 71a5ed547c9f236Removing intermediate container 71a5ed547c9f237 ---> fe36b37f04da238Step 9/18 : COPY .ruby-version travis-yml.gemspec ./239 ---> e50778e4cc2d240Step 10/18 : COPY ./lib/travis/yml/version.rb ./lib/travis/yml/version.rb241 ---> a725d778300f242Step 11/18 : COPY Gemfile Gemfile.lock ./243 ---> ee97e2e517ca244Step 12/18 : RUN bundle install245 ---> Running in 5031c5bfe07f246Bundler 2.4.13 is running, but your lockfile was generated with 2.4.17. Installing Bundler 2.4.17 and restarting using that version.247Fetching gem metadata from https://rubygems.org/.248Fetching bundler 2.4.17249Installing bundler 2.4.17250Fetching https://github.com/travis-ci/travis-conditions251Fetching gem metadata from https://rubygems.org/.........252Fetching https://github.com/travis-ci/travis-conditions253Fetching https://github.com/travis-ci/travis-metrics254Fetching sexp_processor 4.14.1255Fetching atomic 1.1.101256Installing atomic 1.1.101 with native extensions257Installing sexp_processor 4.14.1258Fetching multipart-post 2.1.1259Installing multipart-post 2.1.1260Fetching hashr 2.0.1261Installing hashr 2.0.1262Fetching hitimes 1.3.1263Installing hitimes 1.3.1 with native extensions264Fetching memoyze 0.0.1265Installing memoyze 0.0.1266Fetching multi_json 1.15.0267Installing multi_json 1.15.0268Fetching ruby2_keywords 0.0.5269Installing ruby2_keywords 0.0.5270Fetching nio4r 2.5.8271Installing nio4r 2.5.8 with native extensions272Fetching oj 3.7.12273Installing oj 3.7.12 with native extensions274Fetching parslet 1.8.2275Installing parslet 1.8.2276Fetching rack 2.2.4277Installing rack 2.2.4278Fetching rack-ssl-enforcer 0.2.9279Installing rack-ssl-enforcer 0.2.9280Fetching redcarpet 3.5.1281Installing redcarpet 3.5.1 with native extensions282Fetching regstry 1.0.15283Installing regstry 1.0.15284Fetching ruby-obj 1.0.0285Installing ruby-obj 1.0.0286Fetching sh_vars 1.0.2287Installing sh_vars 1.0.2288Fetching tilt 2.0.11289Installing tilt 2.0.11290Fetching tins 1.24.1291Installing tins 1.24.1292Fetching ruby_parser 3.14.2293Installing ruby_parser 3.14.2294Fetching faraday 0.15.4295Installing faraday 0.15.4296Fetching travis-config 1.1.3297Installing travis-config 1.1.3298Fetching avl_tree 1.2.1299Installing avl_tree 1.2.1300Fetching mustermann 2.0.2301Installing mustermann 2.0.2302Fetching puma 4.3.12303Installing puma 4.3.12 with native extensions304Fetching rack-cors 1.1.1305Installing rack-cors 1.1.1306Fetching rack-protection 2.2.3307Installing rack-protection 2.2.3308Fetching protocol 2.0.0309Installing protocol 2.0.0310Fetching faraday_middleware 0.14.0311Installing faraday_middleware 0.14.0312Fetching sentry-raven 2.9.0313Installing sentry-raven 2.9.0314Fetching metriks 0.9.9.8315Installing metriks 0.9.9.8316Fetching sinatra 2.2.3317Installing sinatra 2.2.3318Fetching mize 0.4.0319Installing mize 0.4.0320Fetching metriks-librato_metrics 1.0.6321Installing metriks-librato_metrics 1.0.6322Fetching sinatra-contrib 2.2.3323Installing sinatra-contrib 2.2.3324Fetching amatch 0.4.0325Installing amatch 0.4.0 with native extensions326Bundle complete! 17 Gemfile dependencies, 41 gems now installed.327Gems in the groups 'development' and 'test' were not installed.328Bundled gems are installed into `./vendor/bundle`329Post-install message from atomic:330This gem has been deprecated and merged into Concurrent Ruby (http://concurrent-ruby.com).331Removing intermediate container 5031c5bfe07f332 ---> 144857fc068d333Step 13/18 : FROM base334 ---> c6c9da53050d335Step 14/18 : LABEL maintainer Travis CI GmbH <support+travis-live-docker-images@travis-ci.com>336 ---> Running in b3407d1cab96337Removing intermediate container b3407d1cab96338 ---> 8c10e6acbe0f339Step 15/18 : COPY --from=builder /usr/local/bundle /usr/local/bundle340 ---> df1b18919e44341Step 16/18 : COPY --from=builder /app/vendor ./vendor342 ---> 5a199475cc13343Step 17/18 : COPY . ./344 ---> 88c713dd9f19345Step 18/18 : CMD ["bundle", "exec", "puma", "-C", "lib/travis/yml/web/puma.rb"]346 ---> Running in db3083d270a3347Removing intermediate container db3083d270a3348 ---> 877e5ff22fcd349Successfully built 877e5ff22fcd350Successfully tagged travisci/travis-yml:4126f6f351docker login -u=[secure] -p=[secure] quay.io352WARNING! Using --password via the CLI is insecure. Use --password-stdin.353WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.354Configure a credential helper to remove this warning. See355https://docs.docker.com/engine/reference/commandline/login/#credentials-store357Login Succeeded358docker tag travisci/travis-yml:4126f6f quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am359docker push quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am360The push refers to repository [quay.io/travisci/travis-yml]36102944bc93a6a: Preparing3624ea784a3db24: Preparing3631e234c66941c: Preparing3642d9508658dd6: Preparing3656d03eb76012b: Preparing36676285a80c66f: Preparing367aba9acf3c0a6: Preparing368767f3930ddbc: Preparing3699ce6f9af70fc: Preparing37072325fcd36b7: Preparing371833c59850580: Preparing3723471fad30f0e: Preparing3739c1b6dd6c1e6: Preparing37476285a80c66f: Waiting375aba9acf3c0a6: Waiting376767f3930ddbc: Waiting3779ce6f9af70fc: Waiting37872325fcd36b7: Waiting379833c59850580: Waiting3803471fad30f0e: Waiting3819c1b6dd6c1e6: Waiting38202944bc93a6a: Pushed3832d9508658dd6: Pushed3846d03eb76012b: Pushed3851e234c66941c: Pushed3869ce6f9af70fc: Layer already exists38772325fcd36b7: Layer already exists388833c59850580: Layer already exists389aba9acf3c0a6: Pushed3904ea784a3db24: Pushed3919c1b6dd6c1e6: Layer already exists3923471fad30f0e: Layer already exists39376285a80c66f: Pushed394767f3930ddbc: Pushed3954126f6f-bfsy-304-ent-am: digest: sha256:49d65c99f5418ab3a995d151d249b549c7f88636d349444690fc9f0c0c35c40d size: 3041396docker run --rm -v /tmp:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy i --ignore-unfixed quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am397Unable to find image 'aquasec/trivy:latest' locally398latest: Pulling from aquasec/trivy3994abcf2066143: Pulling fs layer400fea79d813ba7: Pulling fs layer40159e37f8d454d: Pulling fs layer402e0642506ddfc: Pulling fs layer403e0642506ddfc: Waiting404fea79d813ba7: Verifying Checksum405fea79d813ba7: Download complete4064abcf2066143: Verifying Checksum4074abcf2066143: Download complete4084abcf2066143: Pull complete409e0642506ddfc: Verifying Checksum410e0642506ddfc: Download complete41159e37f8d454d: Verifying Checksum41259e37f8d454d: Download complete413fea79d813ba7: Pull complete41459e37f8d454d: Pull complete415e0642506ddfc: Pull complete416Digest: sha256:a195a07b467618b7683b9170338bcfd7423b2aa5b869e7ef49ab9e3c0af4d130417Status: Downloaded newer image for aquasec/trivy:latest42126.30 MiB / 44.64 MiB [----------------------------------->_________________________] 58.91% ? p/s ?44.64 MiB / 44.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?44.64 MiB / 44.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [-------------------------------------------------] 100.00% 27.15 MiB p/s 1.8s2024-03-26T10:38:23.215Z INFO Vulnerability scanning is enabled4232024-03-26T10:38:23.215Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning4242024-03-26T10:38:23.215Z INFO Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection4302024-03-26T10:38:33.982Z INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.432quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am (debian 11.9)433=================================================================434Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)437Ruby (gemspec)438==============439Total: 14 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 6, CRITICAL: 0)441┌───────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐442│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │443├───────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤444│ json (json-2.1.0.gemspec) │ CVE-2020-10663 │ HIGH │ fixed │ 2.1.0 │ >= 2.3.0 │ rubygem-json: Unsafe object creation vulnerability in JSON │445│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-10663 │446├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼──────────────────���─────────────────────────────────────────┤447│ puma (puma-4.3.12.gemspec) │ CVE-2023-40175 │ MEDIUM │ │ 4.3.12 │ ~> 5.6.7, >= 6.3.1 │ rubygem-puma: HTTP request smuggling when parsing chunked │448│ │ │ │ │ │ │ transfer encoding bodies and zero-length... │449│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40175 │450│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤451│ │ CVE-2024-21647 │ │ │ │ ~> 5.6.8, >= 6.4.2 │ rubygem-puma: HTTP request smuggling when parsing chunked │452│ │ │ │ │ │ │ Transfer-Encoding Bodies │453│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-21647 │454├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤455│ rack (rack-2.2.4.gemspec) │ CVE-2022-44570 │ HIGH │ │ 2.2.4 │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │456│ │ │ │ │ │ 2.2.6.2, >= 3.0.4.1 │ parsing │457│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44570 │458│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤459│ │ CVE-2022-44571 │ │ │ │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │460│ │ │ │ │ │ 2.2.6.1, >= 3.0.4.1 │ parsing │461│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44571 │462│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤463│ │ CVE-2022-44572 │ │ │ │ │ rubygem-rack: denial of service in Content-Disposition │464│ │ │ │ │ │ │ parsing │465│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44572 │466│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤467│ │ CVE-2023-27530 │ │ │ │ ~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= │ rubygem-rack: Denial of service in Multipart MIME parsing │468│ │ │ │ │ │ 2.2.6.3, >= 3.0.4.2 │ https://avd.aquasec.com/nvd/cve-2023-27530 │469│ ├────────────────┼──────────┤ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤470│ │ CVE-2023-27539 │ MEDIUM │ │ │ ~> 2.0, >= 2.2.6.4, >= 3.0.6.1 │ rubygem-rack: denial of service in header parsing │471│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27539 │472│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤473│ │ CVE-2024-25126 │ │ │ │ ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 │ rubygem-rack: Denial of Service Vulnerability in Rack │474│ │ │ │ │ │ │ Content-Type Parsing │475│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-25126 │476│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤477│ │ CVE-2024-26141 │ │ │ │ │ rubygem-rack: Possible DoS Vulnerability with Range Header │478│ │ │ │ │ │ │ in Rack │479│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26141 │480│ ├──────────���─────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤481│ │ CVE-2024-26146 │ │ │ │ ~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= │ rubygem-rack: Possible Denial of Service Vulnerability in │482│ │ │ │ │ │ 2.2.8.1, >= 3.0.9.1 │ Rack Header Parsing │483│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26146 │484├───────────────────────────────────┼────────────────┤ │ ├───────────────────┼──────────────────────────────────────────────────────────┼───────────────────────────────────���────────────────────────┤485│ rdoc (rdoc-6.1.2.1.gemspec) │ CVE-2024-27281 │ │ │ 6.1.2.1 │ ~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1 │ ruby: RCE vulnerability with .rdoc_options in RDoc │486│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27281 │487├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤488│ stringio (stringio-0.0.2.gemspec) │ CVE-2024-27280 │ LOW │ │ 0.0.2 │ >= 3.0.1.1 │ ruby: Buffer overread vulnerability in StringIO │489│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27280 │490├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤491│ webrick (webrick-1.4.4.gemspec) │ CVE-2020-25613 │ HIGH │ │ 1.4.4 │ >= 1.6.1 │ ruby: Potential HTTP request smuggling in WEBrick │492│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25613 │493└───────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘495usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock (cargo)496========================================================================================================================================497Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)499┌─────────┬─────────────────────┬─���────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐500│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │501├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤502│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │503│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │504└─────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘506usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock (cargo)507==========================================================================================================================508Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)510┌─────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐511│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │512├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤513│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │514│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │515└───���─────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘516The command "make ship" exited with 0.519Done. Your build exited with 0.