API event #1602.5 passed

  • Ran for
AMD64
Shell
Git
Raw log
Scroll to End of Log
0.14s0.10s0.00s0.11s
worker_info
1Worker information
2hostname: 74fdbbb8-5fb8-42de-8477-4d2a1ae7d1cf@1.worker-n2-com-779d777f7b-9jv6t.gce-production-1
3version: 6.2.22 https://github.com/travis-ci/worker/tree/858cb91994a513269f2fe9782c15fc113e966231
4instance: travis-job-fa1e537e-46da-40d7-a432-d9435f3b2cb6 travis-ci-ubuntu-2204-1698932501-7a1a9a36 (via amqp)
5startup: 6.430793752s
60.52s0.00s0.01s0.00s0.01s
system_info
7Build system information
8Build language: shell
9Build dist: jammy
10Build id: 269660880
11Job id: 619712752
12Runtime kernel version: 6.2.0-1018-gcp
13travis-build version: 5c36a08f
14Build image provisioning date and time
15Thu Nov 2 02:14:52 PM UTC 2023
16Operating System Details
17Distributor ID: Ubuntu
18Description: Ubuntu 22.04.3 LTS
19Release: 22.04
20Codename: jammy
21Systemd Version
22systemd 249 (249.11-0ubuntu3.11)
23Cookbooks Version
24f5d122e https://github.com/travis-ci/travis-cookbooks/tree/f5d122e
25git version
26git version 2.42.0
27bash version
28GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
29gcc version
30gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
31docker version
32Client:
33 Version: 24.0.5
34 API version: 1.43
35 Go version: go1.20.3
36 Git commit: 24.0.5-0ubuntu1~22.04.1
37 Built: Mon Aug 21 19:50:14 2023
38 OS/Arch: linux/amd64
39 Context: default
41Server:
42 Engine:
43 Version: 24.0.5
44 API version: 1.43 (minimum version 1.12)
45 Go version: go1.20.3
46 Git commit: 24.0.5-0ubuntu1~22.04.1
47 Built: Mon Aug 21 19:50:14 2023
48 OS/Arch: linux/amd64
49 Experimental: false
50 containerd:
51 Version: 1.7.2
52 GitCommit:
53 runc:
54 Version: 1.1.7-0ubuntu1~22.04.1
55 GitCommit:
56 docker-init:
57 Version: 0.19.0
58 GitCommit:
59clang version
60clang version 16.0.0
61jq version
62jq-1.6
63bats version
64Bats 0.4.0
65shellcheck version
660.7.2
67shfmt version
68v3.2.1
69ccache version
704.5.1
71cmake version
72cmake version 3.26.3
73heroku version
74heroku/8.7.0 linux-x64 node-v16.19.0
75imagemagick version
76Version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
77md5deep version
784.4
79mercurial version
80version 5.3
81mysql version
82mysql Ver 8.0.35-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))
83openssl version
84OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
85packer version
861.7.5
87postgresql client version
88psql (PostgreSQL) 14.9 (Ubuntu 14.9-0ubuntu0.22.04.1)
89ragel version
90Ragel State Machine Compiler version 6.10 March 2017
91sudo version
921.9.9
93gzip version
94gzip 1.10
95zip version
96Zip 3.0
97vim version
98VIM - Vi IMproved 8.2 (2019 Dec 12, compiled Oct 16 2023 18:15:38)
99iptables version
100iptables v1.8.7 (nf_tables)
101curl version
102curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16
103wget version
104GNU Wget 1.21.2 built on linux-gnu.
105rsync version
106rsync version 3.2.7 protocol version 31
107gimme version
108v1.5.4
109nvm version
1100.39.5
111perlbrew version
112/home/travis/perl5/perlbrew/bin/perlbrew - App::perlbrew/0.95
113phpenv version
114rbenv 1.2.0
115rvm version
116rvm 1.29.12 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]
117default ruby version
118ruby 2.7.8p225 (2023-03-30 revision 1f4d455848) [x86_64-linux]
119default python version
120Python 3.10.12
121ElasticSearch version
1227.16.3
123Installed Firefox version
124firefox 63.0.1
125MongoDB version
126MongoDB 6.0.11
127Pre-installed Go versions
1281.18.3
129ant version
130Apache Ant(TM) version 1.10.12 compiled on January 17 1970
131mvn version
132Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546)
133gradle version
134Gradle 5.1.1!
135lein version
136Leiningen 2.10.0 on Java 11.0.21 OpenJDK 64-Bit Server VM
137Pre-installed Node.js versions
138v10.24.1
139v12.22.12
140v14.21.3
141v16.20.2
142v18.18.2
143v20.9.0
144v4.9.1
145v6.17.1
146v8.17.0
147v8.9
148phpenv versions
149 system
150 8.1
151* 8.1.2 (set by /home/travis/.phpenv/version)
152 hhvm-stable
153 hhvm
154composer --version
155Composer version 2.3.7 2022-06-06 16:43:28
156Pre-installed Ruby versions
157ruby-2.7.8
158ruby-3.0.4
159ruby-3.1.2
1610.03s0.01s0.75s0.33s0.07s0.01s0.04s0.00s0.01s0.02s0.03s0.01s0.02s0.00s0.36sOK
1620.00s0.07s0.00s0.02s0.20s0.00s0.00s0.00s0.01s0.00s0.10s0.01s1.15s0.00s0.08s6.05s0.00s3.77s0.00s2.47s
docker_mtu_and_registry_mirrors
resolvconf
git.checkout
1630.01s1.70s$ git clone --depth=10 --branch=bfsy-304-ent-am https://github.com/travis-ci/travis-yml.git travis-ci/travis-yml
164Cloning into 'travis-ci/travis-yml'...
165$ cd travis-ci/travis-yml
166$ git checkout -qf 4126f6f514c480807eaa8f1bd5e5820a12d4d691
1680.01s
169Setting environment variables from repository settings
170$ export QUAY_ROBOT_HANDLE=[secure]
171$ export QUAY_ROBOT_TOKEN=[secure]
173$ bash -c 'echo $BASH_VERSION'
1745.1.16(1)-release
176Skipping the before_install step, as specified in the configuration.
177Skipping the install step, as specified in the configuration.
178123.96s$ make ship
179docker build --pull --no-cache -t travisci/travis-yml:4126f6f .
180DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
181 Install the buildx component to build images with BuildKit:
182 https://docs.docker.com/go/buildx/
184Sending build context to Docker daemon 3.469MB
185Step 1/18 : FROM ruby:2.6.10-slim as base
1862.6.10-slim: Pulling from library/ruby
1871fe172e4850f: Pulling fs layer
188100f29d0fcb2: Pulling fs layer
189937a564b41a1: Pulling fs layer
19096ed6bd3a152: Pulling fs layer
19103e23c2ed14b: Pulling fs layer
19296ed6bd3a152: Waiting
19303e23c2ed14b: Waiting
194937a564b41a1: Verifying Checksum
195937a564b41a1: Download complete
196100f29d0fcb2: Verifying Checksum
197100f29d0fcb2: Download complete
1981fe172e4850f: Verifying Checksum
1991fe172e4850f: Download complete
20003e23c2ed14b: Verifying Checksum
20103e23c2ed14b: Download complete
20296ed6bd3a152: Verifying Checksum
20396ed6bd3a152: Download complete
2041fe172e4850f: Pull complete
205100f29d0fcb2: Pull complete
206937a564b41a1: Pull complete
20796ed6bd3a152: Pull complete
20803e23c2ed14b: Pull complete
209Digest: sha256:3d641979a7dc819b4c253dc62d2f74800817053247005f72b871d164498109df
210Status: Downloaded newer image for ruby:2.6.10-slim
211 ---> 6c7e929006b0
212Step 2/18 : RUN apt-get update > /dev/null 2>&1 && apt-get upgrade -y > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*
213 ---> Running in ed012451536f
214Removing intermediate container ed012451536f
215 ---> 0e69730a3440
216Step 3/18 : WORKDIR /app
217 ---> Running in 1c7ab72b864e
218Removing intermediate container 1c7ab72b864e
219 ---> 629a35b803f1
220Step 4/18 : RUN gem update --system 3.4.13 > /dev/null 2>&1
221 ---> Running in c17bf7fb7a91
222Removing intermediate container c17bf7fb7a91
223 ---> dbba8744172a
224Step 5/18 : RUN echo "gem: --no-document" >> ~/.gemrc
225 ---> Running in 08c37d047b33
226Removing intermediate container 08c37d047b33
227 ---> 856c41fabf89
228Step 6/18 : RUN bundle config set --global no-cache 'true' && bundle config set --global frozen 'true' && bundle config set --global deployment 'true' && bundle config set --global without 'development test' && bundle config set --global clean 'true' && bundle config set --global jobs `expr $(cat /proc/cpuinfo | grep -c 'cpu cores')` && bundle config set --global retry 3
229 ---> Running in 41598356ed2e
230Removing intermediate container 41598356ed2e
231 ---> c6c9da53050d
232Step 7/18 : FROM base as builder
233 ---> c6c9da53050d
234Step 8/18 : RUN apt-get update > /dev/null 2>&1 && apt-get install -y --no-install-recommends git make gcc g++ > /dev/null 2>&1 && rm -rf /var/lib/apt/lists/*
235 ---> Running in 71a5ed547c9f
236Removing intermediate container 71a5ed547c9f
237 ---> fe36b37f04da
238Step 9/18 : COPY .ruby-version travis-yml.gemspec ./
239 ---> e50778e4cc2d
240Step 10/18 : COPY ./lib/travis/yml/version.rb ./lib/travis/yml/version.rb
241 ---> a725d778300f
242Step 11/18 : COPY Gemfile Gemfile.lock ./
243 ---> ee97e2e517ca
244Step 12/18 : RUN bundle install
245 ---> Running in 5031c5bfe07f
246Bundler 2.4.13 is running, but your lockfile was generated with 2.4.17. Installing Bundler 2.4.17 and restarting using that version.
247Fetching gem metadata from https://rubygems.org/.
248Fetching bundler 2.4.17
249Installing bundler 2.4.17
250Fetching https://github.com/travis-ci/travis-conditions
251Fetching gem metadata from https://rubygems.org/.........
252Fetching https://github.com/travis-ci/travis-conditions
253Fetching https://github.com/travis-ci/travis-metrics
254Fetching sexp_processor 4.14.1
255Fetching atomic 1.1.101
256Installing atomic 1.1.101 with native extensions
257Installing sexp_processor 4.14.1
258Fetching multipart-post 2.1.1
259Installing multipart-post 2.1.1
260Fetching hashr 2.0.1
261Installing hashr 2.0.1
262Fetching hitimes 1.3.1
263Installing hitimes 1.3.1 with native extensions
264Fetching memoyze 0.0.1
265Installing memoyze 0.0.1
266Fetching multi_json 1.15.0
267Installing multi_json 1.15.0
268Fetching ruby2_keywords 0.0.5
269Installing ruby2_keywords 0.0.5
270Fetching nio4r 2.5.8
271Installing nio4r 2.5.8 with native extensions
272Fetching oj 3.7.12
273Installing oj 3.7.12 with native extensions
274Fetching parslet 1.8.2
275Installing parslet 1.8.2
276Fetching rack 2.2.4
277Installing rack 2.2.4
278Fetching rack-ssl-enforcer 0.2.9
279Installing rack-ssl-enforcer 0.2.9
280Fetching redcarpet 3.5.1
281Installing redcarpet 3.5.1 with native extensions
282Fetching regstry 1.0.15
283Installing regstry 1.0.15
284Fetching ruby-obj 1.0.0
285Installing ruby-obj 1.0.0
286Fetching sh_vars 1.0.2
287Installing sh_vars 1.0.2
288Fetching tilt 2.0.11
289Installing tilt 2.0.11
290Fetching tins 1.24.1
291Installing tins 1.24.1
292Fetching ruby_parser 3.14.2
293Installing ruby_parser 3.14.2
294Fetching faraday 0.15.4
295Installing faraday 0.15.4
296Fetching travis-config 1.1.3
297Installing travis-config 1.1.3
298Fetching avl_tree 1.2.1
299Installing avl_tree 1.2.1
300Fetching mustermann 2.0.2
301Installing mustermann 2.0.2
302Fetching puma 4.3.12
303Installing puma 4.3.12 with native extensions
304Fetching rack-cors 1.1.1
305Installing rack-cors 1.1.1
306Fetching rack-protection 2.2.3
307Installing rack-protection 2.2.3
308Fetching protocol 2.0.0
309Installing protocol 2.0.0
310Fetching faraday_middleware 0.14.0
311Installing faraday_middleware 0.14.0
312Fetching sentry-raven 2.9.0
313Installing sentry-raven 2.9.0
314Fetching metriks 0.9.9.8
315Installing metriks 0.9.9.8
316Fetching sinatra 2.2.3
317Installing sinatra 2.2.3
318Fetching mize 0.4.0
319Installing mize 0.4.0
320Fetching metriks-librato_metrics 1.0.6
321Installing metriks-librato_metrics 1.0.6
322Fetching sinatra-contrib 2.2.3
323Installing sinatra-contrib 2.2.3
324Fetching amatch 0.4.0
325Installing amatch 0.4.0 with native extensions
326Bundle complete! 17 Gemfile dependencies, 41 gems now installed.
327Gems in the groups 'development' and 'test' were not installed.
328Bundled gems are installed into `./vendor/bundle`
329Post-install message from atomic:
330This gem has been deprecated and merged into Concurrent Ruby (http://concurrent-ruby.com).
331Removing intermediate container 5031c5bfe07f
332 ---> 144857fc068d
333Step 13/18 : FROM base
334 ---> c6c9da53050d
335Step 14/18 : LABEL maintainer Travis CI GmbH <support+travis-live-docker-images@travis-ci.com>
336 ---> Running in b3407d1cab96
337Removing intermediate container b3407d1cab96
338 ---> 8c10e6acbe0f
339Step 15/18 : COPY --from=builder /usr/local/bundle /usr/local/bundle
340 ---> df1b18919e44
341Step 16/18 : COPY --from=builder /app/vendor ./vendor
342 ---> 5a199475cc13
343Step 17/18 : COPY . ./
344 ---> 88c713dd9f19
345Step 18/18 : CMD ["bundle", "exec", "puma", "-C", "lib/travis/yml/web/puma.rb"]
346 ---> Running in db3083d270a3
347Removing intermediate container db3083d270a3
348 ---> 877e5ff22fcd
349Successfully built 877e5ff22fcd
350Successfully tagged travisci/travis-yml:4126f6f
351docker login -u=[secure] -p=[secure] quay.io
352WARNING! Using --password via the CLI is insecure. Use --password-stdin.
353WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
354Configure a credential helper to remove this warning. See
355https://docs.docker.com/engine/reference/commandline/login/#credentials-store
357Login Succeeded
358docker tag travisci/travis-yml:4126f6f quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am
359docker push quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am
360The push refers to repository [quay.io/travisci/travis-yml]
36102944bc93a6a: Preparing
3624ea784a3db24: Preparing
3631e234c66941c: Preparing
3642d9508658dd6: Preparing
3656d03eb76012b: Preparing
36676285a80c66f: Preparing
367aba9acf3c0a6: Preparing
368767f3930ddbc: Preparing
3699ce6f9af70fc: Preparing
37072325fcd36b7: Preparing
371833c59850580: Preparing
3723471fad30f0e: Preparing
3739c1b6dd6c1e6: Preparing
37476285a80c66f: Waiting
375aba9acf3c0a6: Waiting
376767f3930ddbc: Waiting
3779ce6f9af70fc: Waiting
37872325fcd36b7: Waiting
379833c59850580: Waiting
3803471fad30f0e: Waiting
3819c1b6dd6c1e6: Waiting
38202944bc93a6a: Pushed
3832d9508658dd6: Pushed
3846d03eb76012b: Pushed
3851e234c66941c: Pushed
3869ce6f9af70fc: Layer already exists
38772325fcd36b7: Layer already exists
388833c59850580: Layer already exists
389aba9acf3c0a6: Pushed
3904ea784a3db24: Pushed
3919c1b6dd6c1e6: Layer already exists
3923471fad30f0e: Layer already exists
39376285a80c66f: Pushed
394767f3930ddbc: Pushed
3954126f6f-bfsy-304-ent-am: digest: sha256:49d65c99f5418ab3a995d151d249b549c7f88636d349444690fc9f0c0c35c40d size: 3041
396docker run --rm -v /tmp:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy i --ignore-unfixed quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am
397Unable to find image 'aquasec/trivy:latest' locally
398latest: Pulling from aquasec/trivy
3994abcf2066143: Pulling fs layer
400fea79d813ba7: Pulling fs layer
40159e37f8d454d: Pulling fs layer
402e0642506ddfc: Pulling fs layer
403e0642506ddfc: Waiting
404fea79d813ba7: Verifying Checksum
405fea79d813ba7: Download complete
4064abcf2066143: Verifying Checksum
4074abcf2066143: Download complete
4084abcf2066143: Pull complete
409e0642506ddfc: Verifying Checksum
410e0642506ddfc: Download complete
41159e37f8d454d: Verifying Checksum
41259e37f8d454d: Download complete
413fea79d813ba7: Pull complete
41459e37f8d454d: Pull complete
415e0642506ddfc: Pull complete
416Digest: sha256:a195a07b467618b7683b9170338bcfd7423b2aa5b869e7ef49ab9e3c0af4d130
417Status: Downloaded newer image for aquasec/trivy:latest
4182024-03-26T10:38:20.984Z INFO Need to update DB
4192024-03-26T10:38:20.984Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db:2
4202024-03-26T10:38:20.984Z INFO Downloading DB...
42126.30 MiB / 44.64 MiB [----------------------------------->_________________________] 58.91% ? p/s ?44.64 MiB / 44.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?44.64 MiB / 44.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 30.54 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [---------------------------------------------->] 100.00% 28.57 MiB p/s ETA 0s44.64 MiB / 44.64 MiB [-------------------------------------------------] 100.00% 27.15 MiB p/s 1.8s2024-03-26T10:38:23.215Z INFO Vulnerability scanning is enabled
4222024-03-26T10:38:23.215Z INFO Secret scanning is enabled
4232024-03-26T10:38:23.215Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
4242024-03-26T10:38:23.215Z INFO Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
4252024-03-26T10:38:33.857Z INFO Detected OS: debian
4262024-03-26T10:38:33.858Z INFO Detecting Debian vulnerabilities...
4272024-03-26T10:38:33.901Z INFO Number of language-specific files: 3
4282024-03-26T10:38:33.901Z INFO Detecting cargo vulnerabilities...
4292024-03-26T10:38:33.902Z INFO Detecting gemspec vulnerabilities...
4302024-03-26T10:38:33.982Z INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
432quay.io/travisci/travis-yml:4126f6f-bfsy-304-ent-am (debian 11.9)
433=================================================================
434Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
437Ruby (gemspec)
438==============
439Total: 14 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 6, CRITICAL: 0)
441┌───────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐
442│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
443├───────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
444│ json (json-2.1.0.gemspec) │ CVE-2020-10663 │ HIGH │ fixed │ 2.1.0 │ >= 2.3.0 │ rubygem-json: Unsafe object creation vulnerability in JSON │
445│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-10663 │
446├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼──────────────────���─────────────────────────────────────────┤
447│ puma (puma-4.3.12.gemspec) │ CVE-2023-40175 │ MEDIUM │ │ 4.3.12 │ ~> 5.6.7, >= 6.3.1 │ rubygem-puma: HTTP request smuggling when parsing chunked │
448│ │ │ │ │ │ │ transfer encoding bodies and zero-length... │
449│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-40175 │
450│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
451│ │ CVE-2024-21647 │ │ │ │ ~> 5.6.8, >= 6.4.2 │ rubygem-puma: HTTP request smuggling when parsing chunked │
452│ │ │ │ │ │ │ Transfer-Encoding Bodies │
453│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-21647 │
454├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
455│ rack (rack-2.2.4.gemspec) │ CVE-2022-44570 │ HIGH │ │ 2.2.4 │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │
456│ │ │ │ │ │ 2.2.6.2, >= 3.0.4.1 │ parsing │
457│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44570 │
458│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
459│ │ CVE-2022-44571 │ │ │ │ ~> 2.0.9, >= 2.0.9.2, ~> 2.1.4, >= 2.1.4.2, ~> 2.2.6, >= │ rubygem-rack: denial of service in Content-Disposition │
460│ │ │ │ │ │ 2.2.6.1, >= 3.0.4.1 │ parsing │
461│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44571 │
462│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤
463│ │ CVE-2022-44572 │ │ │ │ │ rubygem-rack: denial of service in Content-Disposition │
464│ │ │ │ │ │ │ parsing │
465│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-44572 │
466│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
467│ │ CVE-2023-27530 │ │ │ │ ~> 2.0.9, >= 2.0.9.3, ~> 2.1.4, >= 2.1.4.3, ~> 2.2.6, >= │ rubygem-rack: Denial of service in Multipart MIME parsing │
468│ │ │ │ │ │ 2.2.6.3, >= 3.0.4.2 │ https://avd.aquasec.com/nvd/cve-2023-27530 │
469│ ├────────────────┼──────────┤ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
470│ │ CVE-2023-27539 │ MEDIUM │ │ │ ~> 2.0, >= 2.2.6.4, >= 3.0.6.1 │ rubygem-rack: denial of service in header parsing │
471│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-27539 │
472│ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
473│ │ CVE-2024-25126 │ │ │ │ ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 │ rubygem-rack: Denial of Service Vulnerability in Rack │
474│ │ │ │ │ │ │ Content-Type Parsing │
475│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-25126 │
476│ ├────────────────┤ │ │ │ ├────────────────────────────────────────────────────────────┤
477│ │ CVE-2024-26141 │ │ │ │ │ rubygem-rack: Possible DoS Vulnerability with Range Header │
478│ │ │ │ │ │ │ in Rack │
479│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26141 │
480│ ├──────────���─────┤ │ │ ├──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
481│ │ CVE-2024-26146 │ │ │ │ ~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= │ rubygem-rack: Possible Denial of Service Vulnerability in │
482│ │ │ │ │ │ 2.2.8.1, >= 3.0.9.1 │ Rack Header Parsing │
483│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-26146 │
484├───────────────────────────────────┼────────────────┤ │ ├───────────────────┼──────────────────────────────────────────────────────────┼───────────────────────────────────���────────────────────────┤
485│ rdoc (rdoc-6.1.2.1.gemspec) │ CVE-2024-27281 │ │ │ 6.1.2.1 │ ~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1 │ ruby: RCE vulnerability with .rdoc_options in RDoc │
486│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27281 │
487├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
488│ stringio (stringio-0.0.2.gemspec) │ CVE-2024-27280 │ LOW │ │ 0.0.2 │ >= 3.0.1.1 │ ruby: Buffer overread vulnerability in StringIO │
489│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27280 │
490├───────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼──────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
491│ webrick (webrick-1.4.4.gemspec) │ CVE-2020-25613 │ HIGH │ │ 1.4.4 │ >= 1.6.1 │ ruby: Potential HTTP request smuggling in WEBrick │
492│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25613 │
493└───────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘
495usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock (cargo)
496========================================================================================================================================
497Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
499┌─────────┬─────────────────────┬─���────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
500│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
501├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
502│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │
503│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │
504└─────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘
506usr/local/bundle/gems/rubygems-update-3.4.13/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock (cargo)
507==========================================================================================================================
508Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
510┌─────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
511│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
512├─────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
513│ shlex │ GHSA-r7qv-8r2h-pg27 │ HIGH │ fixed │ 1.1.0 │ 1.3.0 │ Multiple issues involving quote API in shlex │
514│ │ │ │ │ │ │ https://github.com/advisories/GHSA-r7qv-8r2h-pg27 │
515└───���─────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘
516The command "make ship" exited with 0.
519Done. Your build exited with 0.
Top