osv-detector 0.11.1 -> 0.12.0 https://github.com/G-Rath/osv-detector/releases
attrpath: osv-detector
Checking auto update branch...
No auto update branch exists
[version] 
[version] generic version rewriter does not support multiple hashes
[rustCrateVersion] 
[rustCrateVersion] No cargoSha256 or cargoHash found
[golangModuleVersion] 
[golangModuleVersion] Found old vendorHash = "sha256-Rrosye8foVntoFDvDmyNuXgnEgjzcOXenOKBMZVCRio="
[golangModuleVersion] Replaced vendorHash with sha256-ZLp1++P72KSn/nZVpBVpzLWid5Emh935XNAP/uaNevg=
Received ExitFailure 1 when running
Raw command: /nix/store/3nqhcyc7vid1npgcd0m7arg5sn325nhz-nix-2.12.0/bin/nix-build --option sandbox true --arg config "{ allowBroken = true; allowUnfree = true; allowAliases = false; }" --arg overlays "[ ]" -A osv-detector
nix build failed.
            - 	    GHSA-r628-mhmh-qjhw: Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
            - 	  terser@4.8.0 is affected by the following vulnerabilities:
            - 	    GHSA-4wf5-vphf-c2xc: Terser insecure use of regular expressions leads to ReDoS (https://github.com/advisories/GHSA-4wf5-vphf-c2xc)
            - 	  tough-cookie@2.5.0 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  tough-cookie@4.0.0 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  trim-newlines@1.0.0 is affected by the following vulnerabilities:
            - 	    GHSA-7p7h-4mm5-852v: Uncontrolled Resource Consumption in trim-newlines (https://github.com/advisories/GHSA-7p7h-4mm5-852v)
            - 	  ua-parser-js@0.7.31 is affected by the following vulnerabilities:
            - 	    GHSA-fhg7-m89q-25r3: ReDoS Vulnerability in ua-parser-js version (https://github.com/advisories/GHSA-fhg7-m89q-25r3)
            - 	  ua-parser-js@1.0.2 is affected by the following vulnerabilities:
            - 	    GHSA-fhg7-m89q-25r3: ReDoS Vulnerability in ua-parser-js version (https://github.com/advisories/GHSA-fhg7-m89q-25r3)
            - 	  url-parse@1.5.7 is affected by the following vulnerabilities:
            - 	    GHSA-hgjh-723h-mx2j: Authorization Bypass Through User-Controlled Key in url-parse (https://github.com/advisories/GHSA-hgjh-723h-mx2j)
            - 	    GHSA-jf5r-8hm2-f872: url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. (https://github.com/advisories/GHSA-jf5r-8hm2-f872)
            - 	  word-wrap@1.2.3 is affected by the following vulnerabilities:
            - 	    GHSA-j8xg-fqg3-53r7: word-wrap vulnerable to Regular Expression Denial of Service (https://github.com/advisories/GHSA-j8xg-fqg3-53r7)
              	... // 1 identical, 1 removed, and 1 inserted lines
              	"""
              )
        main_test.go:1434: 
            actual stderr output does not match expected:
              string(
            - 	"",
            + 	` failed: unable to fetch OSV database: could not retrieve OSV database archive: Get "https://osv-vulnerabilities.storage.googleapis.com/npm/all.zip": dial tcp: lookup osv-vulnerabilities.storage.googleapis.com on [::1]:53: read udp [::1]:57979->[::1]:53: r`...,
              )
FAIL
FAIL	github.com/g-rath/osv-detector	0.068s
FAIL