osv-detector 0.11.1 -> 0.12.0 https://github.com/G-Rath/osv-detector/releases
attrpath: osv-detector
Checking auto update branch...
No auto update branch exists
[version] 
[version] generic version rewriter does not support multiple hashes
[rustCrateVersion] 
[rustCrateVersion] No cargoSha256 or cargoHash found
[golangModuleVersion] 
[golangModuleVersion] Found old vendorHash = "sha256-Rrosye8foVntoFDvDmyNuXgnEgjzcOXenOKBMZVCRio="
[golangModuleVersion] Replaced vendorHash with sha256-ZLp1++P72KSn/nZVpBVpzLWid5Emh935XNAP/uaNevg=
Received ExitFailure 1 when running
Raw command: /nix/store/62fm7r6175k2bgvhc19hn9bdhw90wa3n-nix-2.18.1/bin/nix-build --option sandbox true --arg config "{ allowBroken = true; allowUnfree = true; allowAliases = false; }" --arg overlays "[ ]" -A osv-detector
nix build failed.
            - 	    GHSA-64g7-mvw6-v9qj: Improper Privilege Management in shelljs (https://github.com/advisories/GHSA-64g7-mvw6-v9qj)
            - 	  terser@4.8.0 is affected by the following vulnerabilities:
            - 	    GHSA-4wf5-vphf-c2xc: Terser insecure use of regular expressions leads to ReDoS (https://github.com/advisories/GHSA-4wf5-vphf-c2xc)
            - 	  tmpl@1.0.4 is affected by the following vulnerabilities:
            - 	    GHSA-jgrx-mgxx-jf9v: tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion (https://github.com/advisories/GHSA-jgrx-mgxx-jf9v)
            - 	  tough-cookie@2.5.0 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  tough-cookie@3.0.1 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  url-parse@1.5.3 is affected by the following vulnerabilities:
            - 	    GHSA-8v38-pw62-9cw2: url-parse Incorrectly parses URLs that include an '@' (https://github.com/advisories/GHSA-8v38-pw62-9cw2)
            - 	    GHSA-hgjh-723h-mx2j: Authorization Bypass Through User-Controlled Key in url-parse (https://github.com/advisories/GHSA-hgjh-723h-mx2j)
            - 	    GHSA-jf5r-8hm2-f872: url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. (https://github.com/advisories/GHSA-jf5r-8hm2-f872)
            - 	    GHSA-rqff-837h-mm52: Authorization bypass in url-parse (https://github.com/advisories/GHSA-rqff-837h-mm52)
            - 	  word-wrap@1.2.3 is affected by the following vulnerabilities:
            - 	    GHSA-j8xg-fqg3-53r7: word-wrap vulnerable to Regular Expression Denial of Service (https://github.com/advisories/GHSA-j8xg-fqg3-53r7)
            - 	  yargs-parser@10.1.0 is affected by the following vulnerabilities:
            - 	    GHSA-p9pc-299p-vxgp: yargs-parser Vulnerable to Prototype Pollution (https://github.com/advisories/GHSA-p9pc-299p-vxgp)
              	... // 1 identical, 1 removed, and 1 inserted lines
              	"""
              )
        main_test.go:1434: 
            actual stderr output does not match expected:
              string(
            - 	"",
            + 	` failed: unable to fetch OSV database: could not retrieve OSV database archive: Get "https://osv-vulnerabilities.storage.googleapis.com/npm/all.zip": dial tcp: lookup osv-vulnerabilities.storage.googleapis.com on [::1]:53: read udp [::1]:49814->[::1]:53: r`...,
              )
FAIL
FAIL	github.com/g-rath/osv-detector	0.209s
FAIL