osv-detector 0.11.1 -> 0.12.0 https://github.com/G-Rath/osv-detector/releases
attrpath: osv-detector
Checking auto update branch...
No auto update branch exists
[version] 
[version] generic version rewriter does not support multiple hashes
[rustCrateVersion] 
[rustCrateVersion] No cargoSha256 or cargoHash found
[golangModuleVersion] 
[golangModuleVersion] Found old vendorHash = "sha256-Rrosye8foVntoFDvDmyNuXgnEgjzcOXenOKBMZVCRio="
[golangModuleVersion] Replaced vendorHash with sha256-ZLp1++P72KSn/nZVpBVpzLWid5Emh935XNAP/uaNevg=
Received ExitFailure 1 when running
Raw command: /nix/store/v7gdmdc9yhx3ngh840xx5kr46840s73b-nix-2.18.2/bin/nix-build --option sandbox true --arg config "{ allowBroken = true; allowUnfree = true; allowAliases = false; }" --arg overlays "[ ]" -A osv-detector
nix build failed.
            - 	    GHSA-44c6-4v22-4mhx: semver-regex Regular Expression Denial of Service (ReDOS) (https://github.com/advisories/GHSA-44c6-4v22-4mhx)
            - 	    GHSA-4x5v-gmq8-25ch: Regular expression denial of service in semver-regex (https://github.com/advisories/GHSA-4x5v-gmq8-25ch)
            - 	  shell-quote@1.7.2 is affected by the following vulnerabilities:
            - 	    GHSA-g4rg-993r-mgx7: Improper Neutralization of Special Elements used in a Command in Shell-quote (https://github.com/advisories/GHSA-g4rg-993r-mgx7)
            - 	  terser@4.8.0 is affected by the following vulnerabilities:
            - 	    GHSA-4wf5-vphf-c2xc: Terser insecure use of regular expressions leads to ReDoS (https://github.com/advisories/GHSA-4wf5-vphf-c2xc)
            - 	  terser@5.9.0 is affected by the following vulnerabilities:
            - 	    GHSA-4wf5-vphf-c2xc: Terser insecure use of regular expressions leads to ReDoS (https://github.com/advisories/GHSA-4wf5-vphf-c2xc)
            - 	  tough-cookie@2.5.0 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  tough-cookie@4.0.0 is affected by the following vulnerabilities:
            - 	    GHSA-72xf-g2v4-qvf3: tough-cookie Prototype Pollution vulnerability (https://github.com/advisories/GHSA-72xf-g2v4-qvf3)
            - 	  trim@0.0.1 is affected by the following vulnerabilities:
            - 	    GHSA-w5p7-h5w8-2hfq: Regular Expression Denial of Service in trim (https://github.com/advisories/GHSA-w5p7-h5w8-2hfq)
            - 	  vuetify@2.1.5 is affected by the following vulnerabilities:
            - 	    GHSA-q4q5-c5cv-2p68: Vuetify Cross-site Scripting vulnerability (https://github.com/advisories/GHSA-q4q5-c5cv-2p68)
            - 	  word-wrap@1.2.3 is affected by the following vulnerabilities:
            - 	    GHSA-j8xg-fqg3-53r7: word-wrap vulnerable to Regular Expression Denial of Service (https://github.com/advisories/GHSA-j8xg-fqg3-53r7)
              	... // 1 identical, 1 removed, and 1 inserted lines
              	"""
              )
        main_test.go:1434: 
            actual stderr output does not match expected:
              string(
            - 	"",
            + 	` failed: unable to fetch OSV database: could not retrieve OSV database archive: Get "https://osv-vulnerabilities.storage.googleapis.com/npm/all.zip": dial tcp: lookup osv-vulnerabilities.storage.googleapis.com on [::1]:53: read udp [::1]:45492->[::1]:53: r`...,
              )
FAIL
FAIL	github.com/g-rath/osv-detector	0.067s
FAIL