dependency_scanning
Passed Started
by
@nfriend
Nathan Friend
1Running with gitlab-runner 13.1.0-rc1 (b9d289ed)2 on gitlab-org-docker MCUzKzi54Using Docker executor with image docker:19.03.0 ...5Starting service docker:19.03.0-dind ...6Pulling docker image docker:19.03.0-dind ...7Using docker image sha256:fd0c64832f7e46b63a180e6000dbba7ad7a63542c5764841cba73429ba74a39e for docker:19.03.0-dind ...8Waiting for services to be up and running...9*** WARNING: Service runner-mcuzkzi5-project-278964-concurrent-0-36b90bd438f1c3c4-docker-0 probably didn't start properly.10Health check error:11service "runner-mcuzkzi5-project-278964-concurrent-0-36b90bd438f1c3c4-docker-0-wait-for-service" timeout12Health check container logs:13Service container logs:142020-06-17T16:53:51.938586434Z time="2020-06-17T16:53:51.938414109Z" level=info msg="Starting up"152020-06-17T16:53:51.940194353Z time="2020-06-17T16:53:51.940079522Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"162020-06-17T16:53:51.940515353Z time="2020-06-17T16:53:51.940410890Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"172020-06-17T16:53:51.941984009Z time="2020-06-17T16:53:51.941851187Z" level=info msg="libcontainerd: started new containerd process" pid=19182020-06-17T16:53:51.942114980Z time="2020-06-17T16:53:51.942058466Z" level=info msg="parsed scheme: \"unix\"" module=grpc192020-06-17T16:53:51.942203843Z time="2020-06-17T16:53:51.942141634Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc202020-06-17T16:53:51.942299824Z time="2020-06-17T16:53:51.942240660Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc212020-06-17T16:53:51.942381526Z time="2020-06-17T16:53:51.942320181Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc222020-06-17T16:53:51.942606660Z time="2020-06-17T16:53:51.942476482Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0004f3940, CONNECTING" module=grpc232020-06-17T16:53:51.990910698Z time="2020-06-17T16:53:51.989989767Z" level=info msg="starting containerd" revision=894b81a4b802e4eb2a91d1ce216b8817763c29fb version=v1.2.6 242020-06-17T16:53:51.990953451Z time="2020-06-17T16:53:51.990421333Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1 252020-06-17T16:53:51.990960314Z time="2020-06-17T16:53:51.990528357Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1 262020-06-17T16:53:51.994718649Z time="2020-06-17T16:53:51.991010402Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 272020-06-17T16:53:51.994763148Z time="2020-06-17T16:53:51.991032962Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1 282020-06-17T16:53:52.019446587Z time="2020-06-17T16:53:52.019314173Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 292020-06-17T16:53:52.019480368Z time="2020-06-17T16:53:52.019352978Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1 302020-06-17T16:53:52.019627744Z time="2020-06-17T16:53:52.019512510Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1 312020-06-17T16:53:52.020747867Z time="2020-06-17T16:53:52.020662737Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1 322020-06-17T16:53:52.021221222Z time="2020-06-17T16:53:52.021135042Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.zfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter" 332020-06-17T16:53:52.021245127Z time="2020-06-17T16:53:52.021156752Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1 342020-06-17T16:53:52.021313873Z time="2020-06-17T16:53:52.021242469Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 352020-06-17T16:53:52.021324092Z time="2020-06-17T16:53:52.021256270Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 362020-06-17T16:53:52.021330925Z time="2020-06-17T16:53:52.021269152Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter" 372020-06-17T16:53:52.034296367Z time="2020-06-17T16:53:52.034167227Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1 382020-06-17T16:53:52.034317656Z time="2020-06-17T16:53:52.034236326Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1 392020-06-17T16:53:52.034379711Z time="2020-06-17T16:53:52.034288921Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1 402020-06-17T16:53:52.034389230Z time="2020-06-17T16:53:52.034318924Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1 412020-06-17T16:53:52.034395473Z time="2020-06-17T16:53:52.034337348Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1 422020-06-17T16:53:52.034450963Z time="2020-06-17T16:53:52.034357055Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1 432020-06-17T16:53:52.034460030Z time="2020-06-17T16:53:52.034378861Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1 442020-06-17T16:53:52.034465116Z time="2020-06-17T16:53:52.034396899Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1 452020-06-17T16:53:52.034470436Z time="2020-06-17T16:53:52.034414453Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1 462020-06-17T16:53:52.034501903Z time="2020-06-17T16:53:52.034449408Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1 472020-06-17T16:53:52.034899818Z time="2020-06-17T16:53:52.034811969Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2 482020-06-17T16:53:52.035074802Z time="2020-06-17T16:53:52.034999326Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1 492020-06-17T16:53:52.035636167Z time="2020-06-17T16:53:52.035455157Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1 502020-06-17T16:53:52.035654081Z time="2020-06-17T16:53:52.035521360Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1 512020-06-17T16:53:52.035727176Z time="2020-06-17T16:53:52.035580786Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1 522020-06-17T16:53:52.035735934Z time="2020-06-17T16:53:52.035598763Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1 532020-06-17T16:53:52.035741883Z time="2020-06-17T16:53:52.035615036Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1 542020-06-17T16:53:52.035747067Z time="2020-06-17T16:53:52.035629449Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1 552020-06-17T16:53:52.035751979Z time="2020-06-17T16:53:52.035644799Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1 562020-06-17T16:53:52.035757017Z time="2020-06-17T16:53:52.035676302Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1 572020-06-17T16:53:52.035762466Z time="2020-06-17T16:53:52.035693659Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1 582020-06-17T16:53:52.036021859Z time="2020-06-17T16:53:52.035712060Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1 592020-06-17T16:53:52.036034404Z time="2020-06-17T16:53:52.035729409Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1 602020-06-17T16:53:52.036309494Z time="2020-06-17T16:53:52.036218538Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1 612020-06-17T16:53:52.036320999Z time="2020-06-17T16:53:52.036250681Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1 622020-06-17T16:53:52.036326542Z time="2020-06-17T16:53:52.036267206Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1 632020-06-17T16:53:52.036371350Z time="2020-06-17T16:53:52.036289257Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1 642020-06-17T16:53:52.036643876Z time="2020-06-17T16:53:52.036565383Z" level=info msg=serving... address="/var/run/docker/containerd/containerd-debug.sock" 652020-06-17T16:53:52.036727882Z time="2020-06-17T16:53:52.036662194Z" level=info msg=serving... address="/var/run/docker/containerd/containerd.sock" 662020-06-17T16:53:52.036737522Z time="2020-06-17T16:53:52.036683198Z" level=info msg="containerd successfully booted in 0.047509s" 672020-06-17T16:53:52.049856029Z time="2020-06-17T16:53:52.049685168Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0004f3940, READY" module=grpc682020-06-17T16:53:52.054462429Z time="2020-06-17T16:53:52.052944830Z" level=info msg="Setting the storage driver from the $DOCKER_DRIVER environment variable (overlay2)"692020-06-17T16:53:52.054489377Z time="2020-06-17T16:53:52.053254750Z" level=info msg="parsed scheme: \"unix\"" module=grpc702020-06-17T16:53:52.054496615Z time="2020-06-17T16:53:52.053273325Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc712020-06-17T16:53:52.054503277Z time="2020-06-17T16:53:52.053300973Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc722020-06-17T16:53:52.054510470Z time="2020-06-17T16:53:52.053315161Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc732020-06-17T16:53:52.054517036Z time="2020-06-17T16:53:52.053378430Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00006cbc0, CONNECTING" module=grpc742020-06-17T16:53:52.057101404Z time="2020-06-17T16:53:52.056867536Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00006cbc0, READY" module=grpc752020-06-17T16:53:52.058263198Z time="2020-06-17T16:53:52.058157082Z" level=info msg="parsed scheme: \"unix\"" module=grpc762020-06-17T16:53:52.058299471Z time="2020-06-17T16:53:52.058184007Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc772020-06-17T16:53:52.058307646Z time="2020-06-17T16:53:52.058208323Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc782020-06-17T16:53:52.058314020Z time="2020-06-17T16:53:52.058222390Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc792020-06-17T16:53:52.058401465Z time="2020-06-17T16:53:52.058304638Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00006d0c0, CONNECTING" module=grpc802020-06-17T16:53:52.059237653Z time="2020-06-17T16:53:52.059149163Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00006d0c0, READY" module=grpc812020-06-17T16:53:52.106111749Z time="2020-06-17T16:53:52.105928563Z" level=info msg="Loading containers: start."822020-06-17T16:53:52.122841575Z time="2020-06-17T16:53:52.122659298Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge 167936 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter 24576 0 \nbridge 167936 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"832020-06-17T16:53:52.133102599Z time="2020-06-17T16:53:52.132729802Z" level=warning msg="Running modprobe nf_nat failed with message: `ip: can't find device 'nf_nat'\nnf_nat_ipv4 16384 2 ipt_MASQUERADE,iptable_nat\nnf_nat 32768 1 nf_nat_ipv4\nnf_conntrack 139264 5 ipt_MASQUERADE,nf_conntrack_netlink,nf_nat_ipv4,nf_nat,xt_conntrack\nlibcrc32c 16384 2 nf_nat,nf_conntrack\nmodprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1"842020-06-17T16:53:52.140352489Z time="2020-06-17T16:53:52.139863329Z" level=warning msg="Running modprobe xt_conntrack failed with message: `ip: can't find device 'xt_conntrack'\nxt_conntrack 16384 2 \nnf_conntrack 139264 5 ipt_MASQUERADE,nf_conntrack_netlink,nf_nat_ipv4,nf_nat,xt_conntrack\nmodprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1"852020-06-17T16:53:52.246726308Z time="2020-06-17T16:53:52.246579705Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.18.0.0/16. Daemon option --bip can be used to set a preferred IP address"862020-06-17T16:53:52.316486776Z time="2020-06-17T16:53:52.305762183Z" level=info msg="Loading containers: done."872020-06-17T16:53:52.330524676Z time="2020-06-17T16:53:52.330376281Z" level=info msg="Docker daemon" commit=aeac9490dc graphdriver(s)=overlay2 version=19.03.0882020-06-17T16:53:52.330933874Z time="2020-06-17T16:53:52.330846859Z" level=info msg="Daemon has completed initialization"892020-06-17T16:53:52.361903199Z time="2020-06-17T16:53:52.361662859Z" level=info msg="API listen on [::]:2375"902020-06-17T16:53:52.362010280Z time="2020-06-17T16:53:52.361830101Z" level=info msg="API listen on /var/run/docker.sock"91*********92Pulling docker image docker:19.03.0 ...93Using docker image sha256:c4154a2b47a18fe9437956ab981bd5924b19e7ae3eb3ed60c42cf8dfa394d550 for docker:19.03.0 ...95Running on runner-mcuzkzi5-project-278964-concurrent-0 via runner-mcuzkzi5-org-ci-1592412653-35c56cfa...97$ eval "$CI_PRE_CLONE_SCRIPT"98Downloading archived master...99Connecting to storage.googleapis.com (64.233.170.128:443)100gitlab.tar.gz 1% | | 16.5M 0:00:55 ETA101gitlab.tar.gz 17% |***** | 161M 0:00:09 ETA102gitlab.tar.gz 40% |************ | 380M 0:00:04 ETA103gitlab.tar.gz 61% |******************* | 576M 0:00:02 ETA104gitlab.tar.gz 83% |************************** | 782M 0:00:01 ETA105gitlab.tar.gz 100% |********************************| 939M 0:00:00 ETA106Extracting tarball into /builds/gitlab-org/gitlab...107Fetching changes with git depth set to 20...108Reinitialized existing Git repository in /builds/gitlab-org/gitlab/.git/109Created fresh repository.110Checking out 2d057e7a as refs/merge-requests/25668/merge...111Skipping Git submodules setup113$ if ! docker info &>/dev/null; then # collapsed multi-line command114$ function propagate_env_vars() { # collapsed multi-line command115$ docker run \ # collapsed multi-line command116Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:2' locally1172: Pulling from gitlab-org/security-products/dependency-scanning118ce82f9486b57: Pulling fs layer119ce82f9486b57: Verifying Checksum120ce82f9486b57: Download complete121ce82f9486b57: Pull complete122Digest: sha256:29914ecaaa6a0387b7d0a679a6f5ee1cbe28211c3279cbdfaef6e1ace4b41516123Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:21242020/06/17 16:55:32 Copy project directory to containers1252020/06/17 16:55:32 [bundler-audit] Detect project using plugin1262020/06/17 16:55:32 [bundler-audit] Project is compatible1272020/06/17 16:55:32 [bundler-audit] Downloading analyzer...128.............................................1292020/06/17 16:55:38 [bundler-audit] Starting analyzer...130Found project in /tmp/app131Fetching origin133 906609f..37492cc master -> origin/master134Already on 'master'135Your branch is behind 'origin/master' by 4 commits, and can be fast-forwarded.136 (use "git pull" to update your local branch)1372020/06/17 16:56:44 [gemnasium] Detect project using plugin1382020/06/17 16:56:44 [gemnasium] Project is compatible1392020/06/17 16:56:44 [gemnasium] Downloading analyzer...140.............................................1412020/06/17 16:56:51 [gemnasium] Starting analyzer...142Found project in /tmp/app143Fetching origin145 bbc25f03..44eb8fde master -> origin/master146 * [new branch] 2020-03-13 -> origin/2020-03-13147 * [new branch] adbcurate/npm_cd_messenger_CVE_2020_7675_yml -> origin/adbcurate/npm_cd_messenger_CVE_2020_7675_yml148 * [new branch] adbcurate/npm_mosc_CVE_2020_7672_yml -> origin/adbcurate/npm_mosc_CVE_2020_7672_yml149 * [new branch] adbcurate/npm_node_extend_CVE_2020_7673_yml -> origin/adbcurate/npm_node_extend_CVE_2020_7673_yml150 * [new tag] v1.0.145 -> v1.0.145151 * [new tag] v1.0.146 -> v1.0.146152 * [new tag] v1.0.138 -> v1.0.138153 * [new tag] v1.0.139 -> v1.0.139154 * [new tag] v1.0.140 -> v1.0.140155 * [new tag] v1.0.141 -> v1.0.141156 * [new tag] v1.0.142 -> v1.0.142157 * [new tag] v1.0.143 -> v1.0.143158 * [new tag] v1.0.144 -> v1.0.144159Already on 'master'160Your branch is behind 'origin/master' by 26 commits, and can be fast-forwarded.161 (use "git pull" to update your local branch)1622020/06/17 16:57:47 Cannot auto-remediate dependency file, not supported: Gemfile.lock163yarn upgrade v1.15.2164[1/4] Resolving packages...165warning Resolution field "ts-jest@24.0.0" is incompatible with requested version "ts-jest@^23.10.5"166[2/4] Fetching packages...167info fsevents@2.1.3: The platform "linux" is incompatible with this module.168info "fsevents@2.1.3" is an optional dependency and failed compatibility check. Excluding it from installation.169info fsevents@1.2.13: The platform "linux" is incompatible with this module.170info "fsevents@1.2.13" is an optional dependency and failed compatibility check. Excluding it from installation.171[3/4] Linking dependencies...172warning " > monaco-editor-webpack-plugin@1.7.0" has incorrect peer dependency "monaco-editor@^0.15.1".173warning "@gitlab/eslint-plugin > eslint-plugin-jest > @typescript-eslint/experimental-utils > @typescript-eslint/typescript-estree > tsutils@3.17.1" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".174warning " > eslint-import-resolver-jest@2.1.2" has unmet peer dependency "eslint-plugin-import@>=1.4.0".175warning " > eslint-import-resolver-webpack@0.12.1" has unmet peer dependency "eslint-plugin-import@>=1.4.0".176[4/4] Rebuilding all packages...177success Saved lockfile.178success Saved 0 new dependencies.179Done in 61.99s.180fatal: package.json: no such path in the working tree.181Use 'git <command> -- <path>...' to specify paths that do not exist locally.182fatal: package.json: no such path in the working tree.183Use 'git <command> -- <path>...' to specify paths that do not exist locally.1842020/06/17 16:58:49 exit status 1281852020/06/17 16:58:49 Cannot auto-remediate dependency file, not supported: qa/Gemfile.lock186yarn upgrade v1.15.2187[1/4] Resolving packages...188warning Resolution field "ts-jest@24.0.0" is incompatible with requested version "ts-jest@^23.10.5"189[2/4] Fetching packages...190info fsevents@2.1.3: The platform "linux" is incompatible with this module.191info "fsevents@2.1.3" is an optional dependency and failed compatibility check. Excluding it from installation.192info fsevents@1.2.13: The platform "linux" is incompatible with this module.193info "fsevents@1.2.13" is an optional dependency and failed compatibility check. Excluding it from installation.194[3/4] Linking dependencies...195warning " > monaco-editor-webpack-plugin@1.7.0" has incorrect peer dependency "monaco-editor@^0.15.1".196warning "@gitlab/eslint-plugin > eslint-plugin-jest > @typescript-eslint/experimental-utils > @typescript-eslint/typescript-estree > tsutils@3.17.1" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".197warning " > eslint-import-resolver-jest@2.1.2" has unmet peer dependency "eslint-plugin-import@>=1.4.0".198warning " > eslint-import-resolver-webpack@0.12.1" has unmet peer dependency "eslint-plugin-import@>=1.4.0".199[4/4] Rebuilding all packages...200success Saved lockfile.201success Saved 1 new dependency.202info Direct dependencies203└─ acorn@6.4.1204info All dependencies205└─ acorn@6.4.1206Done in 12.06s.207fatal: package.json: no such path in the working tree.208Use 'git <command> -- <path>...' to specify paths that do not exist locally.209fatal: package.json: no such path in the working tree.210Use 'git <command> -- <path>...' to specify paths that do not exist locally.2112020/06/17 16:59:02 exit status 1282122020/06/17 16:59:02 Cannot auto-remediate dependency file, not supported: qa/qa/fixtures/auto_devops_rack/Gemfile.lock2132020/06/17 16:59:02 Cannot auto-remediate dependency file, not supported: tooling/overcommit/Gemfile.lock214yarn upgrade v1.15.2215[1/4] Resolving packages...216warning Resolution field "ts-jest@24.0.0" is incompatible with requested version "ts-jest@^23.10.5"217[2/4] Fetching packages...218info fsevents@2.1.3: The platform "linux" is incompatible with this module.219info "fsevents@2.1.3" is an optional dependency and failed compatibility check. Excluding it from installation.220info fsevents@1.2.13: The platform "linux" is incompatible with this module.221info "fsevents@1.2.13" is an optional dependency and failed compatibility check. Excluding it from installation.222[3/4] Linking dependencies...223warning " > monaco-editor-webpack-plugin@1.7.0" has incorrect peer dependency "monaco-editor@^0.15.1".224warning "@gitlab/eslint-plugin > eslint-plugin-jest > @typescript-eslint/experimental-utils > @typescript-eslint/typescript-estree > tsutils@3.17.1" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".225warning " > eslint-import-resolver-jest@2.1.2" has unmet peer dependency "eslint-plugin-import@>=1.4.0".226warning " > eslint-import-resolver-webpack@0.12.1" has unmet peer dependency "eslint-plugin-import@>=1.4.0".227[4/4] Rebuilding all packages...228success Saved lockfile.229success Saved 1 new dependency.230info Direct dependencies231└─ acorn@6.4.1232info All dependencies233└─ acorn@6.4.1234Done in 11.39s.235\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-checkout.\n2362020/06/17 16:59:14 exit status 22372020/06/17 16:59:34 [gemnasium-maven] Detect project using plugin2382020/06/17 16:59:34 [gemnasium-maven] Project not compatible2392020/06/17 16:59:34 [gemnasium-python] Detect project using plugin2402020/06/17 16:59:34 [gemnasium-python] Project is compatible2412020/06/17 16:59:34 [gemnasium-python] Downloading analyzer...242...............................................2432020/06/17 16:59:46 [gemnasium-python] Starting analyzer...244Found project in /tmp/app245Fetching origin247 bbc25f03..44eb8fde master -> origin/master248 * [new branch] 2020-03-13 -> origin/2020-03-13249 * [new branch] adbcurate/npm_cd_messenger_CVE_2020_7675_yml -> origin/adbcurate/npm_cd_messenger_CVE_2020_7675_yml250 * [new branch] adbcurate/npm_mosc_CVE_2020_7672_yml -> origin/adbcurate/npm_mosc_CVE_2020_7672_yml251 * [new branch] adbcurate/npm_node_extend_CVE_2020_7673_yml -> origin/adbcurate/npm_node_extend_CVE_2020_7673_yml252 * [new tag] v1.0.145 -> v1.0.145253 * [new tag] v1.0.146 -> v1.0.146254 * [new tag] v1.0.138 -> v1.0.138255 * [new tag] v1.0.139 -> v1.0.139256 * [new tag] v1.0.140 -> v1.0.140257 * [new tag] v1.0.141 -> v1.0.141258 * [new tag] v1.0.142 -> v1.0.142259 * [new tag] v1.0.143 -> v1.0.143260 * [new tag] v1.0.144 -> v1.0.144261Already on 'master'262Your branch is behind 'origin/master' by 26 commits, and can be fast-forwarded.263 (use "git pull" to update your local branch)264Creating a virtualenv for this project…265Pipfile: /tmp/app/Pipfile266Using /usr/local/bin/python (3.6.10) to create virtualenv…267⠧ Creating virtual environment...created virtual environment CPython3.6.10.final.0-64 in 456ms268 creator CPython3Posix(dest=/.local/share/virtualenvs/app-09ggk70F, clear=False, global=False)269 seeder FromAppData(download=False, pip=latest, setuptools=latest, wheel=latest, via=copy, app_data_dir=/.local/share/virtualenv/seed-app-data/v1.0.1)270 activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator271✔ Successfully created virtual environment! 272Virtualenv location: /.local/share/virtualenvs/app-09ggk70F273Warning: Your Pipfile requires python_version 3.4, but you are using 3.6.10 (/.local/share/v/a/bin/python).274 $ pipenv --rm and rebuilding the virtual environment may resolve the issue.275 $ pipenv check will surely fail.276Installing dependencies from Pipfile.lock (194c73)…277To activate this project's virtualenv, run pipenv shell.278Alternatively, run a command inside the virtualenv with pipenv run.2792020/06/17 17:00:54 [retire.js] Detect project using plugin2802020/06/17 17:00:54 [retire.js] Project is compatible2812020/06/17 17:00:54 [retire.js] Downloading analyzer...282....................................2020/06/17 17:01:01 [retire.js] Starting analyzer...283Found project in /tmp/app284Using python 3285Installing dependencies...286yarn install v1.22.4287[1/4] Resolving packages...288warning Resolution field "ts-jest@24.0.0" is incompatible with requested version "ts-jest@^23.10.5"289[2/4] Fetching packages...290info fsevents@2.1.3: The platform "linux" is incompatible with this module.291info "fsevents@2.1.3" is an optional dependency and failed compatibility check. Excluding it from installation.292info fsevents@1.2.13: The platform "linux" is incompatible with this module.293info "fsevents@1.2.13" is an optional dependency and failed compatibility check. Excluding it from installation.294[3/4] Linking dependencies...295warning " > monaco-editor-webpack-plugin@1.7.0" has incorrect peer dependency "monaco-editor@^0.15.1".296warning "@gitlab/eslint-plugin > eslint-plugin-jest > @typescript-eslint/experimental-utils > @typescript-eslint/typescript-estree > tsutils@3.17.1" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".297warning " > eslint-import-resolver-jest@2.1.2" has unmet peer dependency "eslint-plugin-import@>=1.4.0".298warning " > eslint-import-resolver-webpack@0.12.1" has unmet peer dependency "eslint-plugin-import@>=1.4.0".299[4/4] Building fresh packages...300$ node ./scripts/frontend/postinstall.js301success Dependency postinstall check passed.302Done in 67.53s.303+-------------------------------------------------------------------------------------------+304| Severity | Tool | Identifier |305+-------------------------------------------------------------------------------------------+306| Critical | Gemnasium | CVE-2020-8116 |307| |308| Direct Request (Forced Browsing) in dot-prop |309| Solution: Upgrade to version 5.1.1 or above. |310| In yarn.lock |311+-------------------------------------------------------------------------------------------+312| Critical | Gemnasium | |313| |314| OS Command Injection in execa |315| Solution: Upgrade to version 2.0.0 or above. |316| In yarn.lock |317+-------------------------------------------------------------------------------------------+318| Critical | Gemnasium | CVE-2020-7598 |319| |320| Improper Input Validation in minimist |321| Solution: Upgrade to version 1.2.2 or above. |322| In yarn.lock |323+-------------------------------------------------------------------------------------------+324| Critical | Gemnasium | CVE-2020-7598 |325| |326| Improper Input Validation in minimist |327| Solution: Upgrade to version 1.2.2 or above. |328| In yarn.lock |329+-------------------------------------------------------------------------------------------+330| Critical | Gemnasium | CVE-2019-0542 |331| |332| Improper Input Validation in xterm |333| Solution: Upgrade to versions 3.9.2, 3.10.1 or above. |334| In yarn.lock |335+-------------------------------------------------------------------------------------------+336| High | Gemnasium | CVE-2020-11076 |337| |338| Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in gitlab-puma |339| Solution: Upgrade to versions 3.12.6, 4.3.5 or above. |340| In Gemfile.lock |341+-------------------------------------------------------------------------------------------+342| High | Gemnasium | CVE-2020-11077 |343| |344| Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in gitlab-puma |345| Solution: Upgrade to versions 3.12.6, 4.3.5 or above. |346| In Gemfile.lock |347+-------------------------------------------------------------------------------------------+348| High | bundler-audit | CVE-2015-9284 |349| |350| CSRF vulnerability in OmniAuth's request phase |351| Solution: remove or disable this gem until a patch is available! |352| In Gemfile.lock |353+-------------------------------------------------------------------------------------------+354| High | Gemnasium | CVE-2018-3760 |355| |356| Information Exposure in sprockets |357| Solution: Upgrade to versions 2.12.5, 4.0.0 or above. |358| In Gemfile.lock |359+-------------------------------------------------------------------------------------------+360| High | Gemnasium | CVE-2020-8130 |361| |362| OS Command Injection in rake |363| Solution: Upgrade to version 12.3.3 or above. |364| In qa/Gemfile.lock |365+-------------------------------------------------------------------------------------------+366| High | Gemnasium | CVE-2020-8130 |367| |368| OS Command Injection in rake |369| Solution: Upgrade to version 12.3.3 or above. |370| In qa/qa/fixtures/auto_devops_rack/Gemfile.lock |371+-------------------------------------------------------------------------------------------+372| High | Gemnasium | |373| |374| Regular Expression Denial of Service in acorn |375| Solution: Upgrade to versions 5.7.4, 6.4.1, 7.1.1 or later. |376| In yarn.lock |377+-------------------------------------------------------------------------------------------+378| High | Gemnasium | |379| |380| Regular Expression Denial of Service in acorn |381| Solution: Upgrade to versions 5.7.4, 6.4.1, 7.1.1 or later. |382| In yarn.lock |383+-------------------------------------------------------------------------------------------+384| High | Gemnasium | CVE-2019-20149 |385| |386| Type checking vulnerability in kind-of |387| Solution: Upgrade to version 6.0.3 or above. |388| In yarn.lock |389+-------------------------------------------------------------------------------------------+390| High | Gemnasium | CVE-2019-20149 |391| |392| Type checking vulnerability in kind-of |393| Solution: Upgrade to version 6.0.3 or above. |394| In yarn.lock |395+-------------------------------------------------------------------------------------------+396| High | Gemnasium | CVE-2019-20149 |397| |398| Type checking vulnerability in kind-of |399| Solution: Upgrade to version 6.0.3 or above. |400| In yarn.lock |401+-------------------------------------------------------------------------------------------+402| High | Gemnasium | CVE-2019-20149 |403| |404| Type checking vulnerability in kind-of |405| Solution: Upgrade to version 6.0.3 or above. |406| In yarn.lock |407+-------------------------------------------------------------------------------------------+408| High | Gemnasium | CVE-2020-7660 |409| |410| Injection Vulnerability in serialize-javascript |411| Solution: Upgrade to version 3.1.0 or above. |412| In yarn.lock |413+-------------------------------------------------------------------------------------------+414| High | Gemnasium | CVE-2020-7662 |415| |416| Uncontrolled Resource Consumption in websocket-extensions |417| Solution: Upgrade to version 0.1.4 or above. |418| In yarn.lock |419+-------------------------------------------------------------------------------------------+420| High | Gemnasium | CVE-2020-7663 |421| |422| Uncontrolled Resource Consumption in websocket-extensions |423| Solution: Unfortunately, there is no solution available yet. |424| In yarn.lock |425+-------------------------------------------------------------------------------------------+426| High | Gemnasium | CVE-2020-7608 |427| |428| Improper Input Validation in yargs-parser |429| Solution: Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or above. |430| In yarn.lock |431+-------------------------------------------------------------------------------------------+432| High | Gemnasium | CVE-2020-7608 |433| |434| Improper Input Validation in yargs-parser |435| Solution: Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or above. |436| In yarn.lock |437+-------------------------------------------------------------------------------------------+438| High | Gemnasium | CVE-2020-7608 |439| |440| Improper Input Validation in yargs-parser |441| Solution: Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or above. |442| In yarn.lock |443+-------------------------------------------------------------------------------------------+444| High | Gemnasium | CVE-2020-7608 |445| |446| Improper Input Validation in yargs-parser |447| Solution: Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or above. |448| In yarn.lock |449+-------------------------------------------------------------------------------------------+450| Medium | Retire.js | CVE-2012-6708 |451| |452| Selector interpreted as HTML in jquery |453| In package.json |454+-------------------------------------------------------------------------------------------+455| Medium | Retire.js | CVE-2012-6708 |456| |457| Selector interpreted as HTML in jquery |458| In package.json |459+-------------------------------------------------------------------------------------------+460| Medium | Retire.js | CVE-2012-6708 |461| |462| Selector interpreted as HTML in jquery |463| In package.json |464+-------------------------------------------------------------------------------------------+465| Medium | Retire.js | CVE-2015-9251 |466| |467| parseHTML() executes scripts in event handlers in jquery |468| In package.json |469+-------------------------------------------------------------------------------------------+470| Medium | Retire.js | CVE-2015-9251 |471| |472| 3rd party CORS request may execute in jquery |473| In package.json |474+-------------------------------------------------------------------------------------------+475| Medium | Retire.js | CVE-2015-9251 |476| |477| 3rd party CORS request may execute in jquery |478| In package.json |479+-------------------------------------------------------------------------------------------+480| Medium | Retire.js | CVE-2015-9251 |481| |482| 3rd party CORS request may execute in jquery |483| In package.json |484+-------------------------------------------------------------------------------------------+485| Medium | Retire.js | CVE-2015-9251 |486| |487| 3rd party CORS request may execute in jquery |488| In package.json |489+-------------------------------------------------------------------------------------------+490| Medium | Retire.js | |491| |492| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |493| In package.json |494+-------------------------------------------------------------------------------------------+495| Medium | Retire.js | |496| |497| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |498| In package.json |499+-------------------------------------------------------------------------------------------+500| Medium | Retire.js | |501| |502| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |503| In package.json |504+-------------------------------------------------------------------------------------------+505| Medium | Retire.js | |506| |507| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |508| In package.json |509+-------------------------------------------------------------------------------------------+510| Medium | Retire.js | |511| |512| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |513| In package.json |514+-------------------------------------------------------------------------------------------+515| Medium | Retire.js | |516| |517| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |518| In package.json |519+-------------------------------------------------------------------------------------------+520| Medium | Retire.js | |521| |522| Regex in its jQuery.htmlPrefilter sometimes may introduce XSS in jquery |523| In package.json |524+-------------------------------------------------------------------------------------------+525| Medium | Gemnasium | CVE-2019-16782 |526| |527| Information Exposure in rack |528| Solution: Upgrade to version 2.0.8 or above. |529| In qa/qa/fixtures/auto_devops_rack/Gemfile.lock |530+-------------------------------------------------------------------------------------------+531| Medium | Gemnasium | CVE-2020-11022 |532| |533| Cross-site Scripting in jquery |534| Solution: Upgrade to version 3.5.0 or above. |535| In yarn.lock |536+-------------------------------------------------------------------------------------------+537| Medium | Gemnasium | CVE-2020-8823 |538| |539| Cross-site Scripting in sockjs |540| Solution: Unfortunately, there is no solution available yet. |541| In yarn.lock |542+-------------------------------------------------------------------------------------------+543| Medium | Gemnasium | CVE-2020-8124 |544| |545| Improper Input Validation in url-parse |546| Solution: Upgrade to version 1.4.5 or above. |547| In yarn.lock |548+-------------------------------------------------------------------------------------------+549| Low | Retire.js | CVE-2019-11358 |550| |551| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |552| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |553| In package.json |554+-------------------------------------------------------------------------------------------+555| Low | Retire.js | CVE-2019-11358 |556| |557| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |558| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |559| In package.json |560+-------------------------------------------------------------------------------------------+561| Low | Retire.js | CVE-2019-11358 |562| |563| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |564| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |565| In package.json |566+-------------------------------------------------------------------------------------------+567| Low | Retire.js | CVE-2019-11358 |568| |569| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |570| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |571| In package.json |572+-------------------------------------------------------------------------------------------+573| Low | Retire.js | CVE-2019-11358 |574| |575| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |576| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |577| In package.json |578+-------------------------------------------------------------------------------------------+579| Low | Retire.js | CVE-2019-11358 |580| |581| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles |582| jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery |583| In package.json |584+-------------------------------------------------------------------------------------------+585| Unknown | bundler-audit | CVE-2020-11082 |586| |587| Cross-Site Scripting in Kaminari via `original_script_name` parameter |588| Solution: upgrade to >= 1.2.1 |589| In Gemfile.lock |590+-------------------------------------------------------------------------------------------+591| Unknown | bundler-audit | CVE-2020-8161 |592| |593| Directory traversal in Rack::Directory app bundled with Rack |594| Solution: upgrade to ~> 2.1.3, >= 2.2.0 |595| In Gemfile.lock |596+-------------------------------------------------------------------------------------------+597| Unknown | Gemnasium | CVE-2014-9390 |598| |599| Arbitrary command execution in rugged |600| Solution: Upgrade to latest version. |601| In Gemfile.lock |602+-------------------------------------------------------------------------------------------+603| Unknown | bundler-audit | CVE-2020-7663 |604| |605| Regular Expression Denial of Service in websocket-extensions (RubyGem) |606| Solution: upgrade to >= 0.1.5 |607| In Gemfile.lock |608+-------------------------------------------------------------------------------------------+610Uploading artifacts...611gl-dependency-scanning-report.json: found 1 matching files and directories 612Uploading artifacts as "archive" to coordinator... ok id=599847065 responseStatus=201 Created token=7VMkzZ26613Uploading artifacts...614gl-dependency-scanning-report.json: found 1 matching files and directories 615Uploading artifacts as "dependency_scanning" to coordinator... ok id=599847065 responseStatus=201 Created token=7VMkzZ26616Job succeeded