Bump common to v2.1.4
What does this MR do?
Bump the common
dependency from v2.0.0
to v2.1.4
and update expectation accordingly
Format update:
- adds
remediations
- Reorder due to severity
❯ _jq_cve_diff test/expect/gl-dependency-scanning-report.json test/fixtures/gl-dependency-scanning-report.json
--- /dev/fd/63 2019-03-20 12:09:27.000000000 -0700
+++ /dev/fd/62 2019-03-20 12:09:27.000000000 -0700
@@ -1,13 +1,13 @@
[
- "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5419",
+ "sast-sample-rails/Gemfile.lock:ffi:cve:CVE-2018-1000201",
"sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5418",
+ "sast-sample-rails/Gemfile.lock:actionview:cve:CVE-2019-5419",
"sast-sample-rails/Gemfile.lock:activejob:cve:CVE-2018-16476",
- "sast-sample-rails/Gemfile.lock:ffi:cve:CVE-2018-1000201",
"sast-sample-rails/Gemfile.lock:loofah:cve:CVE-2018-16468",
"sast-sample-rails/Gemfile.lock:loofah:cve:CVE-2018-8048",
"sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2017-15412",
- "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2018-8048",
"sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2018-14404",
+ "sast-sample-rails/Gemfile.lock:nokogiri:cve:CVE-2018-8048",
"sast-sample-rails/Gemfile.lock:rack:cve:CVE-2018-16471",
"sast-sample-rails/Gemfile.lock:rails-html-sanitizer:cve:CVE-2018-3741",
"sast-sample-rails/Gemfile.lock:sprockets:cve:CVE-2018-3760",
❯ diff -u <(jq -S '.vulnerabilities | map(.severity)' test/expect/gl-dependency-scanning-report.json) <(jq -S '.vulnerabilities | map(.severity)' test/fixtures/gl-dependency-scanning-report.json)
--- /dev/fd/63 2019-03-20 12:10:32.000000000 -0700
+++ /dev/fd/62 2019-03-20 12:10:32.000000000 -0700
@@ -1,8 +1,8 @@
[
+ "High",
"Unknown",
"Unknown",
"Unknown",
- "High",
"Unknown",
"Unknown",
"Unknown",
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer