chore(deps): bump kumahq/kuma-gui to 38da2c4e4cc778f7626e10cdd0a740d1…

…21fd579a Bumps kumahq/kuma-gui to version [master@38da2c4e4cc778f7626e10cdd0a740d121fd579a](https://github.com/kumahq/kuma-gui/tree/38da2c4e4cc778f7626e10cdd0a740d121fd579a) Signed-off-by: GitHub <[email protected]>
kumahq · Dec 10, 2024 · 8900b3f · 8900b3f
1 parent c6cb4c6
commit 8900b3f
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 210 deletions.
diff --git a/app/kuma-ui/pkg/resources/kuma-gui-cve-report.json b/app/kuma-ui/pkg/resources/kuma-gui-cve-report.json
@@ -1,140 +1,5 @@
 {
- "matches": [
-  {
-   "vulnerability": {
-    "id": "GHSA-mwcw-c2x4-8c55",
-    "dataSource": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
-    "namespace": "github:language:javascript",
-    "severity": "Low",
-    "urls": [
-     "https://github.com/advisories/GHSA-mwcw-c2x4-8c55"
-    ],
-    "description": "Infinite loop in nanoid",
-    "cvss": [],
-    "fix": {
-     "versions": [
-      "3.3.8"
-     ],
-     "state": "fixed"
-    },
-    "advisories": []
-   },
-   "relatedVulnerabilities": [
-    {
-     "id": "CVE-2024-55565",
-     "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
-     "namespace": "nvd:cpe",
-     "severity": "Unknown",
-     "urls": [
-      "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
-      "https://github.com/ai/nanoid/pull/510",
-      "https://github.com/ai/nanoid/releases/tag/5.0.9"
-     ],
-     "description": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
-     "cvss": []
-    }
-   ],
-   "matchDetails": [
-    {
-     "type": "exact-direct-match",
-     "matcher": "javascript-matcher",
-     "searchedBy": {
-      "language": "javascript",
-      "namespace": "github:language:javascript",
-      "package": {
-       "name": "nanoid",
-       "version": "3.3.7"
-      }
-     },
-     "found": {
-      "versionConstraint": "<3.3.8 (unknown)",
-      "vulnerabilityID": "GHSA-mwcw-c2x4-8c55"
-     }
-    }
-   ],
-   "artifact": {
-    "id": "3b30c6fe692a134b",
-    "name": "nanoid",
-    "version": "3.3.7",
-    "type": "npm",
-    "locations": [],
-    "language": "javascript",
-    "licenses": [],
-    "cpes": [
-     "cpe:2.3:a:nanoid_project:nanoid:3.3.7:*:*:*:*:node.js:*:*"
-    ],
-    "purl": "pkg:npm/[email protected]",
-    "upstreams": []
-   }
-  },
-  {
-   "vulnerability": {
-    "id": "GHSA-mwcw-c2x4-8c55",
-    "dataSource": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
-    "namespace": "github:language:javascript",
-    "severity": "Low",
-    "urls": [
-     "https://github.com/advisories/GHSA-mwcw-c2x4-8c55"
-    ],
-    "description": "Infinite loop in nanoid",
-    "cvss": [],
-    "fix": {
-     "versions": [
-      "5.0.9"
-     ],
-     "state": "fixed"
-    },
-    "advisories": []
-   },
-   "relatedVulnerabilities": [
-    {
-     "id": "CVE-2024-55565",
-     "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
-     "namespace": "nvd:cpe",
-     "severity": "Unknown",
-     "urls": [
-      "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
-      "https://github.com/ai/nanoid/pull/510",
-      "https://github.com/ai/nanoid/releases/tag/5.0.9"
-     ],
-     "description": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
-     "cvss": []
-    }
-   ],
-   "matchDetails": [
-    {
-     "type": "exact-direct-match",
-     "matcher": "javascript-matcher",
-     "searchedBy": {
-      "language": "javascript",
-      "namespace": "github:language:javascript",
-      "package": {
-       "name": "nanoid",
-       "version": "5.0.8"
-      }
-     },
-     "found": {
-      "versionConstraint": ">=4.0.0,<5.0.9 (unknown)",
-      "vulnerabilityID": "GHSA-mwcw-c2x4-8c55"
-     }
-    }
-   ],
-   "artifact": {
-    "id": "114c5321a3a85310",
-    "name": "nanoid",
-    "version": "5.0.8",
-    "type": "npm",
-    "locations": [],
-    "language": "javascript",
-    "licenses": [],
-    "cpes": [
-     "cpe:2.3:a:nanoid_project:nanoid:5.0.8:*:*:*:*:node.js:*:*"
-    ],
-    "purl": "pkg:npm/[email protected]",
-    "upstreams": []
-   }
-  }
- ],
+ "matches": [],
  "source": {
   "type": "directory",
   "target": "kumahq/kuma-gui"
@@ -288,6 +153,6 @@
    "checksum": "sha256:c8cce542b0e60be10189a9b8cf77842dd3c306cd6e35b2cd99dfad486e226d11",
    "error": null
   },
-  "timestamp": "2024-12-10T17:14:37.587445114Z"
+  "timestamp": "2024-12-10T17:44:46.697720565Z"
  }
 }
diff --git a/app/kuma-ui/pkg/resources/kuma-gui-cve-report.sarif b/app/kuma-ui/pkg/resources/kuma-gui-cve-report.sarif
@@ -7,79 +7,10 @@
         "driver": {
           "name": "grype",
           "version": "0.80.0",
-          "informationUri": "https://github.com/anchore/grype",
-          "rules": [
-            {
-              "id": "GHSA-mwcw-c2x4-8c55-nanoid",
-              "name": "JavascriptMatcherExactDirectMatch",
-              "shortDescription": {
-                "text": "GHSA-mwcw-c2x4-8c55 low vulnerability for nanoid package"
-              },
-              "fullDescription": {
-                "text": "Infinite loop in nanoid"
-              },
-              "helpUri": "https://github.com/anchore/grype",
-              "help": {
-                "text": "Vulnerability GHSA-mwcw-c2x4-8c55\nSeverity: low\nPackage: nanoid\nVersion: 3.3.7\nFix Version: 3.3.8\nType: npm\nLocation: kumahq/kuma-gui\nData Namespace: github:language:javascript\nLink: [GHSA-mwcw-c2x4-8c55](https://github.com/advisories/GHSA-mwcw-c2x4-8c55)",
-                "markdown": "**Vulnerability GHSA-mwcw-c2x4-8c55**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low  | nanoid  | 3.3.7  | 3.3.8  | npm  | kumahq/kuma-gui  | github:language:javascript  | [GHSA-mwcw-c2x4-8c55](https://github.com/advisories/GHSA-mwcw-c2x4-8c55)  |\n"
-              },
-              "properties": {
-                "security-severity": "1.0"
-              }
-            }
-          ]
+          "informationUri": "https://github.com/anchore/grype"
         }
       },
-      "results": [
-        {
-          "ruleId": "GHSA-mwcw-c2x4-8c55-nanoid",
-          "message": {
-            "text": "A low vulnerability in npm package: nanoid, version 3.3.7 was found at: kumahq/kuma-gui"
-          },
-          "locations": [
-            {
-              "physicalLocation": {
-                "artifactLocation": {
-                  "uri": "kumahq/kuma-gui"
-                },
-                "region": {
-                  "startLine": 1,
-                  "startColumn": 1,
-                  "endLine": 1,
-                  "endColumn": 1
-                }
-              }
-            }
-          ],
-          "partialFingerprints": {
-            "primaryLocationLineHash": "89e6b7c5f5a85d7cc9dba71bbcedaf735d00078dc17aabe15d7af4c340635795:1"
-          }
-        },
-        {
-          "ruleId": "GHSA-mwcw-c2x4-8c55-nanoid",
-          "message": {
-            "text": "A low vulnerability in npm package: nanoid, version 5.0.8 was found at: kumahq/kuma-gui"
-          },
-          "locations": [
-            {
-              "physicalLocation": {
-                "artifactLocation": {
-                  "uri": "kumahq/kuma-gui"
-                },
-                "region": {
-                  "startLine": 1,
-                  "startColumn": 1,
-                  "endLine": 1,
-                  "endColumn": 1
-                }
-              }
-            }
-          ],
-          "partialFingerprints": {
-            "primaryLocationLineHash": "0393d3d3865bf1a184cd7aa1fa2ac19eccff70acf45fbd8265a834170407760c:1"
-          }
-        }
-      ]
+      "results": []
     }
   ]
 }
diff --git a/app/kuma-ui/pkg/resources/kuma-gui-sbom.cyclonedx.json b/app/kuma-ui/pkg/resources/kuma-gui-sbom.cyclonedx.json
diff --git a/app/kuma-ui/pkg/resources/kuma-gui-sbom.spdx.json b/app/kuma-ui/pkg/resources/kuma-gui-sbom.spdx.json