diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 834e925bb..9be5fe455 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,12 +30,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 with: sarif_file: results.sarif diff --git a/linters/brakeman/test_data/Gemfile b/linters/brakeman/test_data/Gemfile index 58d6a8f30..0038b920c 100644 --- a/linters/brakeman/test_data/Gemfile +++ b/linters/brakeman/test_data/Gemfile @@ -2,13 +2,13 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '>= 5.0.0.beta1', '< 5.1' +gem 'rails', '>= 5.0.0.beta1', '< 5.2.9' # Use sqlite3 as the database for Active Record gem 'sqlite3' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # Use CoffeeScript for .coffee assets and views -gem 'coffee-rails', '~> 4.1.0' +gem 'coffee-rails', '~> 4.2.0' # See https://github.com/rails/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby @@ -21,7 +21,7 @@ gem 'jbuilder', '~> 2.0' # Use Puma as the app server gem 'puma' -gem 'actionpack-page_caching', '1.2.0' +gem 'actionpack-page_caching', '1.2.4' # Use ActiveModel has_secure_password # gem 'bcrypt', '~> 3.1.7' diff --git a/linters/brakeman/test_data/brakeman_v5.4.0_CUSTOM.check.shot b/linters/brakeman/test_data/brakeman_v5.4.0_CUSTOM.check.shot index d0d030c22..051d710a2 100644 --- a/linters/brakeman/test_data/brakeman_v5.4.0_CUSTOM.check.shot +++ b/linters/brakeman/test_data/brakeman_v5.4.0_CUSTOM.check.shot @@ -3,19 +3,6 @@ exports[`Testing linter brakeman test CUSTOM 1`] = ` Object { "issues": Array [ - Object { - "bucket": "brakeman", - "code": "PageCachingCVE", - "column": "1", - "file": "test_data/Gemfile", - "issueClass": "ISSUE_CLASS_EXISTING", - "issueUrl": "https://groups.google.com/d/msg/rubyonrails-security/CFRVkEytdP8/c5gmICECAgAJ", - "level": "LEVEL_MEDIUM", - "line": "24", - "linter": "brakeman", - "message": "Directory traversal vulnerability in actionpack-page_caching 1.2.0 (CVE-2020-8159). Upgrade to actionpack-page_caching 1.2.2", - "targetType": "ruby", - }, Object { "bucket": "brakeman", "code": "CSRFTokenForgeryCVE", diff --git a/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.jar b/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.jar index 41d9927a4..943f0cbfa 100644 Binary files a/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.jar and b/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.jar differ diff --git a/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.properties b/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.properties index 00e33edef..f398c33c4 100644 --- a/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.properties +++ b/linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip +networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/linters/detekt/test_data/detekt_gradle/gradlew b/linters/detekt/test_data/detekt_gradle/gradlew index 1b6c78733..65dcd68d6 100755 --- a/linters/detekt/test_data/detekt_gradle/gradlew +++ b/linters/detekt/test_data/detekt_gradle/gradlew @@ -55,7 +55,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -80,10 +80,10 @@ do esac done -APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit - -APP_NAME="Gradle" +# This is normally unused +# shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' @@ -143,12 +143,16 @@ fi if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then case $MAX_FD in #( max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 MAX_FD=$( ulimit -H -n ) || warn "Could not query maximum file descriptor limit" esac case $MAX_FD in #( '' | soft) :;; #( *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 ulimit -n "$MAX_FD" || warn "Could not set maximum file descriptor limit to $MAX_FD" esac @@ -205,6 +209,12 @@ set -- \ org.gradle.wrapper.GradleWrapperMain \ "$@" +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + # Use "xargs" to parse quoted args. # # With -n1 it outputs one arg per line, with the quotes and backslashes removed. diff --git a/linters/detekt/test_data/detekt_gradle/gradlew.bat b/linters/detekt/test_data/detekt_gradle/gradlew.bat index ac1b06f93..6689b85be 100644 --- a/linters/detekt/test_data/detekt_gradle/gradlew.bat +++ b/linters/detekt/test_data/detekt_gradle/gradlew.bat @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,7 +25,8 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if %ERRORLEVEL% equ 0 goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal diff --git a/linters/detekt/test_data/detekt_gradle/lib/build.gradle.kts b/linters/detekt/test_data/detekt_gradle/lib/build.gradle.kts index c2f9d17e4..c7358b3e3 100644 --- a/linters/detekt/test_data/detekt_gradle/lib/build.gradle.kts +++ b/linters/detekt/test_data/detekt_gradle/lib/build.gradle.kts @@ -1,10 +1,10 @@ plugins { // Java deps - id("org.jetbrains.kotlin.jvm") version "1.5.31" + id("org.jetbrains.kotlin.jvm") version "1.8.10" `java-library` // Detekt - id("io.gitlab.arturbosch.detekt").version("1.20.0-RC1") + id("io.gitlab.arturbosch.detekt").version("1.22.0") } repositories { diff --git a/linters/eslint/test_data/package.json b/linters/eslint/test_data/package.json index e22f95b51..4718871cd 100644 --- a/linters/eslint/test_data/package.json +++ b/linters/eslint/test_data/package.json @@ -5,10 +5,10 @@ "@typescript-eslint/parser": "^5.47.1", "eslint": "^8.10.0", "eslint-config-prettier": "^8.5.0", - "eslint-plugin-import": "2.26.0", + "eslint-plugin-import": "2.27.5", "eslint-plugin-prettier": "^4.2.1", "eslint-plugin-node": "^11.1.0", "prettier": "^2.8.0", - "typescript": "4.9.3" + "typescript": "4.9.5" } } diff --git a/linters/tflint/test_data/.tflint.hcl b/linters/tflint/test_data/.tflint.hcl index 65c113e6f..16a28d8c9 100644 --- a/linters/tflint/test_data/.tflint.hcl +++ b/linters/tflint/test_data/.tflint.hcl @@ -1,5 +1,5 @@ plugin "aws" { enabled = true - version = "0.13.2" + version = "0.21.2" source = "github.com/terraform-linters/tflint-ruleset-aws" }