fix: Add new expected vulnerabilities to tests (#255)

afsmeira · web-flow · commit 7d90121d4921 · 2026-03-17T09:22:45.000Z
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -200,6 +200,18 @@
             message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61730: During the TLS 1.3 handshake if multiple messages are sent in records  ...) (update to 1.24.12)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-25679: net/url: Incorrect parsing of IPv6 host literals in net/url) (update to 1.25.8)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped in html/template) (update to 1.25.8)"
+            severity="warning"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">
diff --git a/docs/multiple-tests/pattern-vulnerability-minor/results.xml b/docs/multiple-tests/pattern-vulnerability-minor/results.xml
@@ -1,5 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <checkstyle version="1.5">
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_minor"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-27139: os: FileInfo can escape from a Root in golang os module) (update to 1.25.8)"
+            severity="info"
+        />
+    </file>
+
     <file name="gradle/gradle.lockfile">
         <error
             source="vulnerability_minor"
