From 4db0c6319c428f94df99fefa9a0c34ca2439af68 Mon Sep 17 00:00:00 2001 From: mangoiv Date: Sat, 15 Jun 2024 20:42:10 +0200 Subject: [PATCH 1/2] [chore] README update --- README.md | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 8ec9ebe..6a5d0ba 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@
CI +

cabal-audit

@@ -31,11 +32,12 @@ You can also [download a static executable from one of the latest workflow runs] Run `cabal-audit` to scan your project for known vulnerabilities: ```console -λ cabal run cabal-audit -- --help +λ cabal-audit --help Welcome to cabal audit Usage: cabal-audit [(-p|--file-path FILEPATH) | (-r|--repository REPOSITORY)] - [--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH] + [--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH] + [-b|--no-color|--no-colour] [--fail-on-warning] audit your cabal projects for vulnerabilities @@ -49,31 +51,36 @@ Available options: -m,--json whether to format as json mapping package names to osvs that apply -o,--to-file FILEPATH specify a file to write to, instead of stdout + -b,--no-color,--no-colour + don't colour the output + --fail-on-warning Exits with an error code if any advisories are found + in the build plan ``` ```console -λ cabal run cabal-audit +λ cabal-audit trying to clone https://github.com/haskell/security-advisories -Cloning into '/tmp/cabal-audit-726d3e9345b766bc'... -remote: Enumerating objects: 172, done. -remote: Counting objects: 100% (172/172), done. -remote: Compressing objects: 100% (129/129), done. -remote: Total 172 (delta 6), reused 114 (delta 1), pack-reused 0 -Receiving objects: 100% (172/172), 116.55 KiB | 1.31 MiB/s, done. -Resolving deltas: 100% (6/6), done. +Cloning into '/tmp/cabal-audit3119166'... +remote: Enumerating objects: 183, done. +remote: Counting objects: 100% (183/183), done. +remote: Compressing objects: 100% (140/140), done. +remote: Total 183 (delta 5), reused 123 (delta 0), pack-reused 0 +Receiving objects: 100% (183/183), 131.50 KiB | 2.19 MiB/s, done. +Resolving deltas: 100% (5/5), done. + Found advisories: -dependency "base" at version 4.18.1.0 is vulnerable for: +dependency "base" at version 4.19.1.0 is vulnerable for: HSEC-2023-0007 "readFloat: memory exhaustion with large exponent" - published: 2024-04-23 12:43:30 +1000 + published: 2024-06-13 06:04:41 UTC https://haskell.github.io/security-advisories/advisory/HSEC-2023-0007 No fix version available toml, parser, dos -dependency "process" at version 1.6.17.0 is vulnerable for: +dependency "process" at version 1.6.18.0 is vulnerable for: HSEC-2024-0003 "process: command injection via argument list on Windows" - published: 2024-04-23 12:43:30 +1000 + published: 2024-06-13 06:04:41 UTC https://haskell.github.io/security-advisories/advisory/HSEC-2024-0003 Fix available since version 1.6.19.0 windows From 98e95449e072fa3d7ab8d4f2dcb2f3a2b4b1d6db Mon Sep 17 00:00:00 2001 From: mangoiv Date: Sat, 15 Jun 2024 20:57:11 +0200 Subject: [PATCH 2/2] [chore] adjust workflow names --- .github/workflows/cabal-audit.yml | 2 +- .github/workflows/haskell-ci.yml | 2 +- .github/workflows/update-lock-file.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cabal-audit.yml b/.github/workflows/cabal-audit.yml index 585183e..44ec4c2 100644 --- a/.github/workflows/cabal-audit.yml +++ b/.github/workflows/cabal-audit.yml @@ -1,4 +1,4 @@ -name: nix checks and build +name: nix build on: workflow_dispatch: diff --git a/.github/workflows/haskell-ci.yml b/.github/workflows/haskell-ci.yml index ae08c57..b199e14 100644 --- a/.github/workflows/haskell-ci.yml +++ b/.github/workflows/haskell-ci.yml @@ -1,4 +1,4 @@ -name: cabal-build cabal-audit +name: cabal build on: workflow_dispatch: diff --git a/.github/workflows/update-lock-file.yml b/.github/workflows/update-lock-file.yml index ffc6cd7..91b65c4 100644 --- a/.github/workflows/update-lock-file.yml +++ b/.github/workflows/update-lock-file.yml @@ -1,4 +1,4 @@ -name: update-flake-lock +name: update flake lock on: workflow_dispatch: