github.com/go-playground/webhooks/v6@v6.3.0/testdata/github/dependabot_alert.json (about) 1 { 2 "action": "dismissed", 3 "alert": { 4 "number": 1, 5 "state": "dismissed", 6 "dependency": { 7 "package": { 8 "ecosystem": "rust", 9 "name": "time" 10 }, 11 "manifest_path": "Cargo.lock", 12 "scope": "runtime" 13 }, 14 "security_advisory": { 15 "ghsa_id": "GHSA-wcg3-cvx6-7396", 16 "cve_id": "CVE-2020-26235", 17 "summary": "Segmentation fault in time", 18 "description": "### Impact\n\nUnix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.\n\nThe affected functions from time 0.2.7 through 0.2.22 are:\n\n- `time::UtcOffset::local_offset_at`\n- `time::UtcOffset::try_local_offset_at`\n- `time::UtcOffset::current_local_offset`\n- `time::UtcOffset::try_current_local_offset`\n- `time::OffsetDateTime::now_local`\n- `time::OffsetDateTime::try_now_local`\n\nThe affected functions in time 0.1 (all versions) are:\n\n- `at`\n- `at_utc`\n- `now`\n\nNon-Unix targets (including Windows and wasm) are unaffected.\n\n### Patches\n\nIn some versions of `time`, the internal method that determines the local offset has been modified to always return `None` on the affected operating systems. This has the effect of returning an `Err` on the `try_*` methods and `UTC` on the non-`try_*` methods. In later versions, `time` will attempt to determine the number of threads running in the process. If the process is single-threaded, the call will proceed as its safety invariant is upheld.\n\nUsers and library authors with time in their dependency tree must perform `cargo update`, which will pull in the updated, unaffected code.\n\nUsers of time 0.1 do not have a patch and must upgrade to an unaffected version: time 0.2.23 or greater or the 0.3 series.\n\n### Workarounds\n\nLibrary authors must ensure that the program only has one running thread at the time of calling any affected method. Binary authors may do the same and/or ensure that no other thread is actively mutating the environment.\n\n### References\n\n[time-rs/time#293](https://github.com/time-rs/time/issues/293).", 19 "severity": "medium", 20 "identifiers": [ 21 { 22 "value": "GHSA-wcg3-cvx6-7396", 23 "type": "GHSA" 24 }, 25 { 26 "value": "CVE-2020-26235", 27 "type": "CVE" 28 } 29 ], 30 "references": [ 31 { 32 "url": "https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396" 33 }, 34 { 35 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26235" 36 }, 37 { 38 "url": "https://github.com/time-rs/time/issues/293" 39 }, 40 { 41 "url": "https://rustsec.org/advisories/RUSTSEC-2020-0071.html" 42 }, 43 { 44 "url": "https://crates.io/crates/time/0.2.23" 45 }, 46 { 47 "url": "https://github.com/advisories/GHSA-wcg3-cvx6-7396" 48 } 49 ], 50 "published_at": "2021-08-25T20:56:46Z", 51 "updated_at": "2023-01-09T05:01:06Z", 52 "withdrawn_at": null, 53 "vulnerabilities": [ 54 { 55 "package": { 56 "ecosystem": "rust", 57 "name": "time" 58 }, 59 "severity": "medium", 60 "vulnerable_version_range": ">= 0.2.7, < 0.2.23", 61 "first_patched_version": { 62 "identifier": "0.2.23" 63 } 64 }, 65 { 66 "package": { 67 "ecosystem": "rust", 68 "name": "time" 69 }, 70 "severity": "medium", 71 "vulnerable_version_range": ">= 0.1, < 0.2", 72 "first_patched_version": null 73 } 74 ], 75 "cvss": { 76 "vector_string": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", 77 "score": 6.2 78 }, 79 "cwes": [ 80 { 81 "cwe_id": "CWE-476", 82 "name": "NULL Pointer Dereference" 83 } 84 ] 85 }, 86 "security_vulnerability": { 87 "package": { 88 "ecosystem": "rust", 89 "name": "time" 90 }, 91 "severity": "medium", 92 "vulnerable_version_range": ">= 0.1, < 0.2", 93 "first_patched_version": null 94 }, 95 "url": "https://api.github.com/repos/github/sample-app-rs/dependabot/alerts/1", 96 "html_url": "https://github.com/github/sample-app-rs/security/dependabot/1", 97 "created_at": "2022-12-29T13:50:06Z", 98 "updated_at": "2023-01-24T01:22:27Z", 99 "dismissed_at": "2023-01-24T01:22:27Z", 100 "dismissed_by": { 101 "login": "github", 102 "id": 54711422, 103 "node_id": "MDQ6VXNlcjU0NzExNDIy", 104 "avatar_url": "https://avatars.githubusercontent.com/u/54711422?v=4", 105 "gravatar_id": "", 106 "url": "https://api.github.com/users/github", 107 "html_url": "https://github.com/github", 108 "followers_url": "https://api.github.com/users/github/followers", 109 "following_url": "https://api.github.com/users/github/following{/other_user}", 110 "gists_url": "https://api.github.com/users/github/gists{/gist_id}", 111 "starred_url": "https://api.github.com/users/github/starred{/owner}{/repo}", 112 "subscriptions_url": "https://api.github.com/users/github/subscriptions", 113 "organizations_url": "https://api.github.com/users/github/orgs", 114 "repos_url": "https://api.github.com/users/github/repos", 115 "events_url": "https://api.github.com/users/github/events{/privacy}", 116 "received_events_url": "https://api.github.com/users/github/received_events", 117 "type": "User", 118 "site_admin": false 119 }, 120 "dismissed_reason": "not_used", 121 "dismissed_comment": null, 122 "fixed_at": null 123 }, 124 "repository": { 125 "id": 581005466, 126 "node_id": "R_kgDOIqFwmg", 127 "name": "sample-app-rs", 128 "full_name": "github/sample-app-rs", 129 "private": false, 130 "owner": { 131 "login": "github", 132 "id": 54711422, 133 "node_id": "MDQ6VXNlcjU0NzExNDIy", 134 "avatar_url": "https://avatars.githubusercontent.com/u/54711422?v=4", 135 "gravatar_id": "", 136 "url": "https://api.github.com/users/github", 137 "html_url": "https://github.com/github", 138 "followers_url": "https://api.github.com/users/github/followers", 139 "following_url": "https://api.github.com/users/github/following{/other_user}", 140 "gists_url": "https://api.github.com/users/github/gists{/gist_id}", 141 "starred_url": "https://api.github.com/users/github/starred{/owner}{/repo}", 142 "subscriptions_url": "https://api.github.com/users/github/subscriptions", 143 "organizations_url": "https://api.github.com/users/github/orgs", 144 "repos_url": "https://api.github.com/users/github/repos", 145 "events_url": "https://api.github.com/users/github/events{/privacy}", 146 "received_events_url": "https://api.github.com/users/github/received_events", 147 "type": "User", 148 "site_admin": false 149 }, 150 "html_url": "https://github.com/github/sample-app-rs", 151 "description": "server side implementation of todo app", 152 "fork": false, 153 "url": "https://api.github.com/repos/github/sample-app-rs", 154 "forks_url": "https://api.github.com/repos/github/sample-app-rs/forks", 155 "keys_url": "https://api.github.com/repos/github/sample-app-rs/keys{/key_id}", 156 "collaborators_url": "https://api.github.com/repos/github/sample-app-rs/collaborators{/collaborator}", 157 "teams_url": "https://api.github.com/repos/github/sample-app-rs/teams", 158 "hooks_url": "https://api.github.com/repos/github/sample-app-rs/hooks", 159 "issue_events_url": "https://api.github.com/repos/github/sample-app-rs/issues/events{/number}", 160 "events_url": "https://api.github.com/repos/github/sample-app-rs/events", 161 "assignees_url": "https://api.github.com/repos/github/sample-app-rs/assignees{/user}", 162 "branches_url": "https://api.github.com/repos/github/sample-app-rs/branches{/branch}", 163 "tags_url": "https://api.github.com/repos/github/sample-app-rs/tags", 164 "blobs_url": "https://api.github.com/repos/github/sample-app-rs/git/blobs{/sha}", 165 "git_tags_url": "https://api.github.com/repos/github/sample-app-rs/git/tags{/sha}", 166 "git_refs_url": "https://api.github.com/repos/github/sample-app-rs/git/refs{/sha}", 167 "trees_url": "https://api.github.com/repos/github/sample-app-rs/git/trees{/sha}", 168 "statuses_url": "https://api.github.com/repos/github/sample-app-rs/statuses/{sha}", 169 "languages_url": "https://api.github.com/repos/github/sample-app-rs/languages", 170 "stargazers_url": "https://api.github.com/repos/github/sample-app-rs/stargazers", 171 "contributors_url": "https://api.github.com/repos/github/sample-app-rs/contributors", 172 "subscribers_url": "https://api.github.com/repos/github/sample-app-rs/subscribers", 173 "subscription_url": "https://api.github.com/repos/github/sample-app-rs/subscription", 174 "commits_url": "https://api.github.com/repos/github/sample-app-rs/commits{/sha}", 175 "git_commits_url": "https://api.github.com/repos/github/sample-app-rs/git/commits{/sha}", 176 "comments_url": "https://api.github.com/repos/github/sample-app-rs/comments{/number}", 177 "issue_comment_url": "https://api.github.com/repos/github/sample-app-rs/issues/comments{/number}", 178 "contents_url": "https://api.github.com/repos/github/sample-app-rs/contents/{+path}", 179 "compare_url": "https://api.github.com/repos/github/sample-app-rs/compare/{base}...{head}", 180 "merges_url": "https://api.github.com/repos/github/sample-app-rs/merges", 181 "archive_url": "https://api.github.com/repos/github/sample-app-rs/{archive_format}{/ref}", 182 "downloads_url": "https://api.github.com/repos/github/sample-app-rs/downloads", 183 "issues_url": "https://api.github.com/repos/github/sample-app-rs/issues{/number}", 184 "pulls_url": "https://api.github.com/repos/github/sample-app-rs/pulls{/number}", 185 "milestones_url": "https://api.github.com/repos/github/sample-app-rs/milestones{/number}", 186 "notifications_url": "https://api.github.com/repos/github/sample-app-rs/notifications{?since,all,participating}", 187 "labels_url": "https://api.github.com/repos/github/sample-app-rs/labels{/name}", 188 "releases_url": "https://api.github.com/repos/github/sample-app-rs/releases{/id}", 189 "deployments_url": "https://api.github.com/repos/github/sample-app-rs/deployments", 190 "created_at": "2022-12-22T02:42:56Z", 191 "updated_at": "2022-12-29T11:58:28Z", 192 "pushed_at": "2023-01-24T00:57:10Z", 193 "git_url": "git://github.com/github/sample-app-rs.git", 194 "ssh_url": "git@github.com:github/sample-app-rs.git", 195 "clone_url": "https://github.com/github/sample-app-rs.git", 196 "svn_url": "https://github.com/github/sample-app-rs", 197 "homepage": null, 198 "size": 136, 199 "stargazers_count": 0, 200 "watchers_count": 0, 201 "language": "Rust", 202 "has_issues": true, 203 "has_projects": true, 204 "has_downloads": true, 205 "has_wiki": true, 206 "has_pages": false, 207 "has_discussions": false, 208 "forks_count": 0, 209 "mirror_url": null, 210 "archived": false, 211 "disabled": false, 212 "open_issues_count": 0, 213 "license": { 214 "key": "mit", 215 "name": "MIT License", 216 "spdx_id": "MIT", 217 "url": "https://api.github.com/licenses/mit", 218 "node_id": "MDc6TGljZW5zZTEz" 219 }, 220 "allow_forking": true, 221 "is_template": false, 222 "web_commit_signoff_required": false, 223 "topics": [], 224 "visibility": "public", 225 "forks": 0, 226 "open_issues": 0, 227 "watchers": 0, 228 "default_branch": "main" 229 }, 230 "sender": { 231 "login": "github", 232 "id": 54711422, 233 "node_id": "MDQ6VXNlcjU0NzExNDIy", 234 "avatar_url": "https://avatars.githubusercontent.com/u/54711422?v=4", 235 "gravatar_id": "", 236 "url": "https://api.github.com/users/github", 237 "html_url": "https://github.com/github", 238 "followers_url": "https://api.github.com/users/github/followers", 239 "following_url": "https://api.github.com/users/github/following{/other_user}", 240 "gists_url": "https://api.github.com/users/github/gists{/gist_id}", 241 "starred_url": "https://api.github.com/users/github/starred{/owner}{/repo}", 242 "subscriptions_url": "https://api.github.com/users/github/subscriptions", 243 "organizations_url": "https://api.github.com/users/github/orgs", 244 "repos_url": "https://api.github.com/users/github/repos", 245 "events_url": "https://api.github.com/users/github/events{/privacy}", 246 "received_events_url": "https://api.github.com/users/github/received_events", 247 "type": "User", 248 "site_admin": false 249 } 250 }