chore(deps): bump github.com/codacy/codacy-engine-golang-seed/v6 from 6.4.5 to 6.4.6 (#207)

dependabot[bot] · afsmeira · web-flow · commit 366453a9d9f3 · 2025-11-04T09:25:52.000Z
* chore(deps): bump github.com/codacy/codacy-engine-golang-seed/v6 Bumps [github.com/codacy/codacy-engine-golang-seed/v6](https://github.com/codacy/codacy-engine-golang-seed) from 6.4.5 to 6.4.6. - [Commits](codacy/codacy-engine-golang-seed@v6.4.5...v6.4.6) --- updated-dependencies: - dependency-name: github.com/codacy/codacy-engine-golang-seed/v6 dependency-version: 6.4.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: Add new vulnerability to tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: André Meira <andre.meira@codacy.com>
diff --git a/docs/multiple-tests/pattern-vulnerability-high/results.xml b/docs/multiple-tests/pattern-vulnerability-high/results.xml
@@ -82,6 +82,42 @@
             message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47907: database/sql: Postgres Scan Race Condition) (update to 1.23.12)"
             severity="high"
         />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47912: The Parse function permits values other than IPv6 addresses to be incl ...) (update to 1.24.8)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58183: tar.Reader does not set a maximum size on the number of sparse region  ...) (update to 1.24.8)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58186: Despite HTTP headers having a default limit of 1MB, the number of cook ...) (update to 1.24.8)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58187: Due to the design of the name constraint checking algorithm, the proce ...) (update to 1.24.9)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58188: Validating certificate chains which contain DSA public keys can cause  ...) (update to 1.24.8)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61724: The Reader.ReadResponse function constructs a response string through  ...) (update to 1.24.8)"
+            severity="high"
+        />
     </file>
 
     <file name="javascript/package-lock.json">
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -128,6 +128,30 @@
             message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47906: os/exec: Unexpected paths returned from LookPath in os/exec) (update to 1.23.12)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58185: encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1) (update to 1.24.8)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58189: crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information) (update to 1.24.8)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61723: encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem) (update to 1.24.8)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61725: net/mail: Excessive CPU consumption in ParseAddress in net/mail) (update to 1.24.8)"
+            severity="warning"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/CycloneDX/cyclonedx-go v0.9.3
 	github.com/aquasecurity/trivy v0.67.2 // Also update .config.yml
 	github.com/aquasecurity/trivy-db v0.0.0-20250929072116-eba1ced2340a
-	github.com/codacy/codacy-engine-golang-seed/v6 v6.4.5
+	github.com/codacy/codacy-engine-golang-seed/v6 v6.4.6
 	github.com/google/go-cmp v0.7.0
 	github.com/package-url/packageurl-go v0.1.3
 	github.com/samber/lo v1.52.0
diff --git a/go.sum b/go.sum
@@ -299,8 +299,8 @@ github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv
 github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
 github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=
 github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc=
-github.com/codacy/codacy-engine-golang-seed/v6 v6.4.5 h1:Qm9xDfoPasTWGDnV4UbTJchFVRdMqbW1F7gPB/rpHGU=
-github.com/codacy/codacy-engine-golang-seed/v6 v6.4.5/go.mod h1:32aejWm0y7+Qcngg4sS1ZXQKmKSAjEsN6brHdfLF5lQ=
+github.com/codacy/codacy-engine-golang-seed/v6 v6.4.6 h1:EkwZBYPUiz9mzSmXf6wDYwItCgMJXpKjOBllCj7ysfQ=
+github.com/codacy/codacy-engine-golang-seed/v6 v6.4.6/go.mod h1:32aejWm0y7+Qcngg4sS1ZXQKmKSAjEsN6brHdfLF5lQ=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
