From 59de25f68c42811209a2ed3dc237465fc3d0f1ee Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Thu, 6 Jun 2024 08:43:46 +0000
Subject: [PATCH] Adding Advisory GHSA-v6mg-7f7p-qmqp for pombump (#5195)

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
---
 pombump.advisories.yaml | 74 +++++++++++++++++++++++++----------------
 1 file changed, 46 insertions(+), 28 deletions(-)

diff --git a/pombump.advisories.yaml b/pombump.advisories.yaml
index db1188b0b..50134f245 100644
--- a/pombump.advisories.yaml
+++ b/pombump.advisories.yaml
@@ -4,25 +4,23 @@ package:
   name: pombump
 
 advisories:
-  - id: CGA-cv3w-qqx7-wc25
+  - id: CGA-29r8-2q5f-v7hr
     aliases:
-      - CVE-2023-45288
-      - GHSA-4v7x-pqxf-cx7m
+      - CVE-2024-36127
+      - GHSA-v6mg-7f7p-qmqp
     events:
-      - timestamp: 2024-04-13T07:28:07Z
-        type: fixed
-        data:
-          fixed-version: 0.0.12-r1
-
-  - id: CGA-mm46-783r-22wr
-    aliases:
-      - CVE-2023-45289
-      - GHSA-32ch-6x54-q4h9
-    events:
-      - timestamp: 2024-03-12T09:17:04Z
-        type: fixed
+      - timestamp: 2024-06-06T08:19:21Z
+        type: detection
         data:
-          fixed-version: 0.0.11-r1
+          type: scan/v1
+          data:
+            subpackageName: pombump
+            componentID: 855e28bcf93d3db7
+            componentName: chainguard.dev/apko
+            componentVersion: v0.14.1-0.20240210120952-623f9b1c1ae1
+            componentType: go-module
+            componentLocation: /usr/bin/pombump
+            scanner: grype
 
   - id: CGA-5wg4-vh6x-p5ch
     aliases:
@@ -34,30 +32,30 @@ advisories:
         data:
           fixed-version: 0.0.11-r1
 
-  - id: CGA-vjr3-r974-q274
+  - id: CGA-99j4-xxf7-xv78
     aliases:
-      - CVE-2024-24783
-      - GHSA-3q2c-pvp5-3cqp
+      - CVE-2024-24785
+      - GHSA-j6m3-gc37-6r6q
     events:
-      - timestamp: 2024-03-12T09:17:04Z
+      - timestamp: 2024-03-12T09:17:05Z
         type: fixed
         data:
           fixed-version: 0.0.11-r1
 
-  - id: CGA-hmr9-cc47-4frq
+  - id: CGA-cv3w-qqx7-wc25
     aliases:
-      - CVE-2024-24784
-      - GHSA-fgq5-q76c-gx78
+      - CVE-2023-45288
+      - GHSA-4v7x-pqxf-cx7m
     events:
-      - timestamp: 2024-03-12T09:17:05Z
+      - timestamp: 2024-04-13T07:28:07Z
         type: fixed
         data:
-          fixed-version: 0.0.11-r1
+          fixed-version: 0.0.12-r1
 
-  - id: CGA-99j4-xxf7-xv78
+  - id: CGA-hmr9-cc47-4frq
     aliases:
-      - CVE-2024-24785
-      - GHSA-j6m3-gc37-6r6q
+      - CVE-2024-24784
+      - GHSA-fgq5-q76c-gx78
     events:
       - timestamp: 2024-03-12T09:17:05Z
         type: fixed
@@ -83,3 +81,23 @@ advisories:
         type: fixed
         data:
           fixed-version: 0.0.12-r2
+
+  - id: CGA-mm46-783r-22wr
+    aliases:
+      - CVE-2023-45289
+      - GHSA-32ch-6x54-q4h9
+    events:
+      - timestamp: 2024-03-12T09:17:04Z
+        type: fixed
+        data:
+          fixed-version: 0.0.11-r1
+
+  - id: CGA-vjr3-r974-q274
+    aliases:
+      - CVE-2024-24783
+      - GHSA-3q2c-pvp5-3cqp
+    events:
+      - timestamp: 2024-03-12T09:17:04Z
+        type: fixed
+        data:
+          fixed-version: 0.0.11-r1