google · osv-robot · May 16, 2026
diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml
diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml
diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap
@@ -5999,8 +5999,8 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi
 [TestCommand_Transitive/requirements.txt_transitive_default - 1]
 Scanned <rootdir>/testdata/locks-requirements/requirements.txt file and found 3 packages
 
-Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
-23 vulnerabilities can be fixed.
+Total 5 packages affected by 24 known vulnerabilities (1 Critical, 10 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
+24 vulnerabilities can be fixed.
 
 +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
 | OSV URL                             | CVSS | ECOSYSTEM | PACKAGE  | VERSION | FIXED VERSION | SOURCE                                       |
@@ -6035,6 +6035,7 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me
 | https://osv.dev/GHSA-38jv-5279-wg99 | 8.9  | PyPI      | urllib3  | 1.24.3  | 2.6.3         | testdata/locks-requirements/requirements.txt |
 | https://osv.dev/GHSA-gm62-xv2j-4w53 | 8.9  | PyPI      | urllib3  | 1.24.3  | 2.6.0         | testdata/locks-requirements/requirements.txt |
 | https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3  | PyPI      | urllib3  | 1.24.3  | 2.5.0         | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-qccp-gfcp-xxvc | 8.2  | PyPI      | urllib3  | 1.24.3  | 2.7.0         | testdata/locks-requirements/requirements.txt |
 +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
 
 ---
@@ -6046,8 +6047,8 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me
 [TestCommand_Transitive/requirements.txt_transitive_native_source - 1]
 Scanned <rootdir>/testdata/locks-requirements/requirements.txt file and found 3 packages
 
-Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
-23 vulnerabilities can be fixed.
+Total 5 packages affected by 24 known vulnerabilities (1 Critical, 10 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
+24 vulnerabilities can be fixed.
 
 +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
 | OSV URL                             | CVSS | ECOSYSTEM | PACKAGE  | VERSION | FIXED VERSION | SOURCE                                       |
@@ -6082,6 +6083,7 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me
 | https://osv.dev/GHSA-38jv-5279-wg99 | 8.9  | PyPI      | urllib3  | 1.24.3  | 2.6.3         | testdata/locks-requirements/requirements.txt |
 | https://osv.dev/GHSA-gm62-xv2j-4w53 | 8.9  | PyPI      | urllib3  | 1.24.3  | 2.6.0         | testdata/locks-requirements/requirements.txt |
 | https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3  | PyPI      | urllib3  | 1.24.3  | 2.5.0         | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-qccp-gfcp-xxvc | 8.2  | PyPI      | urllib3  | 1.24.3  | 2.7.0         | testdata/locks-requirements/requirements.txt |
 +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
 
 ---