Bump version in master

Signed-off-by: GitHub <noreply@github.com>

.github/pr-title-checker-config.json

@@ -0,0 +1,15 @@
+{
+    "LABEL": {
+      "name": "title needs formatting",
+      "color": "EEEEEE"
+    },
+    "CHECKS": {
+      "prefixes": ["[Bot] docs: "],
+      "regexp": "^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
+    },
+    "MESSAGES": {
+      "success": "PR title is valid",
+      "failure": "PR title is invalid",
+      "notice": "PR Title needs to pass regex '^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
+    }
+  }

.github/pull_request_template.md

@@ -6,6 +6,7 @@ Checklist:
 
 * [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
 * [ ] The title of the PR states what changed and the related issues number (used for the release note).
+* [ ] The title of the PR conforms to the [Toolchain Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/toolchain-guide/#title-of-the-pr)
 * [ ] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
 * [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
 * [ ] Does this PR require documentation updates?

.github/workflows/ci-build.yaml

@@ -427,7 +427,7 @@ jobs:
         run: |
           docker pull ghcr.io/dexidp/dex:v2.36.0
           docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.0.9-alpine
+          docker pull redis:7.0.11-alpine
       - name: Create target directory for binaries in the build-process
         run: |
           mkdir -p dist

.github/workflows/image.yaml

@@ -77,8 +77,9 @@ jobs:
       ghcr_username: ${{ github.actor }}
       ghcr_password: ${{ secrets.GITHUB_TOKEN }}
 
-  build-and-publish-provenance:
-    needs: [build-and-publish]
+  build-and-publish-provenance: # Push attestations to GHCR, latest image is polluting quay.io
+    needs:
+      - build-and-publish
     permissions:
       actions: read # for detecting the Github Actions environment.
       id-token: write # for creating OIDC tokens for signing.
@@ -87,11 +88,11 @@ jobs:
     # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0
     with:
-      image: quay.io/argoproj/argocd
+      image: ghcr.io/argoproj/argo-cd/argocd
       digest: ${{ needs.build-and-publish.outputs.image-digest }}
+      registry-username: ${{ github.actor }}
     secrets:
-      registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
+      registry-password: ${{ secrets.GITHUB_TOKEN }}
 
   Deploy:
     needs:

.github/workflows/pr-title-check.yml

@@ -2,15 +2,11 @@ name: "Lint PR"
 
 on:
   pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
+    types: [opened, edited, reopened, synchronize]
 
 # IMPORTANT: No checkout actions, scripts, or builds should be added to this workflow. Permissions should always be used
-# with extreme caution.
-permissions:
-  contents: read
+# with extreme caution. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+permissions: {}
 
 # PR updates can happen in quick succession leading to this
 # workflow being trigger a number of times. This limits it
@@ -18,24 +14,16 @@ permissions:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
 
+
 jobs:
-  main:
+  validate:
     permissions:
-      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
-      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
-    name: Validate PR title
+      contents: read
+      pull-requests: read
+    name: Validate PR Title
     runs-on: ubuntu-latest
     steps:
-      # IMPORTANT: Carefully review changes when updating this action. Using the pull_request_target event requires caution.
-      - uses: amannn/action-semantic-pull-request@b6bca70dcd3e56e896605356ce09b76f7e1e0d39 # v5.1.0
+      - uses: thehanimo/pr-title-checker@cdafc664bf9b25678d4e6df76ff67b2fe21bb5d2 # v1.3.7
         with:
-          types: |
-            feat
-            fix
-            docs
-            test
-            ci
-            chore
-            [Bot] docs
-        env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          configuration_path: ".github/pr-title-checker-config.json"

.github/workflows/scorecard.yaml

@@ -35,7 +35,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
         with:
           results_file: results.sarif
           results_format: sarif

.goreleaser.yaml

@@ -32,7 +32,7 @@ builds:
     ignore:
       - goos: darwin
         goarch: s390x
-      - goos: darmwin
+      - goos: darwin
         goarch: ppc64le
       - goos: windows
         goarch: s390x

Makefile

@@ -146,7 +146,8 @@ override LDFLAGS += \
   -X ${PACKAGE}.buildDate=${BUILD_DATE} \
   -X ${PACKAGE}.gitCommit=${GIT_COMMIT} \
   -X ${PACKAGE}.gitTreeState=${GIT_TREE_STATE}\
-  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}
+  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}\
+  -X "${PACKAGE}.extraBuildInfo=${EXTRA_BUILD_INFO}"
 
 ifeq (${STATIC_BUILD}, true)
 override LDFLAGS += -extldflags "-static"

Procfile

@@ -8,5 +8,5 @@ ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
 dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}
-applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_ASK_PASS_SOCK=/tmp/applicationset-ask-pass.sock ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug"
+applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
+notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug"

README.md

@@ -1,6 +1,7 @@
 **Releases:**
 [![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-cd)](https://artifacthub.io/packages/helm/argo/argo-cd)
+[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
 
 **Code:** 
 [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)

USERS.md

@@ -14,6 +14,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Adyen](https://www.adyen.com)
 1. [AirQo](https://airqo.net/)
 1. [Akuity](https://akuity.io/)
+1. [Albert Heijn](https://ah.nl/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
 1. [Allianz Direct](https://www.allianzdirect.de/)
 1. [Amadeus IT Group](https://amadeus.com/)
@@ -125,6 +126,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Karrot](https://www.daangn.com/)
 1. [Kasa](https://kasa.co.kr/)
 1. [Keeeb](https://www.keeeb.com/)
+1. [KelkooGroup](https://www.kelkoogroup.com)
 1. [Keptn](https://keptn.sh)
 1. [Kinguin](https://www.kinguin.net/)
 1. [KintoHub](https://www.kintohub.com/)
@@ -137,6 +139,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Lightricks](https://www.lightricks.com/)
 1. [LINE](https://linecorp.com/en/)
 1. [Loom](https://www.loom.com/)
+1. [Lucid Motors](https://www.lucidmotors.com/)
 1. [Lytt](https://www.lytt.co/)
 1. [Magic Leap](https://www.magicleap.com/)
 1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
@@ -151,6 +154,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Metanet](http://www.metanet.co.kr/en/)
 1. [MindSpore](https://mindspore.cn)
 1. [Mirantis](https://mirantis.com/)
+1. [Mission Lane](https://missionlane.com)
 1. [mixi Group](https://mixi.co.jp/)
 1. [Moengage](https://www.moengage.com/)
 1. [Money Forward](https://corp.moneyforward.com/en/)
@@ -192,6 +196,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Polarpoint.io](https://polarpoint.io)
 1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
+1. [Previder BV](https://previder.nl)
 1. [Productboard](https://www.productboard.com/)
 1. [Prudential](https://prudential.com.sg)
 1. [PUBG](https://www.pubg.com)

VERSION

@@ -1 +1 @@
-2.6.0
+2.8.0

applicationset/controllers/applicationset_controller.go

@@ -17,6 +17,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"time"
 
 	log "github.com/sirupsen/logrus"
@@ -29,9 +30,12 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
@@ -514,7 +518,7 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov
 	return res, applicationSetReason, firstError
 }
 
-func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager) error {
+func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProgressiveSyncs bool) error {
 	if err := mgr.GetFieldIndexer().IndexField(context.TODO(), &argov1alpha1.Application{}, ".metadata.controller", func(rawObj client.Object) []string {
 		// grab the job object, extract the owner...
 		app := rawObj.(*argov1alpha1.Application)
@@ -533,9 +537,11 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		return fmt.Errorf("error setting up with manager: %w", err)
 	}
 
+	ownsHandler := getOwnsHandlerPredicates(enableProgressiveSyncs)
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&argov1alpha1.ApplicationSet{}).
-		Owns(&argov1alpha1.Application{}).
+		Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)).
 		Watches(
 			&source.Kind{Type: &corev1.Secret{}},
 			&clusterSecretEventHandler{
@@ -1320,4 +1326,73 @@ func syncApplication(application argov1alpha1.Application, prune bool) (argov1al
 	return application, nil
 }
 
+func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs {
+	return predicate.Funcs{
+		CreateFunc: func(e event.CreateEvent) bool {
+			// if we are the owner and there is a create event, we most likely created it and do not need to
+			// re-reconcile
+			log.Debugln("received create event from owning an application")
+			return false
+		},
+		DeleteFunc: func(e event.DeleteEvent) bool {
+			log.Debugln("received delete event from owning an application")
+			return true
+		},
+		UpdateFunc: func(e event.UpdateEvent) bool {
+			log.Debugln("received update event from owning an application")
+			appOld, isApp := e.ObjectOld.(*argov1alpha1.Application)
+			if !isApp {
+				return false
+			}
+			appNew, isApp := e.ObjectNew.(*argov1alpha1.Application)
+			if !isApp {
+				return false
+			}
+			requeue := shouldRequeueApplicationSet(appOld, appNew, enableProgressiveSyncs)
+			log.Debugf("requeue: %t caused by application %s", requeue, appNew.Name)
+			return requeue
+		},
+		GenericFunc: func(e event.GenericEvent) bool {
+			log.Debugln("received generic event from owning an application")
+			return true
+		},
+	}
+}
+
+// shouldRequeueApplicationSet determines when we want to requeue an ApplicationSet for reconciling based on an owned
+// application change
+// The applicationset controller owns a subset of the Application CR.
+// We do not need to re-reconcile if parts of the application change outside the applicationset's control.
+// An example being, Application.ApplicationStatus.ReconciledAt which gets updated by the application controller.
+// Additionally, Application.ObjectMeta.ResourceVersion and Application.ObjectMeta.Generation which are set by K8s.
+func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool {
+	if appOld == nil || appNew == nil {
+		return false
+	}
+
+	// the applicationset controller owns the application spec, labels, annotations, and finalizers on the applications
+	if !reflect.DeepEqual(appOld.Spec, appNew.Spec) ||
+		!reflect.DeepEqual(appOld.ObjectMeta.GetAnnotations(), appNew.ObjectMeta.GetAnnotations()) ||
+		!reflect.DeepEqual(appOld.ObjectMeta.GetLabels(), appNew.ObjectMeta.GetLabels()) ||
+		!reflect.DeepEqual(appOld.ObjectMeta.GetFinalizers(), appNew.ObjectMeta.GetFinalizers()) {
+		return true
+	}
+
+	// progressive syncs use the application status for updates. if they differ, requeue to trigger the next progression
+	if enableProgressiveSyncs {
+		if appOld.Status.Health.Status != appNew.Status.Health.Status || appOld.Status.Sync.Status != appNew.Status.Sync.Status {
+			return true
+		}
+
+		if appOld.Status.OperationState != nil && appNew.Status.OperationState != nil {
+			if appOld.Status.OperationState.Phase != appNew.Status.OperationState.Phase ||
+				appOld.Status.OperationState.StartedAt != appNew.Status.OperationState.StartedAt {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
 var _ handler.EventHandler = &clusterSecretEventHandler{}

applicationset/controllers/applicationset_controller_test.go

@@ -24,6 +24,7 @@ import (
 	crtclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/event"
 
 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
 	"github.com/argoproj/argo-cd/v2/applicationset/utils"
@@ -4906,3 +4907,133 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) {
 		})
 	}
 }
+
+func TestOwnsHandler(t *testing.T) {
+	// progressive syncs do not affect create, delete, or generic
+	ownsHandler := getOwnsHandlerPredicates(true)
+	assert.False(t, ownsHandler.CreateFunc(event.CreateEvent{}))
+	assert.True(t, ownsHandler.DeleteFunc(event.DeleteEvent{}))
+	assert.True(t, ownsHandler.GenericFunc(event.GenericEvent{}))
+	ownsHandler = getOwnsHandlerPredicates(false)
+	assert.False(t, ownsHandler.CreateFunc(event.CreateEvent{}))
+	assert.True(t, ownsHandler.DeleteFunc(event.DeleteEvent{}))
+	assert.True(t, ownsHandler.GenericFunc(event.GenericEvent{}))
+
+	now := metav1.Now()
+	type args struct {
+		e                      event.UpdateEvent
+		enableProgressiveSyncs bool
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{name: "SameApplicationReconciledAtDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ReconciledAt: &now}},
+			ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ReconciledAt: &now}},
+		}}, want: false},
+		{name: "SameApplicationResourceVersionDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{
+				ResourceVersion: "foo",
+			}},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{
+				ResourceVersion: "bar",
+			}},
+		}}, want: false},
+		{name: "ApplicationHealthStatusDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				Health: v1alpha1.HealthStatus{
+					Status: "Unknown",
+				},
+			}},
+			ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				Health: v1alpha1.HealthStatus{
+					Status: "Healthy",
+				},
+			}},
+		},
+			enableProgressiveSyncs: true,
+		}, want: true},
+		{name: "ApplicationSyncStatusDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				Sync: v1alpha1.SyncStatus{
+					Status: "OutOfSync",
+				},
+			}},
+			ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				Sync: v1alpha1.SyncStatus{
+					Status: "Synced",
+				},
+			}},
+		},
+			enableProgressiveSyncs: true,
+		}, want: true},
+		{name: "ApplicationOperationStateDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				OperationState: &v1alpha1.OperationState{
+					Phase: "foo",
+				},
+			}},
+			ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				OperationState: &v1alpha1.OperationState{
+					Phase: "bar",
+				},
+			}},
+		},
+			enableProgressiveSyncs: true,
+		}, want: true},
+		{name: "ApplicationOperationStartedAtDiff", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				OperationState: &v1alpha1.OperationState{
+					StartedAt: now,
+				},
+			}},
+			ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{
+				OperationState: &v1alpha1.OperationState{
+					StartedAt: metav1.NewTime(now.Add(time.Minute * 1)),
+				},
+			}},
+		},
+			enableProgressiveSyncs: true,
+		}, want: true},
+		{name: "SameApplicationGeneration", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{
+				Generation: 1,
+			}},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{
+				Generation: 2,
+			}},
+		}}, want: false},
+		{name: "DifferentApplicationSpec", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{Spec: v1alpha1.ApplicationSpec{Project: "default"}},
+			ObjectNew: &v1alpha1.Application{Spec: v1alpha1.ApplicationSpec{Project: "not-default"}},
+		}}, want: true},
+		{name: "DifferentApplicationLabels", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"foo": "bar"}}},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"bar": "foo"}}},
+		}}, want: true},
+		{name: "DifferentApplicationAnnotations", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{"foo": "bar"}}},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{"bar": "foo"}}},
+		}}, want: true},
+		{name: "DifferentApplicationFinalizers", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{"argo"}}},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{"none"}}},
+		}}, want: true},
+		{name: "NotAnAppOld", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.AppProject{},
+			ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"bar": "foo"}}},
+		}}, want: false},
+		{name: "NotAnAppNew", args: args{e: event.UpdateEvent{
+			ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"foo": "bar"}}},
+			ObjectNew: &v1alpha1.AppProject{},
+		}}, want: false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ownsHandler = getOwnsHandlerPredicates(tt.args.enableProgressiveSyncs)
+			assert.Equalf(t, tt.want, ownsHandler.UpdateFunc(tt.args.e), "UpdateFunc(%v)", tt.args.e)
+		})
+	}
+}

applicationset/controllers/clustereventhandler.go

@@ -139,7 +139,11 @@ func nestedGeneratorHasClusterGenerator(nested argoprojiov1alpha1.ApplicationSet
 			return false, fmt.Errorf("unable to get nested matrix generator: %w", err)
 		}
 		if nestedMatrix != nil {
-			return nestedGeneratorsHaveClusterGenerator(nestedMatrix.ToMatrixGenerator().Generators)
+			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMatrix.ToMatrixGenerator().Generators)
+			if err != nil {
+				return false, fmt.Errorf("error evaluating nested matrix generator: %w", err)
+			}
+			return hasClusterGenerator, nil
 		}
 	}
 
@@ -149,7 +153,11 @@ func nestedGeneratorHasClusterGenerator(nested argoprojiov1alpha1.ApplicationSet
 			return false, fmt.Errorf("unable to get nested merge generator: %w", err)
 		}
 		if nestedMerge != nil {
-			return nestedGeneratorsHaveClusterGenerator(nestedMerge.ToMergeGenerator().Generators)
+			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMerge.ToMergeGenerator().Generators)
+			if err != nil {
+				return false, fmt.Errorf("error evaluating nested merge generator: %w", err)
+			}
+			return hasClusterGenerator, nil
 		}
 	}
 

applicationset/controllers/clustereventhandler_test.go

@@ -573,3 +573,68 @@ type mockAddRateLimitingInterface struct {
 	errorOccurred bool
 	addedItems    []ctrl.Request
 }
+
+func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) {
+	nested := argov1alpha1.ApplicationSetNestedGenerator{
+		Clusters: &argov1alpha1.ClusterGenerator{},
+	}
+
+	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
+
+	assert.Nil(t, err)
+	assert.True(t, hasClusterGenerator)
+}
+
+func TestNestedGeneratorHasClusterGenerator_NestedMergeGenerator(t *testing.T) {
+	nested := argov1alpha1.ApplicationSetNestedGenerator{
+		Merge: &apiextensionsv1.JSON{
+			Raw: []byte(
+				`{
+					"generators": [
+					  {
+						"clusters": {
+						  "selector": {
+							"matchLabels": {
+							  "argocd.argoproj.io/secret-type": "cluster"
+							}
+						  }
+						}
+					  }
+					]
+				  }`,
+			),
+		},
+	}
+
+	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
+
+	assert.Nil(t, err)
+	assert.True(t, hasClusterGenerator)
+}
+
+func TestNestedGeneratorHasClusterGenerator_NestedMergeGeneratorWithInvalidJSON(t *testing.T) {
+	nested := argov1alpha1.ApplicationSetNestedGenerator{
+		Merge: &apiextensionsv1.JSON{
+			Raw: []byte(
+				`{
+					"generators": [
+					  {
+						"clusters": {
+						  "selector": {
+							"matchLabels": {
+							  "argocd.argoproj.io/secret-type": "cluster"
+							}
+						  }
+						}
+					  }
+					]
+				  `,
+			),
+		},
+	}
+
+	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
+
+	assert.NotNil(t, err)
+	assert.False(t, hasClusterGenerator)
+}

applicationset/controllers/requeue_after_test.go

@@ -6,9 +6,9 @@ import (
 	"time"
 
 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
 	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -20,7 +20,7 @@ import (
 )
 
 func TestRequeueAfter(t *testing.T) {
-	mockServer := argoCDServiceMock{}
+	mockServer := &mocks.Repos{}
 	ctx := context.Background()
 	scheme := runtime.NewScheme()
 	err := argov1alpha1.AddToScheme(scheme)
@@ -150,30 +150,3 @@ func TestRequeueAfter(t *testing.T) {
 		})
 	}
 }
-
-type argoCDServiceMock struct {
-	mock *mock.Mock
-}
-
-func (a argoCDServiceMock) GetApps(ctx context.Context, repoURL string, revision string) ([]string, error) {
-	args := a.mock.Called(ctx, repoURL, revision)
-
-	return args.Get(0).([]string), args.Error(1)
-}
-
-func (a argoCDServiceMock) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
-	args := a.mock.Called(ctx, repoURL, revision, pattern)
-
-	return args.Get(0).(map[string][]byte), args.Error(1)
-}
-
-func (a argoCDServiceMock) GetFileContent(ctx context.Context, repoURL string, revision string, path string) ([]byte, error) {
-	args := a.mock.Called(ctx, repoURL, revision, path)
-
-	return args.Get(0).([]byte), args.Error(1)
-}
-
-func (a argoCDServiceMock) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
-	args := a.mock.Called(ctx, repoURL, revision)
-	return args.Get(0).([]string), args.Error(1)
-}

applicationset/generators/generator_spec_processor_test.go

@@ -4,13 +4,13 @@ import (
 	"context"
 	"testing"
 
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	testutils "github.com/argoproj/argo-cd/v2/applicationset/utils/test"
 	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 
 	"github.com/stretchr/testify/mock"
@@ -19,8 +19,6 @@ import (
 	kubefake "k8s.io/client-go/kubernetes/fake"
 	crtclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
 func TestMatchValues(t *testing.T) {
@@ -71,16 +69,16 @@ func TestMatchValues(t *testing.T) {
 				"List": listGenerator,
 			}
 
-			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
+			applicationSetInfo := argov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
 				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{},
+				Spec: argov1alpha1.ApplicationSetSpec{},
 			}
 
-			results, err := Transform(argoprojiov1alpha1.ApplicationSetGenerator{
+			results, err := Transform(argov1alpha1.ApplicationSetGenerator{
 				Selector: testCase.selector,
-				List: &argoprojiov1alpha1.ListGenerator{
+				List: &argov1alpha1.ListGenerator{
 					Elements: testCase.elements,
 					Template: emptyTemplate(),
 				}},
@@ -94,8 +92,8 @@ func TestMatchValues(t *testing.T) {
 	}
 }
 
-func emptyTemplate() argoprojiov1alpha1.ApplicationSetTemplate {
-	return argoprojiov1alpha1.ApplicationSetTemplate{
+func emptyTemplate() argov1alpha1.ApplicationSetTemplate {
+	return argov1alpha1.ApplicationSetTemplate{
 		Spec: argov1alpha1.ApplicationSpec{
 			Project: "project",
 		},
@@ -161,9 +159,9 @@ func getMockClusterGenerator() Generator {
 }
 
 func getMockGitGenerator() Generator {
-	argoCDServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
-	argoCDServiceMock.Mock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return([]string{"app1", "app2", "app_3", "p1/app4"}, nil)
-	var gitGenerator = NewGitGenerator(argoCDServiceMock)
+	argoCDServiceMock := mocks.Repos{}
+	argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return([]string{"app1", "app2", "app_3", "p1/app4"}, nil)
+	var gitGenerator = NewGitGenerator(&argoCDServiceMock)
 	return gitGenerator
 }
 
@@ -178,8 +176,8 @@ func TestGetRelevantGenerators(t *testing.T) {
 	testGenerators["Merge"] = NewMergeGenerator(testGenerators)
 	testGenerators["List"] = NewListGenerator()
 
-	requestedGenerator := &argoprojiov1alpha1.ApplicationSetGenerator{
-		List: &argoprojiov1alpha1.ListGenerator{
+	requestedGenerator := &argov1alpha1.ApplicationSetGenerator{
+		List: &argov1alpha1.ListGenerator{
 			Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}},
 		}}
 
@@ -187,10 +185,10 @@ func TestGetRelevantGenerators(t *testing.T) {
 	assert.Len(t, relevantGenerators, 1)
 	assert.IsType(t, &ListGenerator{}, relevantGenerators[0])
 
-	requestedGenerator = &argoprojiov1alpha1.ApplicationSetGenerator{
-		Clusters: &argoprojiov1alpha1.ClusterGenerator{
+	requestedGenerator = &argov1alpha1.ApplicationSetGenerator{
+		Clusters: &argov1alpha1.ClusterGenerator{
 			Selector: metav1.LabelSelector{},
-			Template: argoprojiov1alpha1.ApplicationSetTemplate{},
+			Template: argov1alpha1.ApplicationSetTemplate{},
 			Values:   nil,
 		},
 	}
@@ -199,14 +197,14 @@ func TestGetRelevantGenerators(t *testing.T) {
 	assert.Len(t, relevantGenerators, 1)
 	assert.IsType(t, &ClusterGenerator{}, relevantGenerators[0])
 
-	requestedGenerator = &argoprojiov1alpha1.ApplicationSetGenerator{
-		Git: &argoprojiov1alpha1.GitGenerator{
+	requestedGenerator = &argov1alpha1.ApplicationSetGenerator{
+		Git: &argov1alpha1.GitGenerator{
 			RepoURL:             "",
 			Directories:         nil,
 			Files:               nil,
 			Revision:            "",
 			RequeueAfterSeconds: nil,
-			Template:            argoprojiov1alpha1.ApplicationSetTemplate{},
+			Template:            argov1alpha1.ApplicationSetTemplate{},
 		},
 	}
 
@@ -216,8 +214,8 @@ func TestGetRelevantGenerators(t *testing.T) {
 }
 
 func TestInterpolateGenerator(t *testing.T) {
-	requestedGenerator := &argoprojiov1alpha1.ApplicationSetGenerator{
-		Clusters: &argoprojiov1alpha1.ClusterGenerator{
+	requestedGenerator := &argov1alpha1.ApplicationSetGenerator{
+		Clusters: &argov1alpha1.ClusterGenerator{
 			Selector: metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"argocd.argoproj.io/secret-type": "cluster",
@@ -243,17 +241,17 @@ func TestInterpolateGenerator(t *testing.T) {
 	assert.Equal(t, "p1", interpolatedGenerator.Clusters.Selector.MatchLabels["path-zero"])
 	assert.Equal(t, "p1/p2/app3", interpolatedGenerator.Clusters.Selector.MatchLabels["path-full"])
 
-	fileNamePath := argoprojiov1alpha1.GitFileGeneratorItem{
+	fileNamePath := argov1alpha1.GitFileGeneratorItem{
 		Path: "{{name}}",
 	}
-	fileServerPath := argoprojiov1alpha1.GitFileGeneratorItem{
+	fileServerPath := argov1alpha1.GitFileGeneratorItem{
 		Path: "{{server}}",
 	}
 
-	requestedGenerator = &argoprojiov1alpha1.ApplicationSetGenerator{
-		Git: &argoprojiov1alpha1.GitGenerator{
-			Files:    append([]argoprojiov1alpha1.GitFileGeneratorItem{}, fileNamePath, fileServerPath),
-			Template: argoprojiov1alpha1.ApplicationSetTemplate{},
+	requestedGenerator = &argov1alpha1.ApplicationSetGenerator{
+		Git: &argov1alpha1.GitGenerator{
+			Files:    append([]argov1alpha1.GitFileGeneratorItem{}, fileNamePath, fileServerPath),
+			Template: argov1alpha1.ApplicationSetTemplate{},
 		},
 	}
 	clusterGeneratorParams := map[string]interface{}{
@@ -269,8 +267,8 @@ func TestInterpolateGenerator(t *testing.T) {
 }
 
 func TestInterpolateGenerator_go(t *testing.T) {
-	requestedGenerator := &argoprojiov1alpha1.ApplicationSetGenerator{
-		Clusters: &argoprojiov1alpha1.ClusterGenerator{
+	requestedGenerator := &argov1alpha1.ApplicationSetGenerator{
+		Clusters: &argov1alpha1.ClusterGenerator{
 			Selector: metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"argocd.argoproj.io/secret-type": "cluster",
@@ -297,17 +295,17 @@ func TestInterpolateGenerator_go(t *testing.T) {
 	assert.Equal(t, "p1", interpolatedGenerator.Clusters.Selector.MatchLabels["path-zero"])
 	assert.Equal(t, "p1/p2/app3", interpolatedGenerator.Clusters.Selector.MatchLabels["path-full"])
 
-	fileNamePath := argoprojiov1alpha1.GitFileGeneratorItem{
+	fileNamePath := argov1alpha1.GitFileGeneratorItem{
 		Path: "{{.name}}",
 	}
-	fileServerPath := argoprojiov1alpha1.GitFileGeneratorItem{
+	fileServerPath := argov1alpha1.GitFileGeneratorItem{
 		Path: "{{.server}}",
 	}
 
-	requestedGenerator = &argoprojiov1alpha1.ApplicationSetGenerator{
-		Git: &argoprojiov1alpha1.GitGenerator{
-			Files:    append([]argoprojiov1alpha1.GitFileGeneratorItem{}, fileNamePath, fileServerPath),
-			Template: argoprojiov1alpha1.ApplicationSetTemplate{},
+	requestedGenerator = &argov1alpha1.ApplicationSetGenerator{
+		Git: &argov1alpha1.GitGenerator{
+			Files:    append([]argov1alpha1.GitFileGeneratorItem{}, fileNamePath, fileServerPath),
+			Template: argov1alpha1.ApplicationSetTemplate{},
 		},
 	}
 	clusterGeneratorParams := map[string]interface{}{

applicationset/generators/git_test.go

@@ -4,21 +4,14 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	testutils "github.com/argoproj/argo-cd/v2/applicationset/utils/test"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
-// type clientSet struct {
-// 	RepoServerServiceClient apiclient.RepoServerServiceClient
-// }
-
-// func (c *clientSet) NewRepoServerClient() (io.Closer, apiclient.RepoServerServiceClient, error) {
-// 	return io.NewCloser(func() error { return nil }), c.RepoServerServiceClient, nil
-// }
 
 func Test_generateParamsFromGitFile(t *testing.T) {
 	params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(`
@@ -244,11 +237,11 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) {
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()
 
-			argoCDServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
+			argoCDServiceMock := mocks.Repos{}
 
-			argoCDServiceMock.Mock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError)
+			argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError)
 
-			var gitGenerator = NewGitGenerator(argoCDServiceMock)
+			var gitGenerator = NewGitGenerator(&argoCDServiceMock)
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -274,7 +267,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) {
 				assert.Equal(t, testCaseCopy.expected, got)
 			}
 
-			argoCDServiceMock.Mock.AssertExpectations(t)
+			argoCDServiceMock.AssertExpectations(t)
 		})
 	}
 }
@@ -539,11 +532,11 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) {
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()
 
-			argoCDServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
+			argoCDServiceMock := mocks.Repos{}
 
-			argoCDServiceMock.Mock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError)
+			argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError)
 
-			var gitGenerator = NewGitGenerator(argoCDServiceMock)
+			var gitGenerator = NewGitGenerator(&argoCDServiceMock)
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -570,7 +563,7 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) {
 				assert.Equal(t, testCaseCopy.expected, got)
 			}
 
-			argoCDServiceMock.Mock.AssertExpectations(t)
+			argoCDServiceMock.AssertExpectations(t)
 		})
 	}
 
@@ -830,11 +823,11 @@ cluster:
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()
 
-			argoCDServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
-			argoCDServiceMock.Mock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
+			argoCDServiceMock := mocks.Repos{}
+			argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 				Return(testCaseCopy.repoFileContents, testCaseCopy.repoPathsError)
 
-			var gitGenerator = NewGitGenerator(argoCDServiceMock)
+			var gitGenerator = NewGitGenerator(&argoCDServiceMock)
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -860,7 +853,7 @@ cluster:
 				assert.ElementsMatch(t, testCaseCopy.expected, got)
 			}
 
-			argoCDServiceMock.Mock.AssertExpectations(t)
+			argoCDServiceMock.AssertExpectations(t)
 		})
 	}
 }
@@ -1179,11 +1172,11 @@ cluster:
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()
 
-			argoCDServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
-			argoCDServiceMock.Mock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
+			argoCDServiceMock := mocks.Repos{}
+			argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 				Return(testCaseCopy.repoFileContents, testCaseCopy.repoPathsError)
 
-			var gitGenerator = NewGitGenerator(argoCDServiceMock)
+			var gitGenerator = NewGitGenerator(&argoCDServiceMock)
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -1210,7 +1203,7 @@ cluster:
 				assert.ElementsMatch(t, testCaseCopy.expected, got)
 			}
 
-			argoCDServiceMock.Mock.AssertExpectations(t)
+			argoCDServiceMock.AssertExpectations(t)
 		})
 	}
 }

applicationset/generators/matrix_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -17,7 +18,6 @@ import (
 	"github.com/stretchr/testify/mock"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
-	testutils "github.com/argoproj/argo-cd/v2/applicationset/utils/test"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
@@ -1054,8 +1054,8 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) {
 		},
 	}
 
-	repoServiceMock := testutils.ArgoCDServiceMock{Mock: &mock.Mock{}}
-	repoServiceMock.Mock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{
+	repoServiceMock := &mocks.Repos{}
+	repoServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{
 		"some/path.json": []byte("test: content"),
 	}, nil)
 	gitGenerator := NewGitGenerator(repoServiceMock)

applicationset/generators/pull_request.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/gosimple/slug"
 
-	"github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
 	pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
@@ -66,7 +65,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		return nil, fmt.Errorf("failed to select pull request service provider: %v", err)
 	}
 
-	pulls, err := pull_request.ListPullRequests(ctx, svc, appSetGenerator.PullRequest.Filters)
+	pulls, err := pullrequest.ListPullRequests(ctx, svc, appSetGenerator.PullRequest.Filters)
 	if err != nil {
 		return nil, fmt.Errorf("error listing repos: %v", err)
 	}
@@ -84,18 +83,25 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	}
 
 	var shortSHALength int
+	var shortSHALength7 int
 	for _, pull := range pulls {
 		shortSHALength = 8
 		if len(pull.HeadSHA) < 8 {
 			shortSHALength = len(pull.HeadSHA)
 		}
 
+		shortSHALength7 = 7
+		if len(pull.HeadSHA) < 7 {
+			shortSHALength7 = len(pull.HeadSHA)
+		}
+
 		paramMap := map[string]interface{}{
-			"number":         strconv.Itoa(pull.Number),
-			"branch":         pull.Branch,
-			"branch_slug":    slug.Make(pull.Branch),
-			"head_sha":       pull.HeadSHA,
-			"head_short_sha": pull.HeadSHA[:shortSHALength],
+			"number":           strconv.Itoa(pull.Number),
+			"branch":           pull.Branch,
+			"branch_slug":      slug.Make(pull.Branch),
+			"head_sha":         pull.HeadSHA,
+			"head_short_sha":   pull.HeadSHA[:shortSHALength],
+			"head_short_sha_7": pull.HeadSHA[:shortSHALength7],
 		}
 
 		// PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated.

applicationset/generators/pull_request_test.go

@@ -43,6 +43,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"branch_slug":    "branch1",
 					"head_sha":       "089d92cbf9ff857a39e6feccd32798ca700fb958",
 					"head_short_sha": "089d92cb",
+					"head_short_sha_7": "089d92c",
 				},
 			},
 			expectedErr: nil,
@@ -68,6 +69,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"branch_slug":    "feat-areally-long-pull-request-name-to-test-argo",
 					"head_sha":       "9b34ff5bd418e57d58891eb0aa0728043ca1e8be",
 					"head_short_sha": "9b34ff5b",
+					"head_short_sha_7": "9b34ff5",
 				},
 			},
 			expectedErr: nil,
@@ -93,6 +95,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"branch_slug":    "a-very-short-sha",
 					"head_sha":       "abcd",
 					"head_short_sha": "abcd",
+					"head_short_sha_7": "abcd",
 				},
 			},
 			expectedErr: nil,
@@ -130,6 +133,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"branch_slug":    "branch1",
 					"head_sha":       "089d92cbf9ff857a39e6feccd32798ca700fb958",
 					"head_short_sha": "089d92cb",
+					"head_short_sha_7": "089d92c",
 					"labels":         []string{"preview"},
 				},
 			},
@@ -163,6 +167,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"branch_slug":    "branch1",
 					"head_sha":       "089d92cbf9ff857a39e6feccd32798ca700fb958",
 					"head_short_sha": "089d92cb",
+					"head_short_sha_7": "089d92c",
 				},
 			},
 			expectedErr: nil,

applicationset/generators/scm_provider.go

@@ -142,12 +142,18 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	}
 	params := make([]map[string]interface{}, 0, len(repos))
 	var shortSHALength int
+	var shortSHALength7 int
 	for _, repo := range repos {
 		shortSHALength = 8
 		if len(repo.SHA) < 8 {
 			shortSHALength = len(repo.SHA)
 		}
 
+		shortSHALength7 = 7
+		if len(repo.SHA) < 7 {
+			shortSHALength7 = len(repo.SHA)
+		}
+
 		params = append(params, map[string]interface{}{
 			"organization":     repo.Organization,
 			"repository":       repo.Repository,
@@ -155,6 +161,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			"branch":           repo.Branch,
 			"sha":              repo.SHA,
 			"short_sha":        repo.SHA[:shortSHALength],
+			"short_sha_7":      repo.SHA[:shortSHALength7],
 			"labels":           strings.Join(repo.Labels, ","),
 			"branchNormalized": utils.SanitizeName(repo.Branch),
 		})

applicationset/generators/scm_provider_test.go

@@ -112,6 +112,8 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 	assert.Equal(t, "0bc57212c3cbbec69d20b34c507284bd300def5b", params[0]["sha"])
 	assert.Equal(t, "0bc57212", params[0]["short_sha"])
 	assert.Equal(t, "59d0", params[1]["short_sha"])
+	assert.Equal(t, "0bc5721", params[0]["short_sha_7"])
+	assert.Equal(t, "59d0", params[1]["short_sha_7"])
 	assert.Equal(t, "prod,staging", params[0]["labels"])
 	assert.Equal(t, "repo2", params[1]["repository"])
 }

applicationset/services/mocks/Repos.go

@@ -0,0 +1,81 @@
+// Code generated by mockery v2.25.1. DO NOT EDIT.
+
+package mocks
+
+import (
+	context "context"
+
+	mock "github.com/stretchr/testify/mock"
+)
+
+// Repos is an autogenerated mock type for the Repos type
+type Repos struct {
+	mock.Mock
+}
+
+// GetDirectories provides a mock function with given fields: ctx, repoURL, revision
+func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
+	ret := _m.Called(ctx, repoURL, revision)
+
+	var r0 []string
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok {
+		return rf(ctx, repoURL, revision)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok {
+		r0 = rf(ctx, repoURL, revision)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]string)
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok {
+		r1 = rf(ctx, repoURL, revision)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// GetFiles provides a mock function with given fields: ctx, repoURL, revision, pattern
+func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
+	ret := _m.Called(ctx, repoURL, revision, pattern)
+
+	var r0 map[string][]byte
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) (map[string][]byte, error)); ok {
+		return rf(ctx, repoURL, revision, pattern)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string) map[string][]byte); ok {
+		r0 = rf(ctx, repoURL, revision, pattern)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(map[string][]byte)
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, string, string, string) error); ok {
+		r1 = rf(ctx, repoURL, revision, pattern)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+type mockConstructorTestingTNewRepos interface {
+	mock.TestingT
+	Cleanup(func())
+}
+
+// NewRepos creates a new instance of Repos. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewRepos(t mockConstructorTestingTNewRepos) *Repos {
+	mock := &Repos{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}

applicationset/services/mocks/RepositoryDB.go

@@ -0,0 +1,57 @@
+// Code generated by mockery v2.21.1. DO NOT EDIT.
+
+package mocks
+
+import (
+	context "context"
+
+	mock "github.com/stretchr/testify/mock"
+
+	v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+)
+
+// RepositoryDB is an autogenerated mock type for the RepositoryDB type
+type RepositoryDB struct {
+	mock.Mock
+}
+
+// GetRepository provides a mock function with given fields: ctx, url
+func (_m *RepositoryDB) GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error) {
+	ret := _m.Called(ctx, url)
+
+	var r0 *v1alpha1.Repository
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, string) (*v1alpha1.Repository, error)); ok {
+		return rf(ctx, url)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, string) *v1alpha1.Repository); ok {
+		r0 = rf(ctx, url)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*v1alpha1.Repository)
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, string) error); ok {
+		r1 = rf(ctx, url)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+type mockConstructorTestingTNewRepositoryDB interface {
+	mock.TestingT
+	Cleanup(func())
+}
+
+// NewRepositoryDB creates a new instance of RepositoryDB. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewRepositoryDB(t mockConstructorTestingTNewRepositoryDB) *RepositoryDB {
+	mock := &RepositoryDB{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}

applicationset/services/repo_service.go

@@ -3,25 +3,26 @@ package services
 import (
 	"context"
 	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
 
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
+	repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/util/db"
 	"github.com/argoproj/argo-cd/v2/util/git"
+	"github.com/argoproj/argo-cd/v2/util/io"
 )
 
 // RepositoryDB Is a lean facade for ArgoDB,
-// Using a lean interface makes it more easy to test the functionality the git generator uses
+// Using a lean interface makes it easier to test the functionality of the git generator
 type RepositoryDB interface {
 	GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error)
 }
 
 type argoCDService struct {
-	repositoriesDB   RepositoryDB
-	storecreds       git.CredsStore
-	submoduleEnabled bool
+	repositoriesDB      RepositoryDB
+	storecreds          git.CredsStore
+	submoduleEnabled    bool
+	repoServerClientSet repoapiclient.Clientset
 }
 
 type Repos interface {
@@ -33,121 +34,61 @@ type Repos interface {
 	GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error)
 }
 
-func NewArgoCDService(db db.ArgoDB, gitCredStore git.CredsStore, submoduleEnabled bool) Repos {
-
+func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset repoapiclient.Clientset) (Repos, error) {
 	return &argoCDService{
-		repositoriesDB:   db.(RepositoryDB),
-		storecreds:       gitCredStore,
-		submoduleEnabled: submoduleEnabled,
-	}
+		repositoriesDB:      db.(RepositoryDB),
+		submoduleEnabled:    submoduleEnabled,
+		repoServerClientSet: repoClientset,
+	}, nil
 }
 
 func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
 	repo, err := a.repositoriesDB.GetRepository(ctx, repoURL)
 	if err != nil {
-		return nil, fmt.Errorf("Error in GetRepository: %w", err)
+		return nil, fmt.Errorf("error in GetRepository: %w", err)
 	}
 
-	gitRepoClient, err := git.NewClient(repo.Repo, repo.GetGitCreds(a.storecreds), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy)
-
+	fileRequest := &apiclient.GitFilesRequest{
+		Repo:             repo,
+		SubmoduleEnabled: a.submoduleEnabled,
+		Revision:         revision,
+		Path:             pattern,
+	}
+	closer, client, err := a.repoServerClientSet.NewRepoServerClient()
 	if err != nil {
 		return nil, err
 	}
+	defer io.Close(closer)
 
-	err = checkoutRepo(gitRepoClient, revision, a.submoduleEnabled)
+	fileResponse, err := client.GetGitFiles(ctx, fileRequest)
 	if err != nil {
 		return nil, err
 	}
-
-	paths, err := gitRepoClient.LsFiles(pattern)
-	if err != nil {
-		return nil, fmt.Errorf("Error during listing files of local repo: %w", err)
-	}
-
-	res := map[string][]byte{}
-	for _, filePath := range paths {
-		bytes, err := os.ReadFile(filepath.Join(gitRepoClient.Root(), filePath))
-		if err != nil {
-			return nil, err
-		}
-		res[filePath] = bytes
-	}
-
-	return res, nil
+	return fileResponse.GetMap(), nil
 }
 
 func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
-
 	repo, err := a.repositoriesDB.GetRepository(ctx, repoURL)
 	if err != nil {
-		return nil, fmt.Errorf("Error in GetRepository: %w", err)
+		return nil, fmt.Errorf("error in GetRepository: %w", err)
 	}
 
-	gitRepoClient, err := git.NewClient(repo.Repo, repo.GetGitCreds(a.storecreds), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy)
+	dirRequest := &apiclient.GitDirectoriesRequest{
+		Repo:             repo,
+		SubmoduleEnabled: a.submoduleEnabled,
+		Revision:         revision,
+	}
+
+	closer, client, err := a.repoServerClientSet.NewRepoServerClient()
 	if err != nil {
-		return nil, fmt.Errorf("error creating a new git client: %w", err)
-	}
-
-	err = checkoutRepo(gitRepoClient, revision, a.submoduleEnabled)
-	if err != nil {
-		return nil, fmt.Errorf("error while checking out repo: %w", err)
-	}
-
-	filteredPaths := []string{}
-
-	repoRoot := gitRepoClient.Root()
-
-	if err := filepath.Walk(repoRoot, func(path string, info os.FileInfo, fnErr error) error {
-		if fnErr != nil {
-			return fmt.Errorf("error walking the file tree: %w", fnErr)
-		}
-		if !info.IsDir() { // Skip files: directories only
-			return nil
-		}
-
-		fname := info.Name()
-		if strings.HasPrefix(fname, ".") { // Skip all folders starts with "."
-			return filepath.SkipDir
-		}
-
-		relativePath, err := filepath.Rel(repoRoot, path)
-		if err != nil {
-			return fmt.Errorf("error constructing relative repo path: %w", err)
-		}
-
-		if relativePath == "." { // Exclude '.' from results
-			return nil
-		}
-
-		filteredPaths = append(filteredPaths, relativePath)
-
-		return nil
-	}); err != nil {
 		return nil, err
 	}
+	defer io.Close(closer)
 
-	return filteredPaths, nil
+	dirResponse, err := client.GetGitDirectories(ctx, dirRequest)
+	if err != nil {
+		return nil, err
+	}
+	return dirResponse.GetPaths(), nil
 
 }
-
-func checkoutRepo(gitRepoClient git.Client, revision string, submoduleEnabled bool) error {
-	err := gitRepoClient.Init()
-	if err != nil {
-		return fmt.Errorf("Error during initializing repo: %w", err)
-	}
-
-	err = gitRepoClient.Fetch(revision)
-	if err != nil {
-		return fmt.Errorf("Error during fetching repo: %w", err)
-	}
-
-	commitSHA, err := gitRepoClient.LsRemote(revision)
-	if err != nil {
-		return fmt.Errorf("Error during fetching commitSHA: %w", err)
-	}
-	err = gitRepoClient.Checkout(commitSHA, submoduleEnabled)
-	if err != nil {
-		return fmt.Errorf("Error during repo checkout: %w", err)
-	}
-	return nil
-}

applicationset/services/repo_service_test.go

@@ -3,231 +3,189 @@ package services
 import (
 	"context"
 	"fmt"
-	"sort"
 	"testing"
 
+	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
+	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
+	repo_mocks "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks"
+	db_mocks "github.com/argoproj/argo-cd/v2/util/db/mocks"
+	"github.com/argoproj/argo-cd/v2/util/git"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
 
-type ArgocdRepositoryMock struct {
-	mock *mock.Mock
-}
-
-func (a ArgocdRepositoryMock) GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error) {
-	args := a.mock.Called(ctx, url)
-
-	return args.Get(0).(*v1alpha1.Repository), args.Error(1)
-
-}
-
 func TestGetDirectories(t *testing.T) {
 
-	// Hardcode a specific revision to changes to argocd-example-apps from regressing this test:
-	//   Author: Alexander Matyushentsev <Alexander_Matyushentsev@intuit.com>
-	//   Date:   Sun Jan 31 09:54:53 2021 -0800
-	//   chore: downgrade kustomize guestbook image tag (#73)
-	exampleRepoRevision := "08f72e2a309beab929d9fd14626071b1a61a47f9"
-
-	for _, c := range []struct {
-		name          string
-		repoURL       string
-		revision      string
-		repoRes       *v1alpha1.Repository
-		repoErr       error
-		expected      []string
-		expectedError error
+	type fields struct {
+		repositoriesDBFuncs   []func(*mocks.RepositoryDB)
+		storecreds            git.CredsStore
+		submoduleEnabled      bool
+		repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient)
+	}
+	type args struct {
+		ctx      context.Context
+		repoURL  string
+		revision string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		want    []string
+		wantErr assert.ErrorAssertionFunc
 	}{
-		{
-			name:     "All child folders should be returned",
-			repoURL:  "https://github.com/argoproj/argocd-example-apps/",
-			revision: exampleRepoRevision,
-			repoRes: &v1alpha1.Repository{
-				Repo: "https://github.com/argoproj/argocd-example-apps/",
+		{name: "ErrorGettingRepos", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get repos"))
+				},
 			},
-			repoErr: nil,
-			expected: []string{"apps", "apps/templates", "blue-green", "blue-green/templates", "guestbook", "helm-dependency",
-				"helm-guestbook", "helm-guestbook/templates", "helm-hooks", "jsonnet-guestbook", "jsonnet-guestbook-tla",
-				"ksonnet-guestbook", "ksonnet-guestbook/components", "ksonnet-guestbook/environments", "ksonnet-guestbook/environments/default",
-				"ksonnet-guestbook/environments/dev", "ksonnet-guestbook/environments/prod", "kustomize-guestbook", "plugins", "plugins/kasane",
-				"plugins/kustomized-helm", "plugins/kustomized-helm/overlays", "pre-post-sync", "sock-shop", "sock-shop/base", "sync-waves"},
-		},
-		{
-			name:     "If GetRepository returns an error, it should pass back to caller",
-			repoURL:  "https://github.com/argoproj/argocd-example-apps/",
-			revision: exampleRepoRevision,
-			repoRes: &v1alpha1.Repository{
-				Repo: "https://github.com/argoproj/argocd-example-apps/",
+		}, args: args{}, want: nil, wantErr: assert.Error},
+		{name: "ErrorGettingDirs", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil)
+				},
 			},
-			repoErr:       fmt.Errorf("Simulated error from GetRepository"),
-			expected:      nil,
-			expectedError: fmt.Errorf("Error in GetRepository: Simulated error from GetRepository"),
-		},
-		{
-			name: "Test against repository containing no directories",
-			// Here I picked an arbitrary repository in argoproj-labs, with a commit containing no folders.
-			repoURL:  "https://github.com/argoproj-labs/argo-workflows-operator/",
-			revision: "5f50933a576833b73b7a172909d8545a108685f4",
-			repoRes: &v1alpha1.Repository{
-				Repo: "https://github.com/argoproj-labs/argo-workflows-operator/",
+			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
+				func(client *repo_mocks.RepoServerServiceClient) {
+					client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get dirs"))
+				},
 			},
-			repoErr:  nil,
-			expected: []string{},
-		},
-	} {
-		cc := c
-		t.Run(cc.name, func(t *testing.T) {
-			argocdRepositoryMock := ArgocdRepositoryMock{mock: &mock.Mock{}}
-
-			argocdRepositoryMock.mock.On("GetRepository", mock.Anything, cc.repoURL).Return(cc.repoRes, cc.repoErr)
-
-			argocd := argoCDService{
-				repositoriesDB: argocdRepositoryMock,
+		}, args: args{}, want: nil, wantErr: assert.Error},
+		{name: "HappyCase", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil)
+				},
+			},
+			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
+				func(client *repo_mocks.RepoServerServiceClient) {
+					client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(&apiclient.GitDirectoriesResponse{
+						Paths: []string{"foo", "foo/bar", "bar/foo"},
+					}, nil)
+				},
+			},
+		}, args: args{}, want: []string{"foo", "foo/bar", "bar/foo"}, wantErr: assert.NoError},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			mockDb := &mocks.RepositoryDB{}
+			mockRepoClient := &repo_mocks.RepoServerServiceClient{}
+			// decorate the mocks
+			for i := range tt.fields.repositoriesDBFuncs {
+				tt.fields.repositoriesDBFuncs[i](mockDb)
+			}
+			for i := range tt.fields.repoServerClientFuncs {
+				tt.fields.repoServerClientFuncs[i](mockRepoClient)
 			}
 
-			got, err := argocd.GetDirectories(context.TODO(), cc.repoURL, cc.revision)
-
-			if cc.expectedError != nil {
-				assert.EqualError(t, err, cc.expectedError.Error())
-			} else {
-				sort.Strings(got)
-				sort.Strings(cc.expected)
-
-				assert.Equal(t, got, cc.expected)
-				assert.NoError(t, err)
+			a := &argoCDService{
+				repositoriesDB:      mockDb,
+				storecreds:          tt.fields.storecreds,
+				submoduleEnabled:    tt.fields.submoduleEnabled,
+				repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient},
 			}
+			got, err := a.GetDirectories(tt.args.ctx, tt.args.repoURL, tt.args.revision)
+			if !tt.wantErr(t, err, fmt.Sprintf("GetDirectories(%v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision)) {
+				return
+			}
+			assert.Equalf(t, tt.want, got, "GetDirectories(%v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision)
 		})
 	}
 }
 
 func TestGetFiles(t *testing.T) {
-
-	// Hardcode a specific commit, so that changes to argoproj/argocd-example-apps/ don't break our tests
-	// "chore: downgrade kustomize guestbook image tag (#73)"
-	commitID := "08f72e2a309beab929d9fd14626071b1a61a47f9"
-
-	tests := []struct {
-		name     string
+	type fields struct {
+		repositoriesDBFuncs   []func(*mocks.RepositoryDB)
+		storecreds            git.CredsStore
+		submoduleEnabled      bool
+		repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient)
+	}
+	type args struct {
+		ctx      context.Context
 		repoURL  string
 		revision string
 		pattern  string
-		repoRes  *v1alpha1.Repository
-		repoErr  error
-
-		expectSubsetOfPaths []string
-		doesNotContainPaths []string
-		expectedError       error
-	}{
-		{
-			name: "pull a specific revision of example apps and verify the list is expected",
-			repoRes: &v1alpha1.Repository{
-				Insecure:              true,
-				InsecureIgnoreHostKey: true,
-				Repo:                  "https://github.com/argoproj/argocd-example-apps/",
-			},
-			repoURL:  "https://github.com/argoproj/argocd-example-apps/",
-			revision: commitID,
-			pattern:  "*",
-			expectSubsetOfPaths: []string{
-				"apps/Chart.yaml",
-				"apps/templates/helm-guestbook.yaml",
-				"apps/templates/helm-hooks.yaml",
-				"apps/templates/kustomize-guestbook.yaml",
-				"apps/templates/namespaces.yaml",
-				"apps/templates/sync-waves.yaml",
-				"apps/values.yaml",
-				"blue-green/.helmignore",
-				"blue-green/Chart.yaml",
-				"blue-green/README.md",
-				"blue-green/templates/NOTES.txt",
-				"blue-green/templates/rollout.yaml",
-				"blue-green/templates/services.yaml",
-				"blue-green/values.yaml",
-				"guestbook/guestbook-ui-deployment.yaml",
-				"guestbook/guestbook-ui-svc.yaml",
-				"kustomize-guestbook/guestbook-ui-deployment.yaml",
-				"kustomize-guestbook/guestbook-ui-svc.yaml",
-				"kustomize-guestbook/kustomization.yaml",
-			},
-		},
-		{
-			name: "pull an invalid revision, and confirm an error is returned",
-			repoRes: &v1alpha1.Repository{
-				Insecure:              true,
-				InsecureIgnoreHostKey: true,
-				Repo:                  "https://github.com/argoproj/argocd-example-apps/",
-			},
-			repoURL:             "https://github.com/argoproj/argocd-example-apps/",
-			revision:            "this-tag-does-not-exist",
-			pattern:             "*",
-			expectSubsetOfPaths: []string{},
-			expectedError:       fmt.Errorf("Error during fetching repo: `git fetch origin this-tag-does-not-exist --tags --force --prune` failed exit status 128: fatal: couldn't find remote ref this-tag-does-not-exist"),
-		},
-		{
-			name: "pull a specific revision of example apps, and use a ** pattern",
-			repoRes: &v1alpha1.Repository{
-				Insecure:              true,
-				InsecureIgnoreHostKey: true,
-				Repo:                  "https://github.com/argoproj/argocd-example-apps/",
-			},
-			repoURL:  "https://github.com/argoproj/argocd-example-apps/",
-			revision: commitID,
-			pattern:  "**/*.yaml",
-			expectSubsetOfPaths: []string{
-				"apps/Chart.yaml",
-				"apps/templates/helm-guestbook.yaml",
-				"apps/templates/helm-hooks.yaml",
-				"apps/templates/kustomize-guestbook.yaml",
-				"apps/templates/namespaces.yaml",
-				"apps/templates/sync-waves.yaml",
-				"apps/values.yaml",
-				"blue-green/templates/rollout.yaml",
-				"blue-green/templates/services.yaml",
-				"blue-green/values.yaml",
-				"guestbook/guestbook-ui-deployment.yaml",
-				"guestbook/guestbook-ui-svc.yaml",
-				"kustomize-guestbook/guestbook-ui-deployment.yaml",
-				"kustomize-guestbook/guestbook-ui-svc.yaml",
-				"kustomize-guestbook/kustomization.yaml",
-			},
-			doesNotContainPaths: []string{
-				"blue-green/.helmignore",
-				"blue-green/README.md",
-				"blue-green/templates/NOTES.txt",
-			},
-		},
 	}
-
-	for _, cc := range tests {
-
-		// Get all the paths for a repository, and confirm that the expected subset of paths is found (or the expected error is returned)
-		t.Run(cc.name, func(t *testing.T) {
-			argocdRepositoryMock := ArgocdRepositoryMock{mock: &mock.Mock{}}
-
-			argocdRepositoryMock.mock.On("GetRepository", mock.Anything, cc.repoURL).Return(cc.repoRes, cc.repoErr)
-
-			argocd := argoCDService{
-				repositoriesDB: argocdRepositoryMock,
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		want    map[string][]byte
+		wantErr assert.ErrorAssertionFunc
+	}{
+		{name: "ErrorGettingRepos", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get repos"))
+				},
+			},
+		}, args: args{}, want: nil, wantErr: assert.Error},
+		{name: "ErrorGettingFiles", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil)
+				},
+			},
+			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
+				func(client *repo_mocks.RepoServerServiceClient) {
+					client.On("GetGitFiles", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get files"))
+				},
+			},
+		}, args: args{}, want: nil, wantErr: assert.Error},
+		{name: "HappyCase", fields: fields{
+			repositoriesDBFuncs: []func(*mocks.RepositoryDB){
+				func(db *mocks.RepositoryDB) {
+					db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil)
+				},
+			},
+			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
+				func(client *repo_mocks.RepoServerServiceClient) {
+					client.On("GetGitFiles", mock.Anything, mock.Anything).Return(&apiclient.GitFilesResponse{
+						Map: map[string][]byte{
+							"foo.json": []byte("hello: world!"),
+							"bar.yaml": []byte("yay: appsets"),
+						},
+					}, nil)
+				},
+			},
+		}, args: args{}, want: map[string][]byte{
+			"foo.json": []byte("hello: world!"),
+			"bar.yaml": []byte("yay: appsets"),
+		}, wantErr: assert.NoError},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			mockDb := &mocks.RepositoryDB{}
+			mockRepoClient := &repo_mocks.RepoServerServiceClient{}
+			// decorate the mocks
+			for i := range tt.fields.repositoriesDBFuncs {
+				tt.fields.repositoriesDBFuncs[i](mockDb)
+			}
+			for i := range tt.fields.repoServerClientFuncs {
+				tt.fields.repoServerClientFuncs[i](mockRepoClient)
 			}
 
-			getPathsRes, err := argocd.GetFiles(context.Background(), cc.repoURL, cc.revision, cc.pattern)
-
-			if cc.expectedError == nil {
-
-				assert.NoError(t, err)
-				for _, path := range cc.expectSubsetOfPaths {
-					assert.Contains(t, getPathsRes, path, "Unable to locate path: %s", path)
-				}
-
-				for _, shouldNotContain := range cc.doesNotContainPaths {
-					assert.NotContains(t, getPathsRes, shouldNotContain, "GetPaths should not contain %s", shouldNotContain)
-				}
-
-			} else {
-				assert.EqualError(t, err, cc.expectedError.Error())
+			a := &argoCDService{
+				repositoriesDB:      mockDb,
+				storecreds:          tt.fields.storecreds,
+				submoduleEnabled:    tt.fields.submoduleEnabled,
+				repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient},
 			}
+			got, err := a.GetFiles(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern)
+			if !tt.wantErr(t, err, fmt.Sprintf("GetFiles(%v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern)) {
+				return
+			}
+			assert.Equalf(t, tt.want, got, "GetFiles(%v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern)
 		})
 	}
 }
+
+func TestNewArgoCDService(t *testing.T) {
+	service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{})
+	assert.NoError(t, err, err)
+	assert.NotNil(t, service)
+}

applicationset/utils/test/testutils.go

@@ -1,34 +0,0 @@
-package test
-
-import (
-	"context"
-
-	"github.com/stretchr/testify/mock"
-)
-
-type ArgoCDServiceMock struct {
-	Mock *mock.Mock
-}
-
-func (a ArgoCDServiceMock) GetApps(ctx context.Context, repoURL string, revision string) ([]string, error) {
-	args := a.Mock.Called(ctx, repoURL, revision)
-
-	return args.Get(0).([]string), args.Error(1)
-}
-
-func (a ArgoCDServiceMock) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
-	args := a.Mock.Called(ctx, repoURL, revision, pattern)
-
-	return args.Get(0).(map[string][]byte), args.Error(1)
-}
-
-func (a ArgoCDServiceMock) GetFileContent(ctx context.Context, repoURL string, revision string, path string) ([]byte, error) {
-	args := a.Mock.Called(ctx, repoURL, revision, path)
-
-	return args.Get(0).([]byte), args.Error(1)
-}
-
-func (a ArgoCDServiceMock) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
-	args := a.Mock.Called(ctx, repoURL, revision)
-	return args.Get(0).([]string), args.Error(1)
-}

assets/swagger.json

@@ -1502,6 +1502,51 @@
         }
       }
     },
+    "/api/v1/applications/{name}/revisions/{revision}/chartdetails": {
+      "get": {
+        "tags": [
+          "ApplicationService"
+        ],
+        "summary": "Get the chart metadata (description, maintainers, home) for a specific revision of the application",
+        "operationId": "ApplicationService_RevisionChartDetails",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "the application's name",
+            "name": "name",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "the revision of the app",
+            "name": "revision",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "the application's namespace.",
+            "name": "appNamespace",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1alpha1ChartDetails"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/runtimeError"
+            }
+          }
+        }
+      }
+    },
     "/api/v1/applications/{name}/revisions/{revision}/metadata": {
       "get": {
         "tags": [
@@ -6440,6 +6485,26 @@
         }
       }
     },
+    "v1alpha1ChartDetails": {
+      "type": "object",
+      "title": "ChartDetails contains helm chart metadata for a specific version",
+      "properties": {
+        "description": {
+          "type": "string"
+        },
+        "home": {
+          "type": "string",
+          "title": "The URL of this projects home page, e.g. \"http://example.com\""
+        },
+        "maintainers": {
+          "type": "array",
+          "title": "List of maintainer details, name and email, e.g. [\"John Doe <john_doe@my-company.com>\"]",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "v1alpha1Cluster": {
       "type": "object",
       "title": "Cluster is the definition of a cluster resource",
@@ -8588,6 +8653,9 @@
         "Compiler": {
           "type": "string"
         },
+        "ExtraBuildInfo": {
+          "type": "string"
+        },
         "GitCommit": {
           "type": "string"
         },

cmd/argocd-applicationset-controller/commands/applicationset_controller.go

@@ -2,10 +2,13 @@ package command
 
 import (
 	"fmt"
+	"math"
 	"net/http"
 	"os"
 	"time"
 
+	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
+	"github.com/argoproj/argo-cd/v2/util/tls"
 	"github.com/argoproj/pkg/stats"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -17,7 +20,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/applicationset/webhook"
 	cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
 	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
 	"github.com/argoproj/argo-cd/v2/util/env"
 	"github.com/argoproj/argo-cd/v2/util/github_app"
 
@@ -45,17 +47,20 @@ func getSubmoduleEnabled() bool {
 
 func NewCommand() *cobra.Command {
 	var (
-		clientConfig           clientcmd.ClientConfig
-		metricsAddr            string
-		probeBindAddr          string
-		webhookAddr            string
-		enableLeaderElection   bool
-		namespace              string
-		argocdRepoServer       string
-		policy                 string
-		debugLog               bool
-		dryRun                 bool
-		enableProgressiveSyncs bool
+		clientConfig             clientcmd.ClientConfig
+		metricsAddr              string
+		probeBindAddr            string
+		webhookAddr              string
+		enableLeaderElection     bool
+		namespace                string
+		argocdRepoServer         string
+		policy                   string
+		debugLog                 bool
+		dryRun                   bool
+		enableProgressiveSyncs   bool
+		repoServerPlaintext      bool
+		repoServerStrictTLS      bool
+		repoServerTimeoutSeconds int
 	)
 	scheme := runtime.NewScheme()
 	_ = clientgoscheme.AddToScheme(scheme)
@@ -80,9 +85,7 @@ func NewCommand() *cobra.Command {
 			cli.SetLogLevel(cmdutil.LogLevel)
 
 			restConfig, err := clientConfig.ClientConfig()
-			if err != nil {
-				return err
-			}
+			errors.CheckError(err)
 
 			restConfig.UserAgent = fmt.Sprintf("argocd-applicationset-controller/%s (%s)", vers.Version, vers.Platform)
 
@@ -110,25 +113,40 @@ func NewCommand() *cobra.Command {
 				os.Exit(1)
 			}
 			dynamicClient, err := dynamic.NewForConfig(mgr.GetConfig())
-			if err != nil {
-				return err
-			}
+			errors.CheckError(err)
 			k8sClient, err := kubernetes.NewForConfig(mgr.GetConfig())
-			if err != nil {
-				return err
-			}
+			errors.CheckError(err)
+
 			argoSettingsMgr := argosettings.NewSettingsManager(ctx, k8sClient, namespace)
 			appSetConfig := appclientset.NewForConfigOrDie(mgr.GetConfig())
 			argoCDDB := db.NewDB(namespace, argoSettingsMgr, k8sClient)
 
-			askPassServer := askpass.NewServer()
 			scmAuth := generators.SCMAuthProviders{
 				GitHubApps: github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)),
 			}
+
+			tlsConfig := apiclient.TLSConfiguration{
+				DisableTLS:       repoServerPlaintext,
+				StrictValidation: repoServerPlaintext,
+			}
+
+			if !repoServerPlaintext && repoServerStrictTLS {
+				pool, err := tls.LoadX509CertPool(
+					fmt.Sprintf("%s/reposerver/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)),
+					fmt.Sprintf("%s/reposerver/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)),
+				)
+				errors.CheckError(err)
+				tlsConfig.Certificates = pool
+			}
+
+			repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, repoServerTimeoutSeconds, tlsConfig)
+			argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset)
+			errors.CheckError(err)
+
 			terminalGenerators := map[string]generators.Generator{
 				"List":                    generators.NewListGenerator(),
 				"Clusters":                generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace),
-				"Git":                     generators.NewGitGenerator(services.NewArgoCDService(argoCDDB, askPassServer, getSubmoduleEnabled())),
+				"Git":                     generators.NewGitGenerator(argoCDService),
 				"SCMProvider":             generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth),
 				"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
 				"PullRequest":             generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth),
@@ -165,7 +183,6 @@ func NewCommand() *cobra.Command {
 				startWebhookServer(webhookHandler, webhookAddr)
 			}
 
-			go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }()
 			if err = (&controllers.ApplicationSetReconciler{
 				Generators:             topLevelGenerators,
 				Client:                 mgr.GetClient(),
@@ -177,7 +194,7 @@ func NewCommand() *cobra.Command {
 				KubeClientset:          k8sClient,
 				ArgoDB:                 argoCDDB,
 				EnableProgressiveSyncs: enableProgressiveSyncs,
-			}).SetupWithManager(mgr); err != nil {
+			}).SetupWithManager(mgr, enableProgressiveSyncs); err != nil {
 				log.Error(err, "unable to create controller", "controller", "ApplicationSet")
 				os.Exit(1)
 			}
@@ -206,6 +223,9 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode")
 	command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.")
+	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server")
+	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server")
+	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.")
 	return &command
 }
 

cmd/argocd-cmp-server/commands/argocd_cmp_server.go

@@ -30,7 +30,7 @@ func NewCommand() *cobra.Command {
 	var command = cobra.Command{
 		Use:               cliName,
 		Short:             "Run ArgoCD ConfigManagementPlugin Server",
-		Long:              "ArgoCD ConfigManagementPlugin Server is an internal service which runs as sidecar container in reposerver deployment. It can be configured by following options.",
+		Long:              "ArgoCD ConfigManagementPlugin Server is an internal service which runs as sidecar container in reposerver deployment. The following configuration options are available:",
 		DisableAutoGenTag: true,
 		RunE: func(c *cobra.Command, args []string) error {
 			ctx := c.Context()

cmd/argocd/commands/admin/backup.go

@@ -132,7 +132,6 @@ func NewImportCommand() *cobra.Command {
 			errors.CheckError(err)
 			config.QPS = 100
 			config.Burst = 50
-			errors.CheckError(err)
 			namespace, _, err := clientConfig.Namespace()
 			errors.CheckError(err)
 			acdClients := newArgoCDClientsets(config, namespace)

cmd/argocd/commands/admin/dashboard.go

@@ -9,13 +9,16 @@ import (
 	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize"
 	"github.com/argoproj/argo-cd/v2/common"
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
+	"github.com/argoproj/argo-cd/v2/util/cache"
+	"github.com/argoproj/argo-cd/v2/util/env"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 )
 
 func NewDashboardCommand() *cobra.Command {
 	var (
-		port    int
-		address string
+		port           int
+		address        string
+		compressionStr string
 	)
 	cmd := &cobra.Command{
 		Use:   "dashboard",
@@ -23,7 +26,9 @@ func NewDashboardCommand() *cobra.Command {
 		Run: func(cmd *cobra.Command, args []string) {
 			ctx := cmd.Context()
 
-			errors.CheckError(headless.StartLocalServer(ctx, &argocdclient.ClientOptions{Core: true}, initialize.RetrieveContextIfChanged(cmd.Flag("context")), &port, &address))
+			compression, err := cache.CompressionTypeFromString(compressionStr)
+			errors.CheckError(err)
+			errors.CheckError(headless.StartLocalServer(ctx, &argocdclient.ClientOptions{Core: true}, initialize.RetrieveContextIfChanged(cmd.Flag("context")), &port, &address, compression))
 			println(fmt.Sprintf("Argo CD UI is available at http://%s:%d", address, port))
 			<-ctx.Done()
 		},
@@ -31,5 +36,6 @@ func NewDashboardCommand() *cobra.Command {
 	initialize.InitCommand(cmd)
 	cmd.Flags().IntVar(&port, "port", common.DefaultPortAPIServer, "Listen on given port")
 	cmd.Flags().StringVar(&address, "address", common.DefaultAddressAPIServer, "Listen on given address")
+	cmd.Flags().StringVar(&compressionStr, "redis-compress", env.StringFromEnv("REDIS_COMPRESSION", string(cache.RedisCompressionNone)), "Enable this if the application controller is configured with redis compression enabled. (possible values: none, gzip)")
 	return cmd
 }

cmd/argocd/commands/admin/settings_rbac.go

@@ -292,11 +292,9 @@ func getPolicyFromConfigMap(cm *corev1.ConfigMap) (string, string, string) {
 	if !ok {
 		userPolicy = ""
 	}
-	if defaultRole == "" {
-		defaultRole, ok = cm.Data[rbac.ConfigMapPolicyDefaultKey]
-		if !ok {
-			defaultRole = ""
-		}
+	defaultRole, ok = cm.Data[rbac.ConfigMapPolicyDefaultKey]
+	if !ok {
+		defaultRole = ""
 	}
 
 	return userPolicy, defaultRole, cm.Data[rbac.ConfigMapMatchModeKey]

cmd/argocd/commands/app_test.go

@@ -1067,12 +1067,12 @@ func TestFilterAppResources(t *testing.T) {
 		selectedResources []*argoappv1.SyncOperationResource
 		expectedResult    []*argoappv1.SyncOperationResource
 	}{
-		//--resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:*
+		// --resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:*
 		{testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources",
 			selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource},
 			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2},
 		},
-		//--resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:*
+		// --resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:*
 		{testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources",
 			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource},
 			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment},

cmd/argocd/commands/bcrypt.go

@@ -8,7 +8,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-// bcryptCmd represents the bcrypt command
+// NewBcryptCmd represents the bcrypt command
 func NewBcryptCmd() *cobra.Command {
 	var (
 		password string

cmd/argocd/commands/cert.go

@@ -135,7 +135,7 @@ func NewCertAddTLSCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 	return command
 }
 
-// NewCertAddCommand returns a new instance of an `argocd cert add` command
+// NewCertAddSSHCommand returns a new instance of an `argocd cert add` command
 func NewCertAddSSHCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
 		fromFile     string

cmd/argocd/commands/headless/headless.go

@@ -38,11 +38,12 @@ import (
 )
 
 type forwardCacheClient struct {
-	namespace string
-	context   string
-	init      sync.Once
-	client    cache.CacheClient
-	err       error
+	namespace   string
+	context     string
+	init        sync.Once
+	client      cache.CacheClient
+	compression cache.RedisCompressionType
+	err         error
 }
 
 func (c *forwardCacheClient) doLazy(action func(client cache.CacheClient) error) error {
@@ -58,7 +59,7 @@ func (c *forwardCacheClient) doLazy(action func(client cache.CacheClient) error)
 		}
 
 		redisClient := redis.NewClient(&redis.Options{Addr: fmt.Sprintf("localhost:%d", redisPort)})
-		c.client = cache.NewRedisCache(redisClient, time.Hour, cache.RedisCompressionNone)
+		c.client = cache.NewRedisCache(redisClient, time.Hour, c.compression)
 	})
 	if c.err != nil {
 		return c.err
@@ -139,7 +140,7 @@ func testAPI(ctx context.Context, clientOpts *apiclient.ClientOptions) error {
 
 // StartLocalServer allows executing command in a headless mode: on the fly starts Argo CD API server and
 // changes provided client options to use started API server port
-func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, ctxStr string, port *int, address *string) error {
+func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, ctxStr string, port *int, address *string, compression cache.RedisCompressionType) error {
 	flags := pflag.NewFlagSet("tmp", pflag.ContinueOnError)
 	clientConfig := cli.AddKubectlFlagsToSet(flags)
 	startInProcessAPI := clientOpts.Core
@@ -200,7 +201,7 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions,
 	if err != nil {
 		return err
 	}
-	appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr}), time.Hour)
+	appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression}), time.Hour)
 	srv := server.NewServer(ctx, server.ArgoCDServerOpts{
 		EnableGZip:           false,
 		Namespace:            namespace,
@@ -243,7 +244,7 @@ func NewClientOrDie(opts *apiclient.ClientOptions, c *cobra.Command) apiclient.C
 	ctx := c.Context()
 
 	ctxStr := initialize.RetrieveContextIfChanged(c.Flag("context"))
-	err := StartLocalServer(ctx, opts, ctxStr, nil, nil)
+	err := StartLocalServer(ctx, opts, ctxStr, nil, nil, cache.RedisCompressionNone)
 	if err != nil {
 		log.Fatal(err)
 	}

cmd/argocd/commands/login_test.go

@@ -7,8 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-//
-
 func Test_userDisplayName_email(t *testing.T) {
 	claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}}
 	actualName := userDisplayName(claims)

cmd/argocd/commands/version.go

@@ -116,6 +116,9 @@ func printClientVersion(version *common.Version, short bool) string {
 	output += fmt.Sprintf("  GoVersion: %s\n", version.GoVersion)
 	output += fmt.Sprintf("  Compiler: %s\n", version.Compiler)
 	output += fmt.Sprintf("  Platform: %s\n", version.Platform)
+	if version.ExtraBuildInfo != "" {
+		output += fmt.Sprintf("  ExtraBuildInfo: %s\n", version.ExtraBuildInfo)
+	}
 	return output
 }
 
@@ -147,6 +150,9 @@ func printServerVersion(version *version.VersionMessage, short bool) string {
 	if version.Platform != "" {
 		output += fmt.Sprintf("  Platform: %s\n", version.Platform)
 	}
+	if version.ExtraBuildInfo != "" {
+		output += fmt.Sprintf("  ExtraBuildInfo: %s\n", version.ExtraBuildInfo)
+	}
 	if version.KustomizeVersion != "" {
 		output += fmt.Sprintf("  Kustomize Version: %s\n", version.KustomizeVersion)
 	}

cmd/util/app.go

@@ -685,7 +685,7 @@ func setAnnotations(app *argoappv1.Application, annotations []string) {
 	}
 }
 
-// liveObjects deserializes the list of live states into unstructured objects
+// LiveObjects deserializes the list of live states into unstructured objects
 func LiveObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstructured, error) {
 	objs := make([]*unstructured.Unstructured, len(resources))
 	for i, resState := range resources {

cmd/util/project.go

@@ -94,7 +94,7 @@ func (opts *ProjectOpts) GetDestinations() []v1alpha1.ApplicationDestination {
 	return destinations
 }
 
-// TODO: Get configured keys and emit warning when a key is specified that is not configured
+// GetSignatureKeys TODO: Get configured keys and emit warning when a key is specified that is not configured
 func (opts *ProjectOpts) GetSignatureKeys() []v1alpha1.SignatureKey {
 	signatureKeys := make([]v1alpha1.SignatureKey, 0)
 	for _, keyStr := range opts.SignatureKeys {
@@ -138,7 +138,10 @@ func readProjFromURI(fileURL string, proj *v1alpha1.AppProject) error {
 	} else {
 		err = config.UnmarshalRemoteFile(fileURL, &proj)
 	}
-	return fmt.Errorf("error reading proj from uri: %w", err)
+	if err != nil {
+		return fmt.Errorf("error reading proj from uri: %w", err)
+	}
+	return nil
 }
 
 func SetProjSpecOptions(flags *pflag.FlagSet, spec *v1alpha1.AppProjectSpec, projOpts *ProjectOpts) int {

cmpserver/plugin/config.go

@@ -37,7 +37,7 @@ type Discover struct {
 }
 
 func (d Discover) IsDefined() bool {
-	return d.FileName != "" || d.Find.Glob == "" || len(d.Find.Command.Command) > 0
+	return d.FileName != "" || d.Find.Glob != "" || len(d.Find.Command.Command) > 0
 }
 
 // Command holds binary path and arguments list

cmpserver/plugin/plugin.go

@@ -113,7 +113,7 @@ func runCommand(ctx context.Context, command Command, path string, env []string)
 	}
 	if len(output) == 0 {
 		log.WithFields(log.Fields{
-			"stderr":  stderr,
+			"stderr":  stderr.String(),
 			"command": command,
 		}).Warn("Plugin command returned zero output")
 	}

common/common.go

@@ -29,9 +29,9 @@ const (
 	ArgoCDNotificationsConfigMapName = "argocd-notifications-cm"
 	ArgoCDNotificationsSecretName    = "argocd-notifications-secret"
 	ArgoCDRBACConfigMapName          = "argocd-rbac-cm"
-	// Contains SSH known hosts data for connecting repositories. Will get mounted as volume to pods
+	// ArgoCDKnownHostsConfigMapName contains SSH known hosts data for connecting repositories. Will get mounted as volume to pods
 	ArgoCDKnownHostsConfigMapName = "argocd-ssh-known-hosts-cm"
-	// Contains TLS certificate data for connecting repositories. Will get mounted as volume to pods
+	// ArgoCDTLSCertsConfigMapName contains TLS certificate data for connecting repositories. Will get mounted as volume to pods
 	ArgoCDTLSCertsConfigMapName = "argocd-tls-certs-cm"
 	ArgoCDGPGKeysConfigMapName  = "argocd-gpg-keys-cm"
 )
@@ -51,28 +51,28 @@ const (
 	DefaultPortRepoServerMetrics      = 8084
 )
 
-// Default listener address for ArgoCD components
+// DefaultAddressAPIServer for ArgoCD components
 const (
 	DefaultAddressAPIServer = "localhost"
 )
 
 // Default paths on the pod's file system
 const (
-	// The default path where TLS certificates for repositories are located
+	// DefaultPathTLSConfig is the default path where TLS certificates for repositories are located
 	DefaultPathTLSConfig = "/app/config/tls"
-	// The default path where SSH known hosts are stored
+	// DefaultPathSSHConfig is the default path where SSH known hosts are stored
 	DefaultPathSSHConfig = "/app/config/ssh"
-	// Default name for the SSH known hosts file
+	// DefaultSSHKnownHostsName is the Default name for the SSH known hosts file
 	DefaultSSHKnownHostsName = "ssh_known_hosts"
-	// Default path to GnuPG home directory
+	// DefaultGnuPgHomePath is the Default path to GnuPG home directory
 	DefaultGnuPgHomePath = "/app/config/gpg/keys"
-	// Default path to repo server TLS endpoint config
+	// DefaultAppConfigPath is the Default path to repo server TLS endpoint config
 	DefaultAppConfigPath = "/app/config"
-	// Default path to cmp server plugin socket file
+	// DefaultPluginSockFilePath is the Default path to cmp server plugin socket file
 	DefaultPluginSockFilePath = "/home/argocd/cmp-server/plugins"
-	// Default path to cmp server plugin configuration file
+	// DefaultPluginConfigFilePath is the Default path to cmp server plugin configuration file
 	DefaultPluginConfigFilePath = "/home/argocd/cmp-server/config"
-	// Plugin Config File is a ConfigManagementPlugin manifest located inside the plugin container
+	// PluginConfigFileName is the Plugin Config File is a ConfigManagementPlugin manifest located inside the plugin container
 	PluginConfigFileName = "plugin.yaml"
 )
 
@@ -139,7 +139,7 @@ const (
 	// LabelValueSecretTypeRepoCreds indicates a secret type of repository credentials
 	LabelValueSecretTypeRepoCreds = "repo-creds"
 
-	// The Argo CD application name is used as the instance name
+	// AnnotationKeyAppInstance is the Argo CD application name is used as the instance name
 	AnnotationKeyAppInstance = "argocd.argoproj.io/tracking-id"
 
 	// AnnotationCompareOptions is a comma-separated list of options for comparison
@@ -171,19 +171,19 @@ const (
 	EnvVarSSODebug = "ARGOCD_SSO_DEBUG"
 	// EnvVarRBACDebug is an environment variable to enable additional RBAC debugging in the API server
 	EnvVarRBACDebug = "ARGOCD_RBAC_DEBUG"
-	// Overrides the location where SSH known hosts for repo access data is stored
+	// EnvVarSSHDataPath overrides the location where SSH known hosts for repo access data is stored
 	EnvVarSSHDataPath = "ARGOCD_SSH_DATA_PATH"
-	// Overrides the location where TLS certificate for repo access data is stored
+	// EnvVarTLSDataPath overrides the location where TLS certificate for repo access data is stored
 	EnvVarTLSDataPath = "ARGOCD_TLS_DATA_PATH"
-	// Specifies number of git remote operations attempts count
+	// EnvGitAttemptsCount specifies number of git remote operations attempts count
 	EnvGitAttemptsCount = "ARGOCD_GIT_ATTEMPTS_COUNT"
-	// Specifices max duration of git remote operation retry
+	// EnvGitRetryMaxDuration specifices max duration of git remote operation retry
 	EnvGitRetryMaxDuration = "ARGOCD_GIT_RETRY_MAX_DURATION"
-	// Specifies duration of git remote operation retry
+	// EnvGitRetryDuration specifies duration of git remote operation retry
 	EnvGitRetryDuration = "ARGOCD_GIT_RETRY_DURATION"
-	// Specifies fator of git remote operation retry
+	// EnvGitRetryFactor specifies fator of git remote operation retry
 	EnvGitRetryFactor = "ARGOCD_GIT_RETRY_FACTOR"
-	// Overrides git submodule support, true by default
+	// EnvGitSubmoduleEnabled overrides git submodule support, true by default
 	EnvGitSubmoduleEnabled = "ARGOCD_GIT_MODULES_ENABLED"
 	// EnvGnuPGHome is the path to ArgoCD's GnuPG keyring for signature verification
 	EnvGnuPGHome = "ARGOCD_GNUPGHOME"
@@ -205,7 +205,7 @@ const (
 	EnvGithubAppCredsExpirationDuration = "ARGOCD_GITHUB_APP_CREDS_EXPIRATION_DURATION"
 	// EnvHelmIndexCacheDuration controls how the helm repository index file is cached for (default: 0)
 	EnvHelmIndexCacheDuration = "ARGOCD_HELM_INDEX_CACHE_DURATION"
-	// EnvRepoServerConfigPath allows to override the configuration path for repo server
+	// EnvAppConfigPath allows to override the configuration path for repo server
 	EnvAppConfigPath = "ARGOCD_APP_CONF_PATH"
 	// EnvLogFormat log format that is defined by `--logformat` option
 	EnvLogFormat = "ARGOCD_LOG_FORMAT"
@@ -296,14 +296,14 @@ func GetCMPWorkDir() string {
 }
 
 const (
-	// AnnotationApplicationRefresh is an annotation that is added when an ApplicationSet is requested to be refreshed by a webhook. The ApplicationSet controller will remove this annotation at the end of reconciliation.
+	// AnnotationApplicationSetRefresh is an annotation that is added when an ApplicationSet is requested to be refreshed by a webhook. The ApplicationSet controller will remove this annotation at the end of reconciliation.
 	AnnotationApplicationSetRefresh = "argocd.argoproj.io/application-set-refresh"
 )
 
 // gRPC settings
 const (
 	GRPCKeepAliveEnforcementMinimum = 10 * time.Second
-	// Keep alive is 2x enforcement minimum to ensure network jitter does not introduce ENHANCE_YOUR_CALM errors
+	// GRPCKeepAliveTime is 2x enforcement minimum to ensure network jitter does not introduce ENHANCE_YOUR_CALM errors
 	GRPCKeepAliveTime = 2 * GRPCKeepAliveEnforcementMinimum
 )
 
@@ -318,7 +318,7 @@ const (
 	SecurityLow       = 1 // Unexceptional entries (i.e. successful access logs)
 )
 
-// Common error messages
+// TokenVerificationError is a generic error message for a failure to verify a JWT
 const TokenVerificationError = "failed to verify the token"
 
 var TokenVerificationErr = errors.New(TokenVerificationError)

common/version.go

@@ -16,6 +16,7 @@ var (
 	gitTag         = ""                     // output from `git describe --exact-match --tags HEAD` (if clean tree state)
 	gitTreeState   = ""                     // determined from `git status --porcelain`. either 'clean' or 'dirty'
 	kubectlVersion = ""                     // determined from go.mod file
+	extraBuildInfo = ""                     // extra build information for vendors to populate during build
 )
 
 // Version contains Argo version information
@@ -29,6 +30,7 @@ type Version struct {
 	Compiler       string
 	Platform       string
 	KubectlVersion string
+	ExtraBuildInfo string
 }
 
 func (v Version) String() string {
@@ -66,6 +68,7 @@ func GetVersion() Version {
 			versionStr += "+unknown"
 		}
 	}
+
 	return Version{
 		Version:        versionStr,
 		BuildDate:      buildDate,
@@ -76,5 +79,6 @@ func GetVersion() Version {
 		Compiler:       runtime.Compiler,
 		Platform:       fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH),
 		KubectlVersion: kubectlVersion,
+		ExtraBuildInfo: extraBuildInfo,
 	}
 }

controller/appcontroller.go

@@ -53,6 +53,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/db"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/glob"
+	"github.com/argoproj/argo-cd/v2/util/helm"
 	logutils "github.com/argoproj/argo-cd/v2/util/log"
 	settings_util "github.com/argoproj/argo-cd/v2/util/settings"
 )
@@ -943,7 +944,9 @@ func (ctrl *ApplicationController) removeProjectFinalizer(proj *appv1.AppProject
 
 // shouldBeDeleted returns whether a given resource obj should be deleted on cascade delete of application app
 func (ctrl *ApplicationController) shouldBeDeleted(app *appv1.Application, obj *unstructured.Unstructured) bool {
-	return !kube.IsCRD(obj) && !isSelfReferencedApp(app, kube.GetObjectRef(obj)) && !resourceutil.HasAnnotationOption(obj, synccommon.AnnotationSyncOptions, synccommon.SyncOptionDisableDeletion)
+	return !kube.IsCRD(obj) && !isSelfReferencedApp(app, kube.GetObjectRef(obj)) &&
+		!resourceutil.HasAnnotationOption(obj, synccommon.AnnotationSyncOptions, synccommon.SyncOptionDisableDeletion) &&
+		!resourceutil.HasAnnotationOption(obj, helm.ResourcePolicyAnnotation, helm.ResourcePolicyKeep)
 }
 
 func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Application, proj *appv1.AppProject, projectClusters func(project string) ([]*appv1.Cluster, error)) (map[kube.ResourceKey]*unstructured.Unstructured, error) {

controller/appcontroller_test.go

@@ -1528,4 +1528,10 @@ func Test_syncDeleteOption(t *testing.T) {
 		delete := ctrl.shouldBeDeleted(app, cmObj)
 		assert.False(t, delete)
 	})
+	t.Run("with delete set to false object is retained", func(t *testing.T) {
+		cmObj := kube.MustToUnstructured(&cm)
+		cmObj.SetAnnotations(map[string]string{"helm.sh/resource-policy": "keep"})
+		delete := ctrl.shouldBeDeleted(app, cmObj)
+		assert.False(t, delete)
+	})
 }

controller/cache/cache.go

@@ -45,7 +45,7 @@ const (
 	// EnvClusterCacheWatchResyncDuration is the env variable that holds cluster cache watch re-sync duration
 	EnvClusterCacheWatchResyncDuration = "ARGOCD_CLUSTER_CACHE_WATCH_RESYNC_DURATION"
 
-	// EnvClusterRetryTimeoutDuration is the env variable that holds cluster retry duration when sync error happens
+	// EnvClusterSyncRetryTimeoutDuration is the env variable that holds cluster retry duration when sync error happens
 	EnvClusterSyncRetryTimeoutDuration = "ARGOCD_CLUSTER_SYNC_RETRY_TIMEOUT_DURATION"
 
 	// EnvClusterCacheListPageSize is the env variable to control size of the list page size when making K8s queries
@@ -56,7 +56,7 @@ const (
 	// k8s list queries results across all clusters to avoid memory spikes during cache initialization.
 	EnvClusterCacheListSemaphore = "ARGOCD_CLUSTER_CACHE_LIST_SEMAPHORE"
 
-	// EnvClusterCacheRetryLimit is the env variable to control the retry limit for listing resources during cluster cache sync
+	// EnvClusterCacheAttemptLimit is the env variable to control the retry limit for listing resources during cluster cache sync
 	EnvClusterCacheAttemptLimit = "ARGOCD_CLUSTER_CACHE_ATTEMPT_LIMIT"
 
 	// EnvClusterCacheRetryUseBackoff is the env variable to control whether to use a backoff strategy with the retry during cluster cache sync

controller/sync.go

@@ -322,7 +322,25 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	var resState []common.ResourceSyncResult
 	state.Phase, state.Message, resState = syncCtx.GetState()
 	state.SyncResult.Resources = nil
+
+	var apiVersion []kube.APIResourceInfo
 	for _, res := range resState {
+		augmentedMsg, err := argo.AugmentSyncMsg(res, func() ([]kube.APIResourceInfo, error) {
+			if apiVersion == nil {
+				_, apiVersion, err = m.liveStateCache.GetVersionsInfo(app.Spec.Destination.Server)
+				if err != nil {
+					return nil, fmt.Errorf("failed to get version info from the target cluster %q", app.Spec.Destination.Server)
+				}
+			}
+			return apiVersion, nil
+		})
+
+		if err != nil {
+			log.Errorf("using the original message since: %v", err)
+		} else {
+			res.Message = augmentedMsg
+		}
+
 		state.SyncResult.Resources = append(state.SyncResult.Resources, &v1alpha1.ResourceResult{
 			HookType:  res.HookType,
 			Group:     res.ResourceKey.Group,

docs/assets/versions.js

@@ -9,16 +9,6 @@ setTimeout(function() {
   caret.innerHTML = "<i class='fa fa-caret-down dropdown-caret'></i>"
   caret.classList.add('dropdown-caret')
   div.querySelector('.rst-current-version').appendChild(caret);
-  div.querySelector('.rst-current-version').addEventListener('click', function() {
-      const classes = container.className.split(' ');
-      const index = classes.indexOf('shift-up');
-      if (index === -1) {
-          classes.push('shift-up');
-      } else {
-          classes.splice(index, 1);
-      }
-      container.className = classes.join(' ');
-  });
   }
 
   var CSSLink = document.createElement('link');

docs/developer-guide/architecture/components.md

@@ -0,0 +1,118 @@
+# Component Architecture
+
+Argo CD is designed with a component based architecture. The goal is
+to separate the responsibility in different deployable units in order
+to have the following benefits:
+
+- **Modularity**: Provides great level of flexibility. Components
+  interact with each other via an interface. This means that as long
+  as the interface contract is respected, a given component can be
+  replaced without requiring the rest of the system to adapt. It is
+  also possible to run the system without certain components if a
+  specific group of functionality isn't desired.
+- **Single responsibility**: Helps to determine where the different
+  types of functionality should be implemented which drives for
+  better system cohesiveness.
+- **Reusability**: Clearly defined interfaces helps in functionality
+  discoverability which benefits reusability of services.
+
+The default Argo CD installation is composed by different components
+and different Kubernetes controllers. The controllers aren't
+categorized as components as they have proprietary interfaces (CRDs)
+and therefore, miss the modular nature. There are more resources
+created while installing Argo CD (ConfigMaps, Services, etc), but for
+simplicity we are covering just the ones directly related with the
+componentized architecture.
+
+## Dependencies
+
+The diagram below has represented all dependencies between the
+different components used by the default Argo CD installation:
+
+![Components Diagram](../../assets/argocd-components.png)
+
+There are 4 logical layers represented in the diagram:
+
+- **UI**: This is the presentation layer. Users interact with Argo CD
+  mainly by components from this layer.
+- **Application**: The capabilities required to support the components
+  from the UI layer.
+- **Core**: The main Argo CD gitops functionality is implemented by
+  components and Kubernetes controllers from the Core layer.
+- **Infra**: Represent the tools that Argo CD depends on as part of
+  its infrastructure.
+
+The logical layers also help making the diagram easier to follow as
+dependencies are represented in a top-down relationship. This means
+that components from the top layers will be allowed to depend on any
+component from any of the bottom layers. However components from the
+bottom layers will never depend on any ones from upper layers.
+
+## Responsibility
+
+Below you can refer to a brief description of Argo CD components and
+its main responsibilities.
+
+### Webapp
+
+Argo CD ships with a powerful web interface that allows managing
+applications deployed in a given Kubernetes cluster.
+
+### CLI
+
+Argo CD provides a CLI that can be used by users to interact with Argo
+CD API. The CLI can also be used for automation and scripting.
+
+### API Server
+
+Defines the proprietary API exposed by Argo CD that powers the Webapp
+and the CLI functionalities.
+
+### Application Controller
+
+The Application Controller is responsible for reconciling the
+Application resource in Kubernetes syncronizing the desired
+application state (provided in Git) with the live state (in
+Kubernetes). The Application Controller is also responsible for
+reconciling the Project resource.
+
+### ApplicationSet Controller
+
+The ApplicationSet Controller is responsible for reconciling the
+ApplicationSet resource.
+
+### Repo Server
+
+Repo Server plays an important role in Argo CD architecture as it is
+responsible for interacting with the Git repository to generate the
+desired state for all Kubernetes resources that belongs to a given
+application.
+
+### Redis
+
+Redis is used by Argo CD to provide a cache layer reducing requests
+sent to the Kube API as well as to the Git provider. It also supports
+a few UI operations.
+
+### Kube API
+
+Argo CD controllers will connect to the Kubernetes API in order to run
+the reconciliation loop.
+
+### Git
+
+As a gitops tool Argo CD requires that the desired state of the
+Kubernetes resources to be provided in a Git repository.
+
+We use "git" here to stand in for an actual git repo, a Helm repo,
+or an OCI artifact repo. Argo CD supports all those options.
+
+### Dex
+
+Argo CD relies on Dex to provide authentication with external OIDC
+providers. However other tools can be used instead of Dex. Check the
+[user management
+documentation](../../operator-manual/user-management/index.md) for
+more details.
+
+

docs/developer-guide/toolchain-guide.md

@@ -53,7 +53,7 @@ The following read will help you to submit a PR that meets the standards of our
 
 Please use a meaningful and concise title for your PR. This will help us to pick PRs for review quickly, and the PR title will also end up in the Changelog.
 
-We use the [Semantic PR title checker](https://github.com/zeke/semantic-pull-requests) to categorize your PR into one of the following categories:
+We use [PR title checker](https://github.com/marketplace/actions/pr-title-checker) to categorize your PR into one of the following categories:
 
 * `fix` - Your PR contains one or more code bug fixes
 * `feat` - Your PR contains a new feature
@@ -157,9 +157,9 @@ Make sure you fulfill the pre-requisites above and run some preliminary tests. N
 * Run `docker version`
 * Run `go version`
 
-### Build (or pull) the required Docker image
+### Build the required Docker image
 
-Build the required Docker image by running `make test-tools-image` or pull the latest version by issuing `docker pull argoproj/argocd-test-tools`.
+Build the required Docker image by running `make test-tools-image`. This image offers the environment of the virtualized toolchain.
 
 The `Dockerfile` used to build these images can be found at `test/container/Dockerfile`.
 

docs/operator-manual/application.yaml

@@ -152,7 +152,12 @@ spec:
     # name: in-cluster
     # The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
     namespace: guestbook
-
+    
+  # Extra information to show in the Argo CD Application details tab
+  info:
+    - name: 'Example:'
+      value: 'https://example.com'
+      
   # Sync policy
   syncPolicy:
     automated: # automated sync by default retries failed attempts 5 times with following delays between attempts ( 5s, 10s, 20s, 40s, 80s ); retry controlled using `retry` field.

docs/operator-manual/applicationset/Generators-Pull-Request.md

@@ -274,6 +274,7 @@ spec:
 * `branch_slug`: The branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters.
 * `head_sha`: This is the SHA of the head of the pull request.
 * `head_short_sha`: This is the short SHA of the head of the pull request (8 characters long or the length of the head SHA if it's shorter).
+* `head_short_sha_7`: This is the short SHA of the head of the pull request (7 characters long or the length of the head SHA if it's shorter).
 * `labels`: The array of pull request labels. (Supported only for Go Template ApplicationSet manifests.)
 
 ## Webhook Configuration

docs/operator-manual/applicationset/Generators-SCM-Provider.md

@@ -319,5 +319,6 @@ spec:
 * `branch`: The default branch of the repository.
 * `sha`: The Git commit SHA for the branch.
 * `short_sha`: The abbreviated Git commit SHA for the branch (8 chars or the length of the `sha` if it's shorter).
+* `short_sha_7`: The abbreviated Git commit SHA for the branch (7 chars or the length of the `sha` if it's shorter).
 * `labels`: A comma-separated list of repository labels.
 * `branchNormalized`: The value of `branch` normalized to contain only lowercase alphanumeric characters, '-' or '.'.

docs/operator-manual/core.md

@@ -0,0 +1,99 @@
+# Argo CD Core
+
+## Introduction
+
+Argo CD Core is a different installation that runs Argo CD in headless
+mode. With this installation, you will have a fully functional GitOps
+engine capable of getting the desired state from Git repositories and
+applying it in Kubernetes.
+
+The following groups of features won't be available in this
+installation:
+
+- Argo CD RBAC model
+- Argo CD API
+- OIDC based authentication
+
+The following features will be partially available (see the
+[usage](#using) section below for more details):
+
+- Argo CD Web UI
+- Argo CD CLI
+- Multi-tenancy (strictly GitOps based on git push permissions)
+
+A few use-cases that justify running Argo CD Core are:
+
+- As a cluster admin, I want to rely on Kubernetes RBAC only.
+- As a devops engineer, I don't want to learn a new API or depend on
+  another CLI to automate my deployments. I want instead rely in
+  Kubernetes API only.
+- As a cluster admin, I don't want to provide Argo CD UI or Argo CD
+  CLI to developers.
+
+## Architecture
+
+Because Argo CD is designed with a component based architecture in
+mind, it is possible to have a more minimalist installation. In this
+case fewer components are installed and yet the main GitOps
+functionality remains operational.
+
+In the diagram below, the Core box, shows the components that will be
+installed while opting for Argo CD Core:
+
+![Argo CD Core](../assets/argocd-core-components.png)
+
+Note that even if the Argo CD controller can run without Redis, it
+isn't recommended. The Argo CD controller uses Redis as an important
+caching mechanism reducing the load on Kube API and in Git. For this
+reason, Redis is also included in this installation method.
+
+## Installing
+
+Argo CD Core can be installed by applying a single manifest file that
+contains all the required resources.
+
+Example:
+
+```
+export ARGOCD_VERSION=<desired argo cd release version (e.g. v2.7.0)>
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/$ARGOCD_VERSION/manifests/core-install.yaml
+```
+
+## Using
+
+Once Argo CD Core is installed, users will be able to interact with it
+by relying on GitOps. The available Kubernetes resources will be the
+`Application` and the `ApplicationSet` CRDs. By using those resources,
+users will be able to deploy and manage applications in Kubernetes.
+
+It is still possible to use Argo CD CLI even when running Argo CD
+Core. In this case, the CLI will spawn a local API server process that
+will be used to handle the CLI command. Once the command is concluded,
+the local API Server process will also be terminated. This happens
+transparently for the user with no additional command required. Note
+that Argo CD Core will rely only on Kubernetes RBAC and the user (or
+the process) invoking the CLI needs to have access to the Argo CD
+namespace with the proper permission in the `Application` and
+`ApplicationSet` resources for executing a given command.
+
+To use Argo CD CLI in core mode, it is required to pass the `--core`
+flag with the `login` subcommand.
+
+Example:
+
+```bash
+kubectl config set-context --current --namespace=argocd # change current kube context to argocd namespace
+argocd login --core
+```
+
+Similarly, users can also run the Web UI locally if they prefer to
+interact with Argo CD using this method. The Web UI can be started
+locally by running the following command:
+
+```
+argocd admin dashboard -n argocd
+```
+
+Argo CD Web UI will be available at `http://localhost:8080`
+

docs/operator-manual/installation.md

@@ -48,19 +48,17 @@ High Availability installation is recommended for production use. This bundle in
 
 ## Core
 
-The core installation is most suitable for cluster administrators who independently use Argo CD and don't need multi-tenancy features. This installation
-includes fewer components and is easier to setup. The bundle does not include the API server or UI, and installs the lightweight (non-HA) version of each component.
+The Argo CD Core installation is primarily used to deploy Argo CD in
+headless mode. This type of installation is most suitable for cluster
+administrators who independently use Argo CD and don't need
+multi-tenancy features. This installation includes fewer components
+and is easier to setup. The bundle does not include the API server or
+UI, and installs the lightweight (non-HA) version of each component.
 
-The end-users need Kubernetes access to manage Argo CD. The `argocd` CLI has to be configured using the following commands:
+Installation manifest is available at [core-install.yaml](https://github.com/argoproj/argo-cd/blob/master/manifests/core-install.yaml).
 
-```bash
-kubectl config set-context --current --namespace=argocd # change current kube context to argocd namespace
-argocd login --core
-```
-
-The Web UI is also available and can be started using the `argocd admin dashboard` command.
-
-Installation manifests are available at [core-install.yaml](https://github.com/argoproj/argo-cd/blob/master/manifests/core-install.yaml).
+For more details about Argo CD Core please refer to the [official
+documentation](./core.md)
 
 ## Kustomize
 
@@ -77,6 +75,9 @@ resources:
 - github.com/argoproj/argo-cd/manifests/ha?ref=v2.6.2
 ```
 
+For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml)
+used to deploy the [Argoproj CI/CD infrastructure](https://github.com/argoproj/argoproj-deployments#argoproj-deployments).
+
 ## Helm
 
 The Argo CD can be installed using [Helm](https://helm.sh/). The Helm chart is currently community maintained and available at
@@ -97,4 +98,4 @@ For example if the latest minor version of ArgoCD are 2.4.3 and 2.3.5  while sup
 * Argo CD 2.4.3 on Kubernetes 1.22
 * Argo CD 2.3.5 on Kubernetes 1.24
 * Argo CD 2.3.5 on Kubernetes 1.23
-* Argo CD 2.3.5 on Kubernetes 1.22
+* Argo CD 2.3.5 on Kubernetes 1.22

docs/operator-manual/rbac.md

@@ -66,7 +66,7 @@ See [Web-based Terminal](web_based_terminal.md) for more info.
 
 #### The `applicationsets` resource
 
-[ApplicationSets](applicationset) provide a declarative way to automatically create/update/delete Applications.
+[ApplicationSets](applicationset/index.md) provide a declarative way to automatically create/update/delete Applications.
 
 Granting `applicationsets, create` effectively grants the ability to create Applications. While it doesn't allow the 
 user to create Applications directly, they can create Applications via an ApplicationSet.
@@ -143,6 +143,10 @@ data:
     p, role:org-admin, repositories, create, *, allow
     p, role:org-admin, repositories, update, *, allow
     p, role:org-admin, repositories, delete, *, allow
+    p, role:org-admin, projects, get, *, allow
+    p, role:org-admin, projects, create, *, allow
+    p, role:org-admin, projects, update, *, allow
+    p, role:org-admin, projects, delete, *, allow
     p, role:org-admin, logs, get, *, allow
     p, role:org-admin, exec, create, */*, allow
 

docs/operator-manual/upgrading/2.6-2.7.md

@@ -58,7 +58,7 @@ The manifests are now using [`tini` as entrypoint][3], instead of `entrypoint.sh
 
 ## Deep Links template updates
 
-Deep Links now allow you to access other values like `cluster`, `project`, `application` and `resource` in the url and condition templates for specific categories of links. 
+Deep Links now allow you to access other values like `cluster`, `project`, `application` and `resource` in the url and condition templates for specific categories of links.
 The templating syntax has also been updated to be prefixed with the type of resource you want to access for example previously if you had a `resource.links` config like :
 ```yaml
   resource.links: |
@@ -75,3 +75,18 @@ This would become :
 ```
 
 Read the full [documentation](../deep_links.md) to see all possible combinations of values accessible fo each category of links.
+
+## Support of `helm.sh/resource-policy` annotation
+
+Argo CD now supports the `helm.sh/resource-policy` annotation to control the deletion of resources. The behavior is the same as the behavior of
+`argocd.argoproj.io/sync-options: Delete=false` annotation: if the annotation is present and set to `keep`, the resource will not be deleted
+when the application is deleted.
+
+## Check your Kustomize patches for `--redis` changes
+
+Starting in Argo CD 2.7, the install manifests no longer pass the Redis server name via `--redis`. 
+
+If your environment uses Kustomize JSON patches to modify the Redis server name, the patch might break when you upgrade
+to the 2.7 manifests. If it does, you can remove the patch and instead set the Redis server name via the `redis.server` 
+field in the argocd-cmd-params-cm ConfigMap. That value will be passed to the necessary components via `valueFrom` 
+environment variables.

docs/snyk/index.md

@@ -15,48 +15,61 @@ recent minor releases.
 |---:|:--------:|:----:|:------:|:---:|
 | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 |
 | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 |
-| [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 |
-| [haproxy:2.6.9-alpine](master/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 14 |
-| [redis:7.0.9-alpine](master/redis_7.0.9-alpine.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 |
+| [haproxy:2.6.9-alpine](master/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 19 |
+| [redis:7.0.9-alpine](master/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.6.6
+### v2.7.0-rc2
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.6.6/argocd-test.html) | 0 | 0 | 0 | 0 |
-| [ui/yarn.lock](v2.6.6/argocd-test.html) | 0 | 0 | 0 | 0 |
-| [dex:v2.35.3](v2.6.6/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 |
-| [haproxy:2.6.9-alpine](v2.6.6/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.6.6](v2.6.6/quay.io_argoproj_argocd_v2.6.6.html) | 0 | 0 | 0 | 14 |
-| [redis:7.0.8-alpine](v2.6.6/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.6.6/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.6.6/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [ui/yarn.lock](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.36.0](v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 |
+| [haproxy:2.6.9-alpine](v2.7.0-rc2/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 |
+| [argocd:v2.7.0-rc2](v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html) | 0 | 0 | 0 | 19 |
+| [redis:7.0.9-alpine](v2.7.0-rc2/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 |
+| [install.yaml](v2.7.0-rc2/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.7.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.5.15
+### v2.6.7
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.5.15/argocd-test.html) | 0 | 0 | 2 | 0 |
-| [ui/yarn.lock](v2.5.15/argocd-test.html) | 0 | 0 | 4 | 0 |
-| [dex:v2.35.3](v2.5.15/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 |
-| [haproxy:2.6.9-alpine](v2.5.15/haproxy_2.6.9-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.5.15](v2.5.15/quay.io_argoproj_argocd_v2.5.15.html) | 0 | 0 | 0 | 14 |
-| [redis:7.0.8-alpine](v2.5.15/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.5.15/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.5.15/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [ui/yarn.lock](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.35.3](v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 |
+| [haproxy:2.6.9-alpine](v2.6.7/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 |
+| [argocd:v2.6.7](v2.6.7/quay.io_argoproj_argocd_v2.6.7.html) | 0 | 0 | 0 | 19 |
+| [redis:7.0.8-alpine](v2.6.7/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 |
+| [install.yaml](v2.6.7/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.6.7/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.4.27
+### v2.5.16
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.4.27/argocd-test.html) | 0 | 0 | 2 | 0 |
-| [ui/yarn.lock](v2.4.27/argocd-test.html) | 0 | 0 | 4 | 0 |
-| [dex:v2.35.3](v2.4.27/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 3 | 1 | 0 |
-| [haproxy:2.0.31-alpine](v2.4.27/haproxy_2.0.31-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.4.27](v2.4.27/quay.io_argoproj_argocd_v2.4.27.html) | 0 | 0 | 0 | 14 |
-| [redis:7.0.8-alpine](v2.4.27/redis_7.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.4.27/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.4.27/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.5.16/argocd-test.html) | 0 | 0 | 2 | 0 |
+| [ui/yarn.lock](v2.5.16/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [dex:v2.35.3](v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 |
+| [haproxy:2.6.9-alpine](v2.5.16/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 |
+| [argocd:v2.5.16](v2.5.16/quay.io_argoproj_argocd_v2.5.16.html) | 0 | 0 | 0 | 19 |
+| [redis:7.0.8-alpine](v2.5.16/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 |
+| [install.yaml](v2.5.16/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.5.16/argocd-iac-namespace-install.html) | - | - | - | - |
+
+### v2.4.28
+
+|    | Critical | High | Medium | Low |
+|---:|:--------:|:----:|:------:|:---:|
+| [go.mod](v2.4.28/argocd-test.html) | 0 | 0 | 2 | 0 |
+| [ui/yarn.lock](v2.4.28/argocd-test.html) | 0 | 0 | 4 | 0 |
+| [dex:v2.35.3](v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 |
+| [haproxy:2.0.31-alpine](v2.4.28/haproxy_2.0.31-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.4.28](v2.4.28/quay.io_argoproj_argocd_v2.4.28.html) | 0 | 0 | 0 | 19 |
+| [redis:7.0.8-alpine](v2.4.28/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 |
+| [install.yaml](v2.4.28/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.4.28/argocd-iac-namespace-install.html) | - | - | - | - |

docs/snyk/master/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:18:26 am</p>
+                <p class="timestamp">April 16th 2023, 12:17:00 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -507,7 +507,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15319
+                              Line number: 16324
                           </li>
                       </ul>
               
@@ -553,7 +553,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15396
+                              Line number: 16401
                           </li>
                       </ul>
               
@@ -599,7 +599,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15424
+                              Line number: 16429
                           </li>
                       </ul>
               
@@ -645,7 +645,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15472
+                              Line number: 16477
                           </li>
                       </ul>
               
@@ -691,7 +691,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15454
+                              Line number: 16459
                           </li>
                       </ul>
               
@@ -737,7 +737,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15488
+                              Line number: 16493
                           </li>
                       </ul>
               
@@ -789,7 +789,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16512
+                              Line number: 17517
                           </li>
                       </ul>
               
@@ -847,7 +847,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15969
+                              Line number: 16974
                           </li>
                       </ul>
               
@@ -905,7 +905,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16141
+                              Line number: 17146
                           </li>
                       </ul>
               
@@ -963,7 +963,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16107
+                              Line number: 17112
                           </li>
                       </ul>
               
@@ -1021,7 +1021,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16201
+                              Line number: 17206
                           </li>
                       </ul>
               
@@ -1079,7 +1079,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16275
+                              Line number: 17280
                           </li>
                       </ul>
               
@@ -1137,7 +1137,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16512
+                              Line number: 17517
                           </li>
                       </ul>
               
@@ -1195,7 +1195,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16334
+                              Line number: 17339
                           </li>
                       </ul>
               
@@ -1253,7 +1253,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16597
+                              Line number: 17602
                           </li>
                       </ul>
               
@@ -1311,7 +1311,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16901
+                              Line number: 17906
                           </li>
                       </ul>
               
@@ -1363,7 +1363,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16121
+                              Line number: 17126
                           </li>
                       </ul>
               
@@ -1419,7 +1419,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16288
+                              Line number: 17293
                           </li>
                       </ul>
               
@@ -1471,7 +1471,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15969
+                              Line number: 16974
                           </li>
                       </ul>
               
@@ -1523,7 +1523,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16107
+                              Line number: 17112
                           </li>
                       </ul>
               
@@ -1575,7 +1575,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16141
+                              Line number: 17146
                           </li>
                       </ul>
               
@@ -1627,7 +1627,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16275
+                              Line number: 17280
                           </li>
                       </ul>
               
@@ -1679,7 +1679,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16512
+                              Line number: 17517
                           </li>
                       </ul>
               
@@ -1737,7 +1737,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 15969
+                              Line number: 16974
                           </li>
                       </ul>
               
@@ -1795,7 +1795,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16107
+                              Line number: 17112
                           </li>
                       </ul>
               
@@ -1853,7 +1853,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16141
+                              Line number: 17146
                           </li>
                       </ul>
               
@@ -1911,7 +1911,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16201
+                              Line number: 17206
                           </li>
                       </ul>
               
@@ -1969,7 +1969,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16275
+                              Line number: 17280
                           </li>
                       </ul>
               
@@ -2027,7 +2027,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16512
+                              Line number: 17517
                           </li>
                       </ul>
               
@@ -2085,7 +2085,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16334
+                              Line number: 17339
                           </li>
                       </ul>
               
@@ -2143,7 +2143,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16597
+                              Line number: 17602
                           </li>
                       </ul>
               
@@ -2201,7 +2201,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16901
+                              Line number: 17906
                           </li>
                       </ul>
               
@@ -2257,7 +2257,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16044
+                              Line number: 17049
                           </li>
                       </ul>
               
@@ -2313,7 +2313,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16149
+                              Line number: 17154
                           </li>
                       </ul>
               
@@ -2369,7 +2369,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16124
+                              Line number: 17129
                           </li>
                       </ul>
               
@@ -2425,7 +2425,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16209
+                              Line number: 17214
                           </li>
                       </ul>
               
@@ -2481,7 +2481,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16288
+                              Line number: 17293
                           </li>
                       </ul>
               
@@ -2537,7 +2537,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16519
+                              Line number: 17524
                           </li>
                       </ul>
               
@@ -2593,7 +2593,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16485
+                              Line number: 17490
                           </li>
                       </ul>
               
@@ -2649,7 +2649,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 16811
+                              Line number: 17816
                           </li>
                       </ul>
               
@@ -2705,7 +2705,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 17037
+                              Line number: 18048
                           </li>
                       </ul>
               

docs/snyk/master/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:18:41 am</p>
+                <p class="timestamp">April 16th 2023, 12:17:12 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2705,7 +2705,7 @@
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1702
+                              Line number: 1708
                           </li>
                       </ul>
               

docs/snyk/master/argocd-test.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:16:00 am</p>
+                <p class="timestamp">April 16th 2023, 12:14:42 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html

@@ -0,0 +1,908 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 21 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:14:59 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)</li><li class="paths">ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)</li><li class="paths">ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)</li><li class="paths">ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>21 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>760</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.36.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

docs/snyk/master/haproxy_2.6.9-alpine.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:16:21 am</p>
+                <p class="timestamp">April 16th 2023, 12:15:07 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>18</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -484,7 +484,498 @@
           </table>
       </section>
     <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
     </div>
   </main><!-- .layout-stacked__content -->
 </body>

docs/snyk/master/quay.io_argoproj_argocd_latest.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="16 known vulnerabilities found in 83 vulnerable dependency paths.">
+  <meta name="description" content="21 known vulnerabilities found in 112 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:16:48 am</p>
+                <p class="timestamp">April 16th 2023, 12:15:31 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>83 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>21</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>112 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2065</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -780,6 +780,8 @@
         <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
         <li><a href="http://openwall.com/lists/oss-security/2017/07/11/3">OSS security Advisory</a></li>
         <li><a href="http://www.securityfocus.com/bid/99575">Security Focus</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2023/04/11/1">cve@mitre.org</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2023/04/12/1">cve@mitre.org</a></li>
         </ul>
         
               <hr/>
@@ -1022,7 +1024,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.34.1-1ubuntu1.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.8
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.9.6-2build1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1083,7 +1085,7 @@
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
-        <p>If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling either </code>X509_VERIFY_PARAM_add0_policy()&#39; or `X509_VERIFY_PARAM_set1_policies()&#39; functions.</p>
+        <p>If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssl</code>.</p>
         <h2 id="references">References</h2>
@@ -1099,6 +1101,553 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3167951">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libssl3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.10.0-1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.34.1-1ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.9.6-2build1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0464">ADVISORY</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3368847">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libssl3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.10.0-1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.34.1-1ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.9.6-2build1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0466">ADVISORY</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-5296052">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libssl3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.10.0-1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.34.1-1ubuntu1.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.9.6-2build1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.118ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.8.1-2ubuntu2.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.4.0-11ubuntu2.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libnsl/libnsl2@1.3.0-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.19.2-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20211016ubuntu0.22.04.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.2-0ubuntu1.8
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0465">ADVISORY</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-5296082">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Improper Privilege Management</h2>
@@ -1251,6 +1800,74 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSH-2792745">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2023-28531</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssh/openssh-client
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:8.9p1-3ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssh</code> package and not the <code>openssh</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
+        <p>ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssh</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-28531">ADVISORY</a></li>
+        <li><a href="https://www.openwall.com/lists/oss-security/2023/03/15/8">cve@mitre.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230413-0008/">cve@mitre.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSH-3367022">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Out-of-bounds Read</h2>
@@ -1513,6 +2130,75 @@
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-NCURSES-2801048">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Resource Exhaustion</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libzstd/libzstd1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        meta-common-packages@meta
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libzstd/libzstd1@1.4.8+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libzstd</code> package and not the <code>libzstd</code> package as distributed by <code>Ubuntu:22.04</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:22.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>libzstd</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4899">ADVISORY</a></li>
+        <li><a href="https://github.com/facebook/zstd/issues/3200">secalert@redhat.com</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-LIBZSTD-3368800">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Integer Overflow or Wraparound</h2>
@@ -1656,7 +2342,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.34.1-1ubuntu1.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.8
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
                                          <span class="list-paths__item__arrow">›</span> 
                                         krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1
                                         
@@ -1669,7 +2355,7 @@
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.34.1-1ubuntu1.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.8
+                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.10
                                          <span class="list-paths__item__arrow">›</span> 
                                         libssh/libssh-4@0.9.6-2build1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2102,6 +2788,7 @@
         <li><a href="https://dev.gnupg.org/D556">secalert@redhat.com</a></li>
         <li><a href="https://dev.gnupg.org/T5993">secalert@redhat.com</a></li>
         <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">secalert@redhat.com</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">secalert@redhat.com</a></li>
         </ul>
         
               <hr/>

docs/snyk/master/redis_7.0.9-alpine.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:16:56 am</p>
+                <p class="timestamp">April 16th 2023, 12:15:38 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>18</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -484,7 +484,498 @@
           </table>
       </section>
     <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230301.015803
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
     </div>
   </main><!-- .layout-stacked__content -->
 </body>

docs/snyk/v2.4.27/redis_7.0.8-alpine.html

@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">March 19th 2023, 12:24:43 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">redis:7.0.8-alpine (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.8-alpine</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.4.28/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:25:38 am</p>
+                <p class="timestamp">April 16th 2023, 12:26:06 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.4.28/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:25:49 am</p>
+                <p class="timestamp">April 16th 2023, 12:26:16 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.4.28/argocd-test.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:23:59 am</p>
+                <p class="timestamp">April 16th 2023, 12:24:39 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="9 known vulnerabilities found in 37 vulnerable dependency paths.">
+  <meta name="description" content="11 known vulnerabilities found in 51 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:24:08 am</p>
+                <p class="timestamp">April 16th 2023, 12:24:47 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>37 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>51 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>756</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -732,6 +732,8 @@
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig">openssl-security@openssl.org</a></li>
         </ul>
         
               <hr/>
@@ -873,6 +875,140 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3368756">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
             <h2 class="card__title">Denial of Service (DoS)</h2>
@@ -1180,6 +1316,148 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314623">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-5291792">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Input Validation</h2>

docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:24:15 am</p>
+                <p class="timestamp">April 16th 2023, 12:24:53 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>

docs/snyk/v2.4.28/redis_7.0.8-alpine.html

@@ -0,0 +1,983 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:25:18 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">redis:7.0.8-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.8-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

docs/snyk/v2.5.15/haproxy_2.6.9-alpine.html

@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">March 19th 2023, 12:21:56 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">haproxy:2.6.9-alpine (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.6.9-alpine</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.5.16/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:23:26 am</p>
+                <p class="timestamp">April 16th 2023, 12:24:11 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.5.16/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:23:39 am</p>
+                <p class="timestamp">April 16th 2023, 12:24:21 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.5.16/argocd-test.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:21:43 am</p>
+                <p class="timestamp">April 16th 2023, 12:22:40 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="9 known vulnerabilities found in 37 vulnerable dependency paths.">
+  <meta name="description" content="11 known vulnerabilities found in 51 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:16:14 am</p>
+                <p class="timestamp">April 16th 2023, 12:22:49 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>37 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>51 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>756</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -732,6 +732,8 @@
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig">openssl-security@openssl.org</a></li>
         </ul>
         
               <hr/>
@@ -873,6 +875,140 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3368756">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
             <h2 class="card__title">Denial of Service (DoS)</h2>
@@ -1180,6 +1316,148 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314623">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-5291792">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Input Validation</h2>

docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html

@@ -0,0 +1,983 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:22:53 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">haproxy:2.6.9-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.6.9-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

docs/snyk/v2.5.16/redis_7.0.8-alpine.html

@@ -0,0 +1,983 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:23:19 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">redis:7.0.8-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.8-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

docs/snyk/v2.6.6/haproxy_2.6.9-alpine.html

@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">March 19th 2023, 12:19:09 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">haproxy:2.6.9-alpine (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.6.9-alpine</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.6.6/redis_7.0.8-alpine.html

@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">March 19th 2023, 12:19:42 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">redis:7.0.8-alpine (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.8-alpine</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>

docs/snyk/v2.6.7/argocd-iac-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:21:11 am</p>
+                <p class="timestamp">April 16th 2023, 12:22:08 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.6.7/argocd-iac-namespace-install.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:21:23 am</p>
+                <p class="timestamp">April 16th 2023, 12:22:20 am</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>

docs/snyk/v2.6.7/argocd-test.html

@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:18:56 am</p>
+                <p class="timestamp">April 16th 2023, 12:20:00 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>

docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html

@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="9 known vulnerabilities found in 37 vulnerable dependency paths.">
+  <meta name="description" content="11 known vulnerabilities found in 51 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">March 19th 2023, 12:19:04 am</p>
+                <p class="timestamp">April 16th 2023, 12:20:10 am</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -466,8 +466,8 @@
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>37 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>51 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>756</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -732,6 +732,8 @@
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658">openssl-security@openssl.org</a></li>
         <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig">openssl-security@openssl.org</a></li>
         </ul>
         
               <hr/>
@@ -873,6 +875,140 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3368756">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
             <h2 class="card__title">Denial of Service (DoS)</h2>
@@ -1180,6 +1316,148 @@
                 <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314623">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.16
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto1.1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.9-r3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|ghcr.io/dexidp/dex@v2.35.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl1.1@1.1.1q-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.16</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.16</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.16</code> <code>openssl</code> to version 1.1.1t-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-5291792">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Input Validation</h2>

docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html

@@ -0,0 +1,983 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:20:15 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">haproxy:2.6.9-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.6.9-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .haproxy-rundeps@20230214.193603
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|haproxy@2.6.9-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

docs/snyk/v2.6.7/redis_7.0.8-alpine.html

@@ -0,0 +1,983 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="3 known vulnerabilities found in 27 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #4b45a9;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">April 16th 2023, 12:20:50 am</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">redis:7.0.8-alpine (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>27 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:7.0.8-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230322.txt">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>Applications that use a non-default option when verifying certificates may be
+        vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
+        <p>Invalid certificate policies in leaf certificates are silently ignored by
+        OpenSSL and other certificate policy checks are skipped for that certificate.
+        A malicious CA could use this to deliberately assert invalid certificate policies
+        in order to circumvent policy checking on the certificate altogether.</p>
+        <p>Policy processing is disabled by default but can be enabled by passing
+        the <code>-policy&amp;#39; argument to the command line utilities or by calling the </code>X509_VERIFY_PARAM_set1_policies()&#39; function.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5291795">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: alpine:3.17
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libcrypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libcrypto3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        .redis-rundeps@20230211.132806
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apk-tools/apk-tools@2.12.10-r1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|redis@7.0.8-alpine
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        busybox/ssl_client@1.35.0-r29
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3@3.0.8-r0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine:3.17</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Alpine:3.17</code> relevant fixed versions and status.</em></p>
+        <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
+        implicitly enable the certificate policy check when doing certificate
+        verification. However the implementation of the function does not
+        enable the check which allows certificates with invalid or incorrect
+        policies to pass the certificate verification.</p>
+        <p>As suddenly enabling the policy check could break existing deployments it was
+        decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
+        function.</p>
+        <p>Instead the applications that require OpenSSL to perform certificate
+        policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
+        enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
+        the X509_V_FLAG_POLICY_CHECK flag argument.</p>
+        <p>Certificate policy checks are disabled by default in OpenSSL and are not
+        commonly used by applications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Alpine:3.17</code> <code>openssl</code> to version 3.0.8-r3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72">openssl-security@openssl.org</a></li>
+        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061">openssl-security@openssl.org</a></li>
+        <li><a href="https://www.openssl.org/news/secadv/20230328.txt">openssl-security@openssl.org</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230414-0001/">openssl-security@openssl.org</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5296043">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>