google · osv-robot · Apr 25, 2026
diff --git a/cmd/osv-scanner/fix/__snapshots__/command_test.snap b/cmd/osv-scanner/fix/__snapshots__/command_test.snap
@@ -5297,14 +5297,14 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dependencies": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       },
       "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
+        "url": "https://github.com/sponsors/epoberezkin",
+        "type": "github"
       }
     },
     "node_modules/ansi-regex": {
@@ -6233,10 +6233,10 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "requires": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       }
     },
     "ansi-regex": {
@@ -7323,14 +7323,14 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dependencies": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       },
       "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
+        "url": "https://github.com/sponsors/epoberezkin",
+        "type": "github"
       }
     },
     "node_modules/ansi-regex": {
@@ -8259,10 +8259,10 @@ Guided remediation (the fix command) can be risky when run on untrusted projects
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "requires": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       }
     },
     "ansi-regex": {
@@ -9665,14 +9665,14 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dependencies": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       },
       "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
+        "url": "https://github.com/sponsors/epoberezkin",
+        "type": "github"
       }
     },
     "node_modules/ansi-regex": {
@@ -10601,10 +10601,10 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "requires": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       }
     },
     "ansi-regex": {
@@ -11484,14 +11484,14 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dependencies": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       },
       "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
+        "url": "https://github.com/sponsors/epoberezkin",
+        "type": "github"
       }
     },
     "node_modules/ansi-regex": {
@@ -12420,10 +12420,10 @@ UNFIXABLE-VULNS: 8
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
       "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "requires": {
+        "uri-js": "^4.2.2",
         "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
         "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
+        "fast-json-stable-stringify": "^2.0.0"
       }
     },
     "ansi-regex": {

diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
@@ -619,7 +619,7 @@ Scanning local image tarball "./testdata/test-java-full.tar"
 
 
 Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image):
-Total 26 packages affected by 91 known vulnerabilities (3 Critical, 41 High, 40 Medium, 4 Low, 3 Unknown) from 2 ecosystems.
+Total 26 packages affected by 91 known vulnerabilities (4 Critical, 42 High, 40 Medium, 4 Low, 1 Unknown) from 2 ecosystems.
 91 vulnerabilities can be fixed.
 
 
@@ -864,7 +864,7 @@ Scanning local image tarball "./testdata/test-package-tracing.tar"
 
 
 Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image):
-Total 10 packages affected by 265 known vulnerabilities (1 Critical, 13 High, 13 Medium, 2 Low, 236 Unknown) from 2 ecosystems.
+Total 10 packages affected by 265 known vulnerabilities (2 Critical, 14 High, 13 Medium, 2 Low, 234 Unknown) from 2 ecosystems.
 265 vulnerabilities can be fixed.
 
 
@@ -3317,10 +3317,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 7,
           "vulnerabilities": [
-            "USN-8005-1",
             "USN-7259-1",
             "USN-7541-1",
             "USN-7760-1",
+            "USN-8005-1",
             "UBUNTU-CVE-2016-20013",
             "UBUNTU-CVE-2025-0395",
             "UBUNTU-CVE-2025-15281",
@@ -3345,10 +3345,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 7,
           "vulnerabilities": [
-            "USN-8005-1",
             "USN-7259-1",
             "USN-7541-1",
             "USN-7760-1",
+            "USN-8005-1",
             "UBUNTU-CVE-2016-20013",
             "UBUNTU-CVE-2025-0395",
             "UBUNTU-CVE-2025-15281",
@@ -3447,8 +3447,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -3470,8 +3470,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -3493,8 +3493,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -3516,8 +3516,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -4368,10 +4368,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 7,
           "vulnerabilities": [
-            "USN-8005-1",
             "USN-7259-1",
             "USN-7541-1",
             "USN-7760-1",
+            "USN-8005-1",
             "UBUNTU-CVE-2016-20013",
             "UBUNTU-CVE-2025-0395",
             "UBUNTU-CVE-2025-15281",
@@ -4396,10 +4396,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 7,
           "vulnerabilities": [
-            "USN-8005-1",
             "USN-7259-1",
             "USN-7541-1",
             "USN-7760-1",
+            "USN-8005-1",
             "UBUNTU-CVE-2016-20013",
             "UBUNTU-CVE-2025-0395",
             "UBUNTU-CVE-2025-15281",
@@ -4498,8 +4498,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -4521,8 +4521,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -4544,8 +4544,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",
@@ -4567,8 +4567,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
           },
           "groups": 4,
           "vulnerabilities": [
-            "USN-7314-1",
             "USN-7257-1",
+            "USN-7314-1",
             "USN-7542-1",
             "UBUNTU-CVE-2018-5709",
             "UBUNTU-CVE-2024-26458",