Skip to content

Merge Vulnerabilities and Findings, add Confidence and Severity to Findings #2620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 372 commits into from
Closed

Merge Vulnerabilities and Findings, add Confidence and Severity to Findings #2620

wants to merge 372 commits into from

Conversation

@liquidsec
Copy link
Collaborator

@liquidsec liquidsec commented Aug 20, 2025
edited
Loading

  • Add tests specific to confidence
  • Add more tests dealing with custom yara rules

liquidsec and others added 30 commits August 18, 2025 09:34
@liquidsec
Merge pull request #2602 from blacklanternsecurity/dependabot/pip/dev…
bba594e 
…/pydantic-2.11.7

Bump pydantic from 2.11.5 to 2.11.7
@dependabot
Bump mkdocs-material from 9.6.16 to 9.6.17
e2a09f0 
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.16 to 9.6.17.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.6.16...9.6.17)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-version: 9.6.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump ruff from 0.12.4 to 0.12.9
82da697 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.12.4 to 0.12.9.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.12.4...0.12.9)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.12.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@liquidsec
Merge pull request #2599 from blacklanternsecurity/dependabot/pip/dev…
5a25f5d 
…/cachetools-6.1.0

Bump cachetools from 6.0.0 to 6.1.0
@indeed404
use 429_sleep_interval for subdomaincenter
bffdb8d
@TheTechromancer
remove debugs
ae658a7
@TheTechromancer
bump version
6f34664
@TheTechromancer
remove other debugs
905822c
@TheTechromancer
Merge pull request #2606 from blacklanternsecurity/remove-debug-state…
227f51b 
…ments

Remove debug statements
@liquidsec
Merge pull request #2601 from blacklanternsecurity/dependabot/pip/dev…
67ad71c 
…/ruff-0.12.9

Bump ruff from 0.12.4 to 0.12.9
@liquidsec
Merge pull request #2598 from blacklanternsecurity/dependabot/pip/dev…
4b78c22 
…/puremagic-1.30

Bump puremagic from 1.29 to 1.30
@liquidsec
Merge pull request #2594 from blacklanternsecurity/dependabot/pip/dev…
9ab7a80 
…/mkdocs-material-9.6.17

Bump mkdocs-material from 9.6.16 to 9.6.17
@liquidsec
Merge pull request #2595 from blacklanternsecurity/dependabot/pip/dev…
fd1b1ee 
…/pytest-cov-6.2.1

Bump pytest-cov from 6.1.1 to 6.2.1
@liquidsec
Merge pull request #2590 from blacklanternsecurity/update-trufflehog
254013b 
Update trufflehog to 3.90.5
@liquidsec
Merge pull request #2603 from blacklanternsecurity/dependabot/github_…
c5cab17 
…actions/dev/github-actions-a331d3ec2d

Bump actions/checkout from 4 to 5 in the github-actions group
@dependabot
Bump fastapi from 0.115.12 to 0.116.1
dc9644b 
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.115.12 to 0.116.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.12...0.116.1)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.116.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@liquidsec
Merge pull request #2597 from blacklanternsecurity/dependabot/pip/dev…
0942479 
…/fastapi-0.116.1

Bump fastapi from 0.115.12 to 0.116.1
@liquidsec
Merge pull request #2426 from blacklanternsecurity/update-docs
2902e62 
Automated Docs Update
@dependabot
Bump pytest-asyncio from 0.25.3 to 1.1.0
60f3239 
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 0.25.3 to 1.1.0.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.25.3...v1.1.0)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@liquidsec
Merge pull request #2532 from blacklanternsecurity/dependabot/pip/dev…
d46bfad 
…/pytest-asyncio-1.1.0

Bump pytest-asyncio from 0.25.3 to 1.1.0
@TheTechromancer
helperify git sanitization
4bcc0e1
@liquidsec
tests were not even running?
38bdc18
@TheTechromancer
instead of sanitizing git config, just get rid of it
86e4039
@TheTechromancer
move the index file instead of deleting it
db573a9
@liquidsec
update dnsbimi regex
5d89abc
@liquidsec
better regex
428d438
@TheTechromancer
Merge pull request #2588 from blacklanternsecurity/dev
f8df033 
Dev -> Stable 2.6.1
@liquidsec
better regex again
91600cf
@liquidsec
wtf codeql
bbce296
@liquidsec
ruff format
ba6053f
dependabot bot and others added 27 commits September 8, 2025 05:00
@dependabot
Bump the github-actions group with 4 updates
3cf7079 
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-python](https://github.com/actions/setup-python), [actions/github-script](https://github.com/actions/github-script) and [pypa/gh-action-pypi-publish@release/v1.12](https://github.com/pypa/gh-action-pypi-publish).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `pypa/gh-action-pypi-publish@release/v1.12` from 1.12 to 1.13
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@release/v1.12...release/v1.13)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: pypa/gh-action-pypi-publish@release/v1.12
  dependency-version: '1.13'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@TheTechromancer
Merge pull request #2686 from blacklanternsecurity/dependabot/github_…
f95eca1 
…actions/dev/github-actions-2bfdf8ca82

Bump the github-actions group with 4 updates
@TheTechromancer
Merge pull request #2681 from blacklanternsecurity/dependabot/pip/dev…
9ae9dd9 
…/deepdiff-8.6.1

Bump deepdiff from 8.6.0 to 8.6.1
@TheTechromancer
Merge pull request #2680 from blacklanternsecurity/dependabot/pip/dev…
688b7ec 
…/pytest-8.4.2

Bump pytest from 8.4.1 to 8.4.2
@TheTechromancer
Merge pull request #2679 from blacklanternsecurity/dependabot/pip/dev…
58ecbb6 
…/mkdocs-material-9.6.19

Bump mkdocs-material from 9.6.18 to 9.6.19
@liquidsec
Merge pull request #2683 from blacklanternsecurity/dependabot/pip/dev…
107fb2c 
…/pytest-benchmark-5.1.0

Bump pytest-benchmark from 4.0.0 to 5.1.0
@liquidsec
Merge pull request #2685 from blacklanternsecurity/dependabot/pip/dev…
212be84 
…/setproctitle-1.3.7

Bump setproctitle from 1.3.6 to 1.3.7
@dependabot
Bump pytest-cov from 6.2.1 to 6.3.0
6790598 
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 6.2.1 to 6.3.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v6.2.1...v6.3.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-version: 6.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@TheTechromancer @github-actions
[create-pull-request] automated change
b86568c
@liquidsec
Merge pull request #2684 from blacklanternsecurity/dependabot/pip/dev…
1f103ea 
…/pytest-cov-6.3.0

Bump pytest-cov from 6.2.1 to 6.3.0
@liquidsec
Merge pull request #2677 from blacklanternsecurity/update-docs
4ce929a 
Automated Docs Update
@TheTechromancer
Merge commit from fork
0ede97f 
Better repo sanitization for gitdumper
@TheTechromancer
Merge commit from fork
27253fe 
Unarchive fix
@TheTechromancer
fix tests
93f0731
@TheTechromancer
Merge pull request #2690 from blacklanternsecurity/fix-tests
61894ad 
fix tests
@ausmaster
In the case it short-circuits not response, adjust the self.debug.
c3b8d66
@TheTechromancer
Merge pull request #2691 from blacklanternsecurity/fix-graphql-module
d7885f8 
GraphQL Module Fix - None has no attribute `.status_code`
@TheTechromancer
dnspython bugfix
524e98b
@TheTechromancer
lock?
f25cb18
@TheTechromancer
Merge pull request #2698 from blacklanternsecurity/dns-bugfix
de57be6 
Emergency DNS Bugfix
@TheTechromancer
merge conflicts
e8f2823
@TheTechromancer
fix graphql, aspnet bin
75b15ee
@TheTechromancer
fix iis shortnames
3a67e0c
@TheTechromancer
fix medusa
83a87dc
@TheTechromancer
fix tests
43936a1
@TheTechromancer
Merge pull request #2643 from blacklanternsecurity/3.0-update
28e4603 
Dev -> 3.0 Sync
@liquidsec
vulnerability funeral conflict resolution
ccc672a
@github-actions
Copy link
Contributor

🚀 Performance Benchmark Report

⚠️ No current benchmark data available

This might be because:

  • Benchmarks failed to run
  • No benchmark tests found
  • Dependencies missing

@liquidsec
Copy link
Collaborator Author

closing for #2740

@liquidsec liquidsec closed this Oct 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@liquidsec @indeed404 @TheTechromancer @noob6t5 @blsaccess @GangGreenTemperTatum @ausmaster