Merge branch 'main' into feat/add-support-cvssv4

Author: JigyasuRajput

Diff for: .github/actions/spelling/allow.txt

@@ -15,6 +15,7 @@ apcupsd
 api
 apk
 apparmor
+apr
 ares
 argparse
 Args
@@ -54,6 +55,7 @@ blog
 bluetooth
 bluetoothctl
 bluez
+boa
 boinc
 bolt
 boot
@@ -69,6 +71,7 @@ bwm
 bzip
 c
 cabextract
+cairo
 capnproto
 cbt
 CDNs
@@ -77,6 +80,7 @@ ceph
 cfa
 cfea
 cff
+cflow
 chaitanyamogal
 Changelog
 charset
@@ -86,11 +90,13 @@ chris
 chrony
 civetweb
 clamav
+clang
 cleartext
 clnt
 cmdline
 codebase
 codecov
+codespell
 collectd
 commons
 compress
@@ -149,6 +155,7 @@ dio
 Dio
 distro
 distros
+djvulibre
 dlt
 dmidecode
 dnsmasq
@@ -221,6 +228,7 @@ ftp
 ftpd
 fuzzer
 g
+GAAD
 GAD
 gawk
 gcc
@@ -259,9 +267,11 @@ gpsd
 graphicsmagick
 grep
 grub
+gsasl
 GSo
 gsoc
 gstreamer
+guile
 gupnp
 gvfs
 gzip
@@ -291,9 +301,13 @@ i
 icecast
 icu
 ikeydoherty
+imagemagick
 img
 imgur
 imsahil
+inclusivity
+indent
+inetutils
 INI
 inosmeet
 iperf
@@ -312,6 +326,7 @@ jacksondatabind
 janus
 jasper
 javascript
+jbig
 jdk
 jerinjtitus
 jhead
@@ -338,6 +353,7 @@ libass
 libbluetooth
 libbpg
 libc
+libcap
 libcoap
 libconfuse
 libcurl
@@ -357,6 +373,7 @@ libinput
 libjpeg
 libksba
 liblas
+liblouis
 libmatroska
 libmemcached
 libmicrohttpd
@@ -368,6 +385,8 @@ libpng
 libprotobuf
 libraryname
 libraw
+libreoffice
+libreswan
 librsvg
 librsync
 libsamplerate
@@ -393,6 +412,7 @@ libvpx
 libxml
 libxslt
 libyaml
+libyang
 lifecycle
 lighttpd
 linode
@@ -408,6 +428,7 @@ luajit
 lxc
 lynx
 lz
+lzo
 mailx
 malloc
 malware
@@ -508,6 +529,7 @@ onboarding
 oneline
 open
 openafs
+openblas
 opencv
 openjpeg
 openldap
@@ -519,7 +541,9 @@ opensuse
 openswan
 openvex
 openvpn
+openvswitch
 openwrt
+opkg
 orc
 ossl
 osv
@@ -546,6 +570,7 @@ picocom
 pigz
 pixbuf
 pixman
+pjsip
 plotly
 png
 pocoo
@@ -597,6 +622,7 @@ readthedocs
 realpython
 rebasing
 redhat
+redis
 refactored
 refactoring
 regex
@@ -617,6 +643,7 @@ rsync
 rsyslog
 rtl
 rtmpdump
+ruby
 runc
 rust
 sakshatshinde
@@ -626,6 +653,7 @@ sandboxing
 sane
 sanketsaurav
 sannanansari
+sasl
 Saurabh
 sbs
 sdk
@@ -678,6 +706,7 @@ tagvalue
 tar
 tarfiles
 taskbar
+tbb
 tcpdump
 tcpreplay
 tempfile
@@ -702,6 +731,7 @@ toml
 toolkit
 tools
 tor
+toybox
 tpm
 traceroute
 transmission
@@ -737,6 +767,7 @@ util
 utkarsh
 utm
 uuid
+uwsgi
 v
 varnish
 venv
@@ -756,6 +787,8 @@ Vulnerability
 Vulnerabity
 vulnerablities
 vulnerablity
+wavpack
+WCAG
 webkitgtk
 webserver
 website
@@ -773,6 +806,7 @@ workarounds
 workflow
 workflows
 wpa
+wrt
 wsl
 www
 wzao
@@ -782,9 +816,11 @@ xerces
 Xiph
 xkcd
 xml
+xpdf
 xscreensaver
 xvf
 xwayland
+xz
 yakkety
 yaml
 yashugarg

Diff for: .github/codecov.yml

@@ -0,0 +1,14 @@
+codecov:
+  token: ${{ secrets.CODECOV_TOKEN }}
+  ci:
+    - github-actions
+  max_report_age: 12
+  require_ci_to_pass: TRUE
+
+coverage:
+  round: down
+  range: 60..80
+
+comment:
+    layout: "condensed_header, condensed_files, condensed_footer"
+    hide_project_coverage: FALSE

Diff for: .github/workflows/build-wheel.yml

@@ -23,12 +23,12 @@ jobs:
     if: github.repository == 'intel/cve-bin-tool' # run on origin repo only
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         egress-policy: audit
 
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+    - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
       with:
         python-version: ${{ matrix.python-version }}
         cache: 'pip'

Diff for: .github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         egress-policy: audit
 
@@ -51,7 +51,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11

Diff for: .github/workflows/coverity.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         egress-policy: audit
 

Diff for: .github/workflows/cve_scan.yml

@@ -17,12 +17,12 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: '3.11'
           cache: 'pip'
@@ -32,7 +32,7 @@ jobs:
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
       - name: Get cached database
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}

Diff for: .github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 

Diff for: .github/workflows/formatting.yml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: '3.11'
           cache: 'pip'
@@ -36,7 +36,7 @@ jobs:
         run: |
           python cve_bin_tool/format_checkers.py
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:
           commit-message: "chore: update checkers table"
           title: "chore: update checkers table"