data/reports: update GO-2022-0384.yaml and delete dupe GO-2022-0918

Add advisory link for GO-2022-0384 and delete GO-2022-0918 which is a
duplicate of it.

Aliases: CVE-2021-32690, GHSA-56hp-xqp3-w2jf, GHSA-7jr6-prv4-5wf5

Updates #384, #918

Change-Id: Iad28e1aeea5587d8ee49680a2fd28494f3b14bda
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/451281
Run-TryBot: Tatiana Bradley <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

Author: tatianab

data/excluded/GO-2022-0918.yaml

@@ -7,7 +7,7 @@
     "GHSA-56hp-xqp3-w2jf",
     "GHSA-7jr6-prv4-5wf5"
   ],
-  "details": "The username and password credentials associated with a Helm repository can be passed to another domain referenced by that Helm repository.\n\nIf the index.yaml for a Helm repository is hosted on one domain and references a chart archive on a different domain, Helm will provide the credentials for the index.yaml's domain when fetching those archives.\n\nFor further details, see https://github.com/advisories/GHSA-56hp-xqp3-w2jf.",
+  "details": "The username and password credentials associated with a Helm repository can be passed to another domain referenced by that Helm repository.\n\nIf the index.yaml for a Helm repository is hosted on one domain and references a chart archive on a different domain, Helm will provide the credentials for the index.yaml's domain when fetching those archives.",
   "affected": [
     {
       "package": {
@@ -46,6 +46,10 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-56hp-xqp3-w2jf"
+    },
     {
       "type": "FIX",
       "url": "https://github.com/helm/helm/commit/61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f"

data/osv/GO-2022-0384.json

@@ -1,16 +1,16 @@
 modules:
-  - module: helm.sh/helm/v3
-    versions:
-      - fixed: 3.6.1
-    vulnerable_at: 3.6.0
-    packages:
-      - package: helm.sh/helm/v3/pkg/downloader
-        symbols:
-          - ChartDownloader.ResolveChartVersion
-        derived_symbols:
-          - ChartDownloader.DownloadTo
-          - Manager.Build
-          - Manager.Update
+    - module: helm.sh/helm/v3
+      versions:
+        - fixed: 3.6.1
+      vulnerable_at: 3.6.0
+      packages:
+        - package: helm.sh/helm/v3/pkg/downloader
+          symbols:
+            - ChartDownloader.ResolveChartVersion
+          derived_symbols:
+            - ChartDownloader.DownloadTo
+            - Manager.Build
+            - Manager.Update
 description: |
     The username and password credentials associated with a Helm repository
     can be passed to another domain referenced by that Helm repository.
@@ -19,14 +19,12 @@ description: |
     references a chart archive on a different domain, Helm will provide
     the credentials for the index.yaml's domain when fetching those
     archives.
-
-    For further details, see
-    https://github.com/advisories/GHSA-56hp-xqp3-w2jf.
 published: 2022-07-15T23:29:45Z
 cves:
-  - CVE-2021-32690
+    - CVE-2021-32690
 ghsas:
-  - GHSA-56hp-xqp3-w2jf
-  - GHSA-7jr6-prv4-5wf5
+    - GHSA-56hp-xqp3-w2jf
+    - GHSA-7jr6-prv4-5wf5
 references:
-  - fix: https://github.com/helm/helm/commit/61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f
+    - advisory: https://github.com/advisories/GHSA-56hp-xqp3-w2jf
+    - fix: https://github.com/helm/helm/commit/61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f