From e6032773a81ab68ddb192e5e97aaa5584e3b8fd9 Mon Sep 17 00:00:00 2001
From: Roopa Mohan <roopidevs@gmail.com>
Date: Tue, 21 Jun 2022 09:48:50 -0700
Subject: [PATCH] RetireJs updates + package number update to 3.2.0

---
 package.json                 |  2 +-
 retire-js/RetireJsVulns.json | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 42eeb200e..756d0a15f 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "3.1.2",
+	"version": "3.2.0",
 	"author": "ISV SWAT",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
index 390af2407..f81658e43 100644
--- a/retire-js/RetireJsVulns.json
+++ b/retire-js/RetireJsVulns.json
@@ -3146,6 +3146,35 @@
       ]
     }
   },
+  "AlaSQL": {
+    "vulnerabilities": [
+      {
+        "below": "0.7.0",
+        "severity": "high",
+        "identifiers": {
+          "CVE": [
+            "CVE-XXXX-XXXX"
+          ],
+          "bug": "SNYK-JS-ALASQL-1082932",
+          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used."
+        },
+        "info": [
+          "https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932"
+        ]
+      }
+    ],
+    "extractors": {
+      "uri": [
+        "/alasql[/@](§§version§§)/.*\\.js"
+      ],
+      "filename": [
+        "alasql-(§§version§§)(\\.min)?\\.js"
+      ],
+      "filecontent": [
+        "/\\*!?[ \n]*AlaSQL v(§§version§§)"
+      ]
+    }
+  },
   "dont check": {
     "extractors": {
       "uri": [