Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FP]: Eclipse jetty toolchain libs should also be excluded from eclipse:jetty cpe #6812

Closed
lread opened this issue Jul 6, 2024 · 3 comments
Closed

[FP]: Eclipse jetty toolchain libs should also be excluded from eclipse:jetty cpe #6812

lread opened this issue Jul 6, 2024 · 3 comments
Labels
FP Report maven changes to the maven plugin

Comments

@lread
Copy link

lread commented Jul 6, 2024

Package URl

pkg:maven/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api@2.0.0

CPE

cpe:2.3:a:eclipse:jetty:2.0.0:*:*:*:*:*:*:*

CVE

No response

ODC Integration

None

ODC Version

10.0.2

Description

I listed a specific package URI and cpe because this is what I understand the issue form to require, but I think we should instead tweak an existing suppression.

In #6799, the eclipse jetty tool chain libs were excluded from cpe:/a:jetty:jetty, but I think they also need to be excluded from cpe:/a:eclipse:jetty.

And with that, hopefully, the game of whack-a-mole will be complete!
@lread lread added the FP Report label Jul 6, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 6, 2024

Maven Coordinates

<dependency>
   <groupId>org.eclipse.jetty.toolchain</groupId>
   <artifactId>jetty-jakarta-websocket-api</artifactId>
   <version>2.0.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6812
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty-jakarta-websocket-api@.*$</packageUrl>
   <cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9820006099

@github-actions github-actions bot added the maven changes to the maven plugin label Jul 6, 2024
lread added a commit to lread/DependencyCheck that referenced this issue Jul 6, 2024
@lread
fix(fp): FP per issue jeremylong#6812
5fa08fc
@lread lread mentioned this issue Jul 6, 2024
Merged
aikebah added a commit that referenced this issue Jul 7, 2024
@aikebah
fix(fp): FP per issue #6812 (#6813)
4ea9821
@chadlwilson
Copy link
Contributor

Thanks! I guess this can be closed now :-)

@lread
Copy link
Author

lread commented Jul 8, 2024

Sweet!

Fixed by #6813

@lread lread closed this as completed Jul 8, 2024
@lread lread mentioned this issue Aug 16, 2024
Open
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FP Report maven changes to the maven plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lread @chadlwilson