Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken link in HTML report #5418

Closed
mehradn7 opened this issue Feb 3, 2023 · 2 comments · Fixed by #5421
Closed

Broken link in HTML report #5418

mehradn7 opened this issue Feb 3, 2023 · 2 comments · Fixed by #5421
Labels
bug

Comments

@mehradn7
Copy link

mehradn7 commented Feb 3, 2023

Hello,

The Maven package spring-retry appears in the Dependency Check report with the version number not being substituted:

image

Which causes the hyperlink to be broken: pkg:maven/org.springframework.retry/spring-retry@%24%7Brevision%7D

The original POM file can be found here: https://repo1.maven.org/maven2/org/springframework/retry/spring-retry/1.3.4/spring-retry-1.3.4.pom

Thank you and have a nice day.

Regards,

Version of dependency-check used
Maven plugin 8.0.2
@mehradn7 mehradn7 added the bug label Feb 3, 2023
@jeremylong
Copy link
Collaborator

Amazingly even the referenced POM says that the version is ${revision} which URL encodes to %24%7Brevision%7D... Not much we can do when people publish garbage.

jeremylong added a commit that referenced this issue Feb 5, 2023
@jeremylong
fix: bad version string interpolation
0a477e7 
Resolves #5418 by returning a null value when variable interpolation fails when evaluating a pom.xml
@jeremylong jeremylong mentioned this issue Feb 5, 2023
Merged
@marcelstoer
Copy link
Collaborator

Oh bummer, looks like they use CI friendly versions but misconfigured the flatten plugin.

aikebah added a commit that referenced this issue Feb 18, 2023
@aikebah
fix: Prefer pom.properties G/A/V over pom.xml G/A/V to resolve GAV in…
e183bfb 
…terpolation issues

Improves the fix of #5418 as a quick-fix

Fixes #5450
@aikebah aikebah mentioned this issue Feb 18, 2023
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bad version string interpolation dependency-check/DependencyCheck
3 participants
@marcelstoer @jeremylong @mehradn7