search

clj-holmes / clj-watson

clojure deps SCA
Eclipse Public License 2.0
84 stars 9 forks source link

Breaks on datahike dep #8

Closed Cyrik closed 2 years ago

Cyrik commented 2 years ago

When I run it on an empty project with the following deps.edn it breaks.

{
 :deps {io.replikativ/datahike                  {:mvn/version "0.4.1480"}}
 :aliases {:clj-watson {:extra-deps {io.github.clj-holmes/clj-watson {:git/tag "v2.1.0" :git/sha "468f6fe"}}
                        :main-opts ["-m" "clj-watson.cli" "scan"]}}
}
clojure -M:clj-watson scan scan -p deps.edn -s                                                                                                           ok  13:10:56 
Downloading/Updating database.
Download/Update completed.
** ERROR: **
Exception: #error {
 :cause Cannot invoke "java.lang.CharSequence.length()" because "this.text" is null
 :via
 [{:type java.lang.NullPointerException
   :message Cannot invoke "java.lang.CharSequence.length()" because "this.text" is null
   :at [java.util.regex.Matcher getTextLength Matcher.java 1769]}]
 :trace
 [[java.util.regex.Matcher getTextLength Matcher.java 1769]
  [java.util.regex.Matcher reset Matcher.java 415]
  [java.util.regex.Matcher <init> Matcher.java 252]
  [java.util.regex.Pattern matcher Pattern.java 1134]
  [clojure.core$re_matcher invokeStatic core.clj 4845]
  [clojure.core$re_matcher invoke core.clj 4838]
  [version_clj.split$split_once invokeStatic split.cljc 32]
  [version_clj.split$split_once invoke split.cljc 21]
  [version_clj.split$split_known_qualifier invokeStatic split.cljc 128]
  [version_clj.split$split_known_qualifier invoke split.cljc 125]
  [version_clj.split$split_version_and_qualifier invokeStatic split.cljc 139]
  [version_clj.split$split_version_and_qualifier invoke split.cljc 135]
  [version_clj.split$version__GT_seq invokeStatic split.cljc 154]
  [version_clj.split$version__GT_seq doInvoke split.cljc 151]
  [clojure.lang.RestFn invoke RestFn.java 410]
  [version_clj.compare$version_compare invokeStatic compare.cljc 95]
  [version_clj.compare$version_compare doInvoke compare.cljc 90]
  [clojure.lang.RestFn invoke RestFn.java 442]
  [version_clj.core$version_compare invokeStatic core.cljc 31]
  [version_clj.core$version_compare doInvoke core.cljc 25]
  [clojure.lang.RestFn invoke RestFn.java 442]
  [version_clj.core$older_QMARK_ invokeStatic core.cljc 38]
  [version_clj.core$older_QMARK_ doInvoke core.cljc 35]
  [clojure.lang.RestFn invoke RestFn.java 442]
  [version_clj.core$newer_or_equal_QMARK_ invokeStatic core.cljc 55]
  [version_clj.core$newer_or_equal_QMARK_ doInvoke core.cljc 51]
  [clojure.lang.RestFn invoke RestFn.java 425]
  [clj_watson.diplomat.remediate$parent_dependency_contains_child_version_QMARK_ invokeStatic remediate.clj 26]
  [clj_watson.diplomat.remediate$parent_dependency_contains_child_version_QMARK_ invoke remediate.clj 17]
  [clj_watson.diplomat.remediate$find_bump_version_using_latest invokeStatic remediate.clj 40]
  [clj_watson.diplomat.remediate$find_bump_version_using_latest invoke remediate.clj 28]
  [clj_watson.diplomat.remediate$vulnerabilities_fix_suggestions$fn__12531 invoke remediate.clj 50]
  [clojure.core$map$fn__5884 invoke core.clj 2757]
  [clojure.lang.LazySeq sval LazySeq.java 42]
  [clojure.lang.LazySeq seq LazySeq.java 51]
  [clojure.lang.LazySeq first LazySeq.java 73]
  [clojure.lang.RT first RT.java 692]
  [clojure.core$first__5401 invokeStatic core.clj 55]
  [clojure.core$first__5401 invoke core.clj 55]
  [cljstache.core$render_section invokeStatic core.cljc 459]
  [cljstache.core$render_section invoke core.cljc 441]
  [cljstache.core$render_template invokeStatic core.cljc 479]
  [cljstache.core$render_template invoke core.cljc 468]
  [cljstache.core$render invokeStatic core.cljc 499]
  [cljstache.core$render invoke core.cljc 491]
  [cljstache.core$render invokeStatic core.cljc 496]
  [cljstache.core$render invoke core.cljc 491]
  [clj_watson.logic.stdout$generate invokeStatic stdout.clj 28]
  [clj_watson.logic.stdout$generate invoke stdout.clj 27]
  [clj_watson.controller.output$eval12163$fn__12164 invoke output.clj 12]
  [clojure.lang.MultiFn invoke MultiFn.java 234]
  [clj_watson.controller.output$generate invokeStatic output.clj 21]
  [clj_watson.controller.output$generate invoke output.clj 20]
  [clj_watson.entrypoint$_main invokeStatic entrypoint.clj 17]
  [clj_watson.entrypoint$_main invoke entrypoint.clj 15]
  [cli_matic.core$invoke_subcmd invokeStatic core.cljc 546]
  [cli_matic.core$invoke_subcmd invoke core.cljc 525]
  [cli_matic.core$run_cmd_STAR_ invokeStatic core.cljc 589]
  [cli_matic.core$run_cmd_STAR_ invoke core.cljc 560]
  [cli_matic.core$run_cmd invokeStatic core.cljc 601]
  [cli_matic.core$run_cmd invoke core.cljc 591]
  [clj_watson.cli$_main invokeStatic cli.clj 40]
  [clj_watson.cli$_main doInvoke cli.clj 39]
  [clojure.lang.RestFn applyTo RestFn.java 137]
  [clojure.lang.Var applyTo Var.java 705]
  [clojure.core$apply invokeStatic core.clj 667]
  [clojure.main$main_opt invokeStatic main.clj 514]
  [clojure.main$main_opt invoke main.clj 510]
  [clojure.main$main invokeStatic main.clj 664]
  [clojure.main$main doInvoke main.clj 616]
  [clojure.lang.RestFn applyTo RestFn.java 137]
  [clojure.lang.Var applyTo Var.java 705]
  [clojure.main main main.java 40]]}
mthbernardes commented 2 years ago

The npe was being triggered when the vulnerability does not have a patch. I've already fixed it on this PR