Closed guidojw closed 1 year ago
Hi @ejohn20, this extension not supporting the breaking change from v8
forces us to pin to v7.4.4
. It would be greatly appreciated if this could be resolved in a timely manner.
Merging to the develop branch so I can test the dev version of the extension before releasing.
I'm unable to reproduce this in my demo pipelines. I have merged this and released in v6.1.0. Please verify that the fix is working as expected.
It happened when setting warnOnCVSSViolation
to true, not anymore as of v6.1.1
of this extension.
Thanks for the quick response!
In
v8.0.0
, the CVSS score failure exit code was changed from 1 to 15 (PR: https://github.com/jeremylong/DependencyCheck/pull/4511), which is why this extension now fails instead of warns on these because it still expects an exit code of 1.This PR adds support for this by comparing the exitCode with 1 if the input dependency-check version starts with
[0-7].
, and otherwise a 15.