Closed wolframhaussig closed 3 years ago
In 2020, the coordinates of the Oracle JDBC libraries changed: https://medium.com/oracledevs/all-in-and-new-groupids-oracle-jdbc-drivers-on-maven-central-a76d545954c6
When using the new coordinates the ojdbc library and its dependencies are recognised as Oracle Database which breaks our builds. Currently, we are using ojdbc8 12.2.0.1: https://mvnrepository.com/artifact/com.oracle.database.jdbc/ojdbc8/12.2.0.1
False positive on library ojdbc8-12.2.0.1.jar - reported as:
<dependency> <groupId>com.oracle.database.jdbc</groupId> <artifactId>ojdbc8</artifactId> <version>12.2.0.1</version> </dependency>
This also affects the dependencies of ojdbc:
Thanks for the report. In the meantime you can use a local suppression file: https://jeremylong.github.io/DependencyCheck/general/suppression.html
Also, consider providing a PR to resolve the FP.
In 2020, the coordinates of the Oracle JDBC libraries changed: https://medium.com/oracledevs/all-in-and-new-groupids-oracle-jdbc-drivers-on-maven-central-a76d545954c6
When using the new coordinates the ojdbc library and its dependencies are recognised as Oracle Database which breaks our builds. Currently, we are using ojdbc8 12.2.0.1: https://mvnrepository.com/artifact/com.oracle.database.jdbc/ojdbc8/12.2.0.1
Example
False positive on library ojdbc8-12.2.0.1.jar - reported as:
This also affects the dependencies of ojdbc: