Closed drewboardman closed 2 years ago
github-actions[bot]
commented
2 years ago Error parsing package url: https://ossindex.sonatype.org/component/pkg:maven/org.typelevel/log4cats-core_2.13@2.2.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.0.0.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
github-actions[bot]
commented
2 years ago Error parsing package url: https://ossindex.sonatype.org/component/pkg:maven/org.typelevel/log4cats-core_2.13@2.2.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.0.0.
Error: Error: purl is missing the required "pkg" scheme component.
Please correct the package URL - consider copying the package url from the HTML report.
github-actions[bot]
commented
2 years ago Maven Coordinates
<dependency>
<groupId>org.typelevel</groupId>
<artifactId>log4cats-core_2.13</artifactId>
<version>2.2.0</version>
</dependency>Suppression rule:
<suppress base="true">
<notes><![CDATA[
FP per issue #4295
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.typelevel/log4cats-core_2\.13@.*$</packageUrl>
<cpe>cpe:/a:davenport:davenport</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2079145837
Package URl
pkg:maven/org.typelevel/log4cats-core_2.13@2.2.0
CPE
cpe:2.3:a:davenport:davenport:2.2.0:*:*:*:*:*:*:*andcpe:2.3:a:protonmail:protonmail:2.2.0:*:*:*:*:*:*:*CVE
CVE-2021-32816
ODC Integration
No response
ODC Version
7.0.0
Description
I'm using a scala dependency check wrapper sbt dependencyCheck.
There is a false negative reported for a scala logging library
log4cats. The report is saying thatProtonMail Web Clientis vulnerable and being pulled in by this logging library. This is incorrect.