Open simondivi opened 1 year ago
Do you have a link to dojo-1.16.3-distribution.zip?
Sure - sorry - here it is https://mvnrepository.com/artifact/org.dojotoolkit/dojo/1.16.3 we have a dependency through: https://mvnrepository.com/artifact/org.apache.qpid/qpid-broker-plugins-management-http
Sorry for the delay on this - but I am unable to reproduce the issue using the maven plugin.
Thanks for looking into it. I have created a reproducer: https://github.com/simondivi/DependencyCheck-5109 Edit: It is using gradle but I believe it should behave the same?
For example the dojo-1.16.3-distribution.zip has a lot of files and all of them report to have the exact same vulnerabilies. This blows up the number of found issues. Can this be avoided and the zip file be counted only once?