Using MVN Repo, vulnerabilities on not identified on latest components in list of component versions

sonatype-nexus-community / nexus-iq-chrome-extension

Chrome extension for use with Sonatype Nexus Lifecycle - IQ server

https://sonatype-nexus-community.github.io/nexus-iq-chrome-extension/

Apache License 2.0

20 stars 12 forks source link

Using MVN Repo, vulnerabilities on not identified on latest components in list of component versions #200

Closed caw916 closed 1 year ago

caw916 commented 1 year ago

Using the MVN Repository, I get a list of the versions of the SnakeYAML component. the latest 2 versions don't show vulnerabilities in the list but if I go to the component itself the plugin shows vulnerabilities. IQ Chrome Extension bug - MVN Repo not identifying vulnerabilites on latest components in list

ctownshend commented 1 year ago

OK, so the vulnerability flag in the datagrid, was due to a collision on a css selector. We use "vuln" and so does mvnrepository. So the fix is to make the Sonatype plugin to use a more specific selector so it doesn't collide. now using "sonatype-iq-extension-vuln"