fabric8-analytics-vscode-extension icon indicating copy to clipboard operation
fabric8-analytics-vscode-extension copied to clipboard

Published 20 hours ago verified publisher icon fabric8-analytics

[Enhancement] Vulnerable dependencies without version values in manifest file are not underlined.

Open pdaverh opened this issue 5 years ago • 1 comments
trafficstars

Describe the bug If a library does not have a version explicitly assigned in the manifest file, and it happens to have a vulnerability, then the language server analysis does not underline the library.

To Reproduce Steps to reproduce the behavior:

  1. Add a dependency in the manifest file that has known vulnerabilities and remove the version number
  2. Save and open the manifest file and wait for the analysis to be done.
  3. View the stack analysis report to see the vulnerability and switch back to the editor to see that the vulnerability is not shown. Expected behavior The library should be underlined with fix recommendation. Developer should be able to update the manifest file with the recommended version.

Screenshots Screenshot is attached.

  • Dependency Analytics Version 0.1.0
Screen Shot 2020-07-14 at 10 56 01 AM Screen Shot 2020-07-14 at 11 05 23 AM

pdaverh avatar Jul 14 '20 17:07 pdaverh

We do have issues with semantic versioning so this is similar. Component analysis expects a package and the exact version currently.

prashbnair avatar Jul 16 '20 04:07 prashbnair