DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

Support maven_install.json v2

Open efabens opened this issue 1 year ago • 2 comments
trafficstars

Is your feature request related to a problem? Please describe. As of version 5.1 of rules_jvm_external, the maven_install.json schema was updated for v2. The current implementation in dependency check is compatible with v0.1.0 but v2.

Describe the solution you'd like The PinnedMavenInstallAnalyzer should support both maven_install.json versions.

Describe alternatives you've considered

  • Roll back the version of rules_jvm_external to pre 5.1. That version is over a year old and a major version behind.
  • Do container scanning later in the CI process, which would be slower and potentially less reliable

Additional context Bazel continues to grow in popularity, it seems important to support updates.

efabens avatar Mar 18 '24 22:03 efabens

@jeremylong Thanks for getting that PR merged in so quickly! I see it is marked as part of 9.1.0 release. Any sense of when that might be coming down the pike. I am weighing cost/benefit of waiting for the official release vs building my own image pipeline and then using the official image post release.

Ball park of days vs weeks vs months is totally sufficient.

Thanks for managing this project, it is super appreciated!

efabens avatar Mar 20 '24 16:03 efabens

likely within 2 weeks..

jeremylong avatar Mar 21 '24 10:03 jeremylong