Wrong Latest version reported by using github package URL

[g-sahil22]

Current Behavior

For the below component wrong latest version is reported

Error:

Steps to Reproduce

1. create a component as per the below screenshot
2. review the latest version reported

Expected Behavior

DT will report this component as latest version

Dependency-Track Version

4.10.1

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported

[sebD]

The tagging format on the particular repo given as example is adding a 'v' before the version number in the tags: v1.7.17 rather than 1.7.17. Since the pURL is referencing tags and not labels it should be pkg:github/davegamble/[email protected] otherwise the Github api returns a 404 Not Found when requested.

List of tags available @ https://github.com/DaveGamble/cJSON/tags for the list of tags

[sebD]

If I create a DependencyTrack component with the following pURL pkg:github/dependencytrack/[email protected] I get a correct result:

[g-sahil22]

Hi @sebD , I update the PURL, but still same issue

[sebD]

I have noticed that updating the purl doesn't correct the problem immediately indeed. The outdated character of a dependency is defined during analysis. You may have to trigger one (I haven't personally checked)

[sebD]

@g-sahil22 any progress on that issue ? Did you try to trigger a new analysis and did it update the version accordingly ?