DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: netty-tcnative-boringssl-static is matching the chromium project

Open jrmcdonald opened this issue 2 years ago • 2 comments

Package URl

pkg:maven/io.netty/[email protected]

CPE

cpe:2.3:a:chromium_project:chromium:2.0.54:::::::*

CVE

No response

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

No response

jrmcdonald avatar Aug 24 '22 09:08 jrmcdonald

Maven Coordinates

<dependency>
   <groupId>io.netty</groupId>
   <artifactId>netty-tcnative-boringssl-static</artifactId>
   <version>2.0.54.Final</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4776
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.netty/netty-tcnative-boringssl-static@.*$</packageUrl>
   <cpe>cpe:/a:chromium_project:chromium</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2917944740

github-actions[bot] avatar Aug 24 '22 09:08 github-actions[bot]

This can be a duplicate of https://github.com/jeremylong/DependencyCheck/issues/4154

tisonkun avatar Aug 25 '22 11:08 tisonkun

Released, but issue wasn't triggered to be closed by the merge, in 7.3.1/7.3.2

aikebah avatar Nov 20 '22 17:11 aikebah