Dependencycheck: 6.0.3 release date ?

Created on 14 Oct 2020 · 8Comments · Source: jeremylong/DependencyCheck

Hello,

We are waiting all the fixes in 6.0.3 for our projects, do you know when 6.0.3 will be out approximatly ?

Thanks ;)

question

Source

sebastienroux

👍1

Most helpful comment

@sebastienroux the NodeJS analyzer may not be completely removed - it may be needed for the vendor modules. Still researching this. However, some of the other changes reduced the FP for this analyzer greatly in 6.0.3.

Regarding the release date - I am hoping to get to it this weekend. However, I still have to cycle through the FP reports for node and dotnet.

jeremylong on 14 Oct 2020

❤2

All 8 comments

It would be really useful to get an idea on the timeframe for this as we're getting 100s of false positives where a CPE is matching on a substring (e.g. package _npm/content-type_ is matching CPE _content_project\content_).

stevehipwell on 14 Oct 2020

👍1

It would be really useful to get an idea on the timeframe for this as we're getting 100s of false positives where a CPE is matching on a substring (e.g. package _npm/content-type_ is matching CPE _content_project\content_).

Exactly, same problem ;) , you can already add --disableNodeJS flag, only false positives with this, and will be removed soon

sebastienroux on 14 Oct 2020

Regarding the release date - I am hoping to get to it this weekend. However, I still have to cycle through the FP reports for node and dotnet.

jeremylong on 14 Oct 2020

❤2

@jeremylong , not trying to push at all, just curious if you have thoughts on how close 6.0.3 is.