You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Notice that the SECURITY nodes reference mysql_connector however PACKAGE-MANAGER has the new groupId maven/com.mysql.jdbc/mysql-connector-java@5.1.36 (which version 5.1.3 is not even visible in Maven central)
The text was updated successfully, but these errors were encountered:
When a maven package is moved to a different group, the new group is reported instead of the use one (even though the old still still exists)
See this repro repository that is using the sbom action to report the dependencies.
The dependency being used is mysql:mysql-connector-java:5.1.36
However this package has been moved to another place which only has versions > 8.0.31
If we run
./gradlew app:dependencies
I can see the dependency is correctly indentified
However it's submitted to GitHub dependency submission API as
com.mysql.jdbc:mysql-connector-java
(notice the new groupIdcom.mysql.jdbc
)This seems consistent with the SBOM (snippet with some parts cut)
Notice that the
SECURITY
nodes referencemysql_connector
howeverPACKAGE-MANAGER
has the new groupIdmaven/com.mysql.jdbc/mysql-connector-java@5.1.36
(which version 5.1.3 is not even visible in Maven central)The text was updated successfully, but these errors were encountered: