You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using DependencyChecker with the --retireJsUrl argument, it will fail if the obtained json file is using a different filename than 'jsrepository.json'.
I'm using the new DependencyChecker 5.2.0 via Jenkins, which is having the new 'decoupled' wrapper around the cli.
I'm passing the --retireJsUrl there, like;
dependencyCheck additionalArguments: 'https://somelocalurl/jsrepository-alt.json', odcInstallation: 'Dependency-Check5.2.0'.
** Version of dependency-check used **
The problem occurs using version 5.2.0 of the cli, started by Jenkins using the new plugin structure.
** Log file **
I don't get much logging via Jenkins. Only get;
[DependencyCheck] [ERROR] Failed to initialize the RetireJS repo
To Reproduce
Steps to reproduce the behavior:
Set up a mirror of the jsrepository.json file, using an alternative filename
Configure DependencyChecker to use it, with the --retireJsUrl argument
Run DependencyCheck.
See error
Expected behavior
That the --retireJsUrl also allows for an alternative filename (since it's part of the full provide URL).
Additional context
What I'm thinking is that the code is just expecting to find the jsrepository.json file locally (after being downloaded from somewhere). It's likely a small glitch?
The text was updated successfully, but these errors were encountered:
An update is being included in the next release that will allow for custom JS repository names. In the next release we will be using the filename as defined in the --retireJsURL (or comparable argument depending on the implementation used).
lockbot
locked and limited conversation to collaborators
Jan 3, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
When using DependencyChecker with the --retireJsUrl argument, it will fail if the obtained json file is using a different filename than 'jsrepository.json'.
I'm using the new DependencyChecker 5.2.0 via Jenkins, which is having the new 'decoupled' wrapper around the cli.
I'm passing the --retireJsUrl there, like;
dependencyCheck additionalArguments: 'https://somelocalurl/jsrepository-alt.json', odcInstallation: 'Dependency-Check5.2.0'.
When the local resource location is using the exact same file name as the standard one on;
https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
e.g.;
https://somelocalurl/jsrepository.json
it works fine.
** Version of dependency-check used **
The problem occurs using version 5.2.0 of the cli, started by Jenkins using the new plugin structure.
** Log file **
I don't get much logging via Jenkins. Only get;
[DependencyCheck] [ERROR] Failed to initialize the RetireJS repo
To Reproduce
Steps to reproduce the behavior:
Expected behavior
That the --retireJsUrl also allows for an alternative filename (since it's part of the full provide URL).
Additional context
What I'm thinking is that the code is just expecting to find the jsrepository.json file locally (after being downloaded from somewhere). It's likely a small glitch?
The text was updated successfully, but these errors were encountered: