diff --git a/core/pom.xml b/core/pom.xml
index 361f147607f..72c4091a835 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -189,7 +189,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
cpe-parser
- com.vdurmont
+ org.semver4j
semver4j
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
index 92db0cb92c5..7faacb0c04c 100644
--- a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -21,9 +21,8 @@
import com.github.packageurl.PackageURL;
import com.github.packageurl.PackageURL.StandardTypes;
import com.github.packageurl.PackageURLBuilder;
-import com.vdurmont.semver4j.Semver;
-import com.vdurmont.semver4j.Semver.SemverType;
-import com.vdurmont.semver4j.SemverException;
+import org.semver4j.Semver;
+import org.semver4j.SemverException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nodeaudit.Advisory;
import org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch;
@@ -530,7 +529,7 @@ public static String determineVersionFromMap(String versionRange, Collection= 2) {
deps = json.getJsonObject("packages");
@@ -370,8 +370,9 @@ private void processDependencies(JsonObject json, File baseDir, File rootFile,
} else {
base = Paths.get(baseDir.getPath(), "node_modules", name).toFile();
if (!base.isFile()) {
- if ("node_modules".equals(baseDir.getParentFile().getName())) {
- base = Paths.get(baseDir.getParent(), name).toFile();
+ final File test = new File(modulesRoot, name);
+ if (test.isDirectory()) {
+ base = test;
}
}
}
diff --git a/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java b/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
index 332cbc76fdc..54b3d5b179e 100644
--- a/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
+++ b/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
@@ -17,7 +17,7 @@
*/
package org.owasp.dependencycheck.data.nvdcve;
-import com.vdurmont.semver4j.Semver;
+import org.semver4j.Semver;
import org.owasp.dependencycheck.BaseDBTestCase;
import java.util.Properties;
import org.junit.After;
@@ -99,7 +99,7 @@ public void testGetProperty_String() throws DatabaseException {
DatabaseProperties instance = cveDb.getDatabaseProperties();
String result = instance.getProperty(key);
- Semver ver = new Semver(result, Semver.SemverType.LOOSE);
+ Semver ver = new Semver(result);
assertTrue(ver.getMajor() >= 5);
}
diff --git a/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java
new file mode 100644
index 00000000000..758f8d9d47f
--- /dev/null
+++ b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.utils;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.semver4j.Semver;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class SemverTest {
+
+ /**
+ * Test of semver4j. See https://github.com/jeremylong/DependencyCheck/issues/5128#issuecomment-1343080426
+ */
+ @Test
+ public void testSemver() {
+ Semver semver = new Semver("3.1.4");
+ assertTrue(semver.satisfies("^3.0.0-0"));
+ }
+}
diff --git a/pom.xml b/pom.xml
index e4f8700f396..edf2aedb6bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1068,9 +1068,9 @@ Copyright (c) 2012 - Jeremy Long
0.0.2.1
- com.vdurmont
+ org.semver4j
semver4j
- 3.1.0
+ 4.0.0
org.jetbrains