From 6814ae1a0af7f97686be66f91e70f2d85569a934 Mon Sep 17 00:00:00 2001 From: Nicolas Humblot Date: Thu, 29 Dec 2022 10:08:15 +0100 Subject: [PATCH 1/2] fix: #5158 Upgrade semver4j to 4.1.1 to prevent NullPointerException --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 05ca8e2b09c..64bcd1467f1 100644 --- a/pom.xml +++ b/pom.xml @@ -1069,7 +1069,7 @@ Copyright (c) 2012 - Jeremy Long org.semver4j semver4j - 4.1.0 + 4.1.1 org.jetbrains From 1e9edc8a7e1fc634c17edd1decb41aa5bfac68d6 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 29 Dec 2022 04:53:08 -0500 Subject: [PATCH 2/2] fix: add test case --- .../org/owasp/dependencycheck/utils/SemverTest.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java index 758f8d9d47f..899cd2e85aa 100644 --- a/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java @@ -13,6 +13,7 @@ */ package org.owasp.dependencycheck.utils; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import org.junit.Test; @@ -32,4 +33,15 @@ public void testSemver() { Semver semver = new Semver("3.1.4"); assertTrue(semver.satisfies("^3.0.0-0")); } + /** + * Test of semver4j. See https://github.com/jeremylong/DependencyCheck/issues/5158 + */ + @Test + public void testSemverComplex() { + Semver semver = new Semver("18.11.5"); + assertFalse(semver.satisfies("^14.14.20 || ^16.0.0")); + + semver = new Semver("14.15.0"); + assertTrue(semver.satisfies("^14.14.20 || ^16.0.0")); + } }