Skip to content

bug(pom): Trivy doesn't overwrite version from depManagement if dependency uses project.groupId prop #8049

New issue
New issue
Closed
#8050
Closed
bug(pom): Trivy doesn't overwrite version from depManagement if dependency uses project.groupId prop#8049
#8050
Assignees
DmitriyLewen
Labels
kind/bugCategorizes issue or PR as related to a bug.
Milestone
 
v0.58.1
@DmitriyLewen

Description

@DmitriyLewen
DmitriyLewen
opened on Dec 5, 2024

Description

There are cases when dependency uses project.groupId property
e.g. https://repo1.maven.org/maven2/io/netty/netty-handler/4.1.114.Final/netty-handler-4.1.114.Final.pom :

<groupId>${project.groupId}</groupId>
<artifactId>netty-common</artifactId>
<version>${project.version}</version>

For this cases Trivy doesn't overwrite these dependencies.
See #8036 for example.

Discussed in #8036

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions