Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: #3762 itext licensing packages do not belong to 'cpe:/a:itextpdf:itext' CPE #5801

Closed
wants to merge 1 commit into from
Closed

fix: #3762 itext licensing packages do not belong to 'cpe:/a:itextpdf:itext' CPE #5801

wants to merge 1 commit into from

Conversation

nhumblot
Copy link
Collaborator

Fixes Issue

Fix #3762

Description of Change

This change declares com.itextpdf.licensing/licensing-base and com.itextpdf.licensing/licensing-remote as not linked to cpe:2.3:a:itextpdf:itext:*:*:*:*:*:*:*:*

Have test cases been added to cover the new functionality?

no

@boring-cyborg boring-cyborg bot added the core changes to core label Jun 30, 2023
@aikebah
Copy link
Collaborator

aikebah commented Jul 2, 2023

@nhumblot WDYT, should we also bring these suppressions into the hosted suppressions file, so that a new release is not required to make them active?

@aikebah aikebah added this to the 8.3.2 milestone Jul 2, 2023
@nhumblot
Copy link
Collaborator Author

nhumblot commented Jul 2, 2023
edited
Loading

Hi @aikebah 👋

I definitely agree to publish it in the hosted suppression file. I opened a PR for this one because it was an old suppression issue prior to the introduction of the github action. Based on the github action code, I guess the only way to do it, is for me to create new github issues to trigger the bot and approve them this way?

If you confirm it, I can proceed this way and close this PR which will become unnecessary. 🙂

@aikebah
Copy link
Collaborator

aikebah commented Jul 2, 2023

@nhumblot Yes, FP Report is (almost) the only way to do it.

The work-around I've used sometimes when there were still other proper FP reports ready to approve is a direct commit to the generatedSuppressions branch. But that would require another approvable FP-report on which (after approval) trigger the false-positive approval Github workflow that will use it to publish the updated hostedSuppressions file based on the generatedSuppressions.xml of that branch.

This was referenced Jul 2, 2023
Closed
Closed
@nhumblot
Copy link
Collaborator Author

nhumblot commented Jul 2, 2023

@aikebah Thanks for the additional explanation. Both suppression rules got added to the hosted suppression file through #5802 & #5803 🙂

@aikebah
Copy link
Collaborator

aikebah commented Jul 9, 2023

superseded by the hosted suppressions file additions

@aikebah aikebah closed this Jul 9, 2023
@aikebah aikebah removed this from the 8.3.2 milestone Jul 9, 2023
@jeremylong jeremylong deleted the 3762-fp branch December 5, 2023 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aikebah aikebah aikebah approved these changes

Assignees
No one assigned
Labels
core changes to core FP Report
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

False Positive on com.itextpdf.licensing/licensing-base and com.itextpdf.licensing/licensing-remote
2 participants
@nhumblot @aikebah