-
assigned issue to
Robert Reiz
Component Whitelist not working
Issue #320
resolved
For whatever reason
https://www.versioneye.com/java/org.jenkins-ci.plugins:credentials is incredibly out of date. The current version is 2.1.X (something) yet it is saying the initial release is the up to date one. So i made a component whitelist and added
org.jenkins-ci.plugins:credentials:1.9.4 org.jenkins-ci.plugins:credentials org.jenkins-ci.plugins
I tried all 3 and reparsed and yet it still shows red as a violation. So not only is the check broken but the component whitelist doesn't work.
Comments (5)
-
-
Can you post a link to your project please?
The package you are referencing is crawled from here: http://jcenter.bintray.com/org/jenkins-ci/plugins/credentials/ and I can't see a 2.1.x version. On Maven Central the package doesn't show up at all: http://search.maven.org/#search%7Cga%7C1%7Corg.jenkins-ci.plugins. Where can I find the 2.1.X version of the package?
-
- Project Link: https://www.versioneye.com/user/projects/582e557fc8dd330045914348
- Current Credentials Dependancy: https://www.versioneye.com/java/org.jenkins-ci.plugins:credentials/1.9.4 (Note version eye says latest is 1.22)
-
Maven Repository: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/credentials (shows 2.1.8 as latest which is in line with the wiki documentation https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin)
-
There seems to be a bug with version eye when evaluating this plugin for whatever reason. So i tried to flag it as always true using the whitelist.
-
Added the MIT License to the whitelist and the component org.jenkins-ci.plugins:credentials:1.9.4
-
yet for some reason credentials is flagged as outdated still and the other dependancy zap-clientapi is no longer listed.
-
Project pom available here: https://github.com/jenkinsci/zap-plugin/blob/master/pom.xml
-
This seems to be a common issue with all jenkins and hudson plugins :( since they do not seem to be indexed on search.maven.org for some reason
-
Basically the backend for the jenkins update center will limit the versions of plugins that it advertises to those plugins that are compatible with specific baseline versions of Jenkins. Thus: https://updates.jenkins-ci.org/1.580/update-center.json will have the newest version of credentials that is compatible with 1.580+... which is 1.28 whereas https://updates.jenkins-ci.org/1.609/update-center.json has the newest version compatible with 1.609+... which is 2.1.9 (search org.jenkins-ci.plugins:credentials in this example)
-
In my case i am reporting a bug with the indexing. But i would love to know how to exclude that check since i can't seem to with whitelisting :(
-
Hi @JordanGS The newest version of the
org.jenkins-ci.plugins:credentialscomponent is 1.22 and not 1.9.4! Simply because 22 is higher than 9 ;-) And version 1.22 is marked as newest in the repository maven-metadate.xml here: http://jcenter.bintray.com/org/jenkins-ci/plugins/credentials/maven-metadata.xml. I take a look to the other points. -
- changed status to resolved
I close this because it is a douplicate to https://bitbucket.org/versioneye/versioneye/issues/323/component-whitelist-not-working-part-2.
- Log in to comment
