Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Incorrect Version getting added in bom.xml
See original GitHub issueHi Team,
I am using “dotnet-CycloneDX” package for creating bom.xml from .sln file. But as per my observation it is adding incorrect version in bom.xml. For example the .csproj file contains following entry:
<PackageReference Include="WebGrease" version="1.6.0" />
In above it is clear that the version of WebGrease is 1.6.0 but if we check the bom.xml it shows version 1.5.2 as follows:
<component type="library">
<name>WebGrease</name>
<version>1.5.2</version>
<description><![CDATA[Web Grease is a suite of tools for optimizing javascript, css files and images.]]></description>
<licenses>
<license>
<url>http://www.microsoft.com/web/webpi/eula/msn_webgrease_eula.htm</url>
</license>
</licenses>
<purl>pkg:nuget/WebGrease@1.5.2</purl>
</component>
Also I have observed that it includes version of library which is not present either in .csproj or packages.config file.
For example:
packages.config file contains:
<package id="WebGrease" version="1.6.0" targetFramework="net45" />
but bom.xml file contains 2 entries for WebGrease one 1.6.0 and other with version 1.5.2 as shown below:
<component type="library">
<name>WebGrease</name>
<version>1.5.2</version>
<description><![CDATA[Web Grease is a suite of tools for optimizing javascript, css files and images.]]></description>
<licenses>
<license>
<url>http://www.microsoft.com/web/webpi/eula/msn_webgrease_eula.htm</url>
</license>
</licenses>
<purl>pkg:nuget/WebGrease@1.5.2</purl>
</component>
<component type="library">
<name>WebGrease</name>
<version>1.6.0</version>
<description><![CDATA[Web Grease is a suite of tools for optimizing javascript, css files and images.]]></description>
<licenses>
<license>
<url>http://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_ENU.htm</url>
</license>
</licenses>
<purl>pkg:nuget/WebGrease@1.6.0</purl>
<externalReferences>
<reference type="website">
<url>http://webgrease.codeplex.com/</url>
</reference>
</externalReferences>
</component>
Could you please take a look into it and let me know if I am missing something?
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@coderpatros Sure will check and let you know. Thank you for update
@shounakitraj going to close this issue. Feel free to re-open it if you are still getting incorrect versions in your bom.xml with the latest version.