Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Quitting dependency-check during an update leaves stale lock file

See original GitHub issue

Launch dependency-check and, while it is performing a database update, press CTRL-C to quit the process. Immediately launch dependency-check again and the tool hangs after printing:

[dependency-check] SLF4J: Class path contains multiple SLF4J bindings.
[dependency-check] SLF4J: Found binding in [jar:file:/Users/chris/packages/dependency-check-ant/dependency-check-ant.jar!/org/slf4j/impl/StaticLoggerBinder.class]
[dependency-check] SLF4J: Found binding in [jar:file:/Users/chris/packages/dependency-check-ant/lib/dependency-check-ant-3.0.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
[dependency-check] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
[dependency-check] SLF4J: Actual binding is of type [org.owasp.dependencycheck.ant.logging.AntLoggerFactory]

A bit of Googling led me to this issue: https://github.com/jeremylong/DependencyCheck/issues/1000

Deleting the lock file allowed me to resume my work.

It would be nice if dependency-check would clean-up after itself in case it gets interrupted. (If possible). Otherwise, perhaps https://github.com/jeremylong/DependencyCheck/issues/1000 is enough to mitigate this problem.

I happen to be using the Apache ant task, if that makes any difference.

(Thanks for the great tool!)

Issue Analytics

State:
Created 6 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

1reaction

jeremylongcommented, Dec 12, 2017

Thanks for reporting this issue - I got to learn something new regarding shutdown hooks. This makes ODC much more stable!

1reaction

jeremylongcommented, Dec 10, 2017

I’ll do some research on this one - some changes that need to be made are updating the error reporting per issue #1000 and updating the purge task (and related) to remove the lock file.

Top Results From Across the Web

dependency-check-maven – dependency-check:update-only

Sets whether or not the PHP Composer Lock File Analyzer should be used. User property is: composerAnalyzerEnabled . <connectionString>, String, -, The database ......

What NPM should do to stop a new colors attack - Hacker News

Yes npm install will update the lock file if package.json conflicts. But it certainly does not ... But that wouldnt leave much time...

Confluent Platform Component Changelogs

This topic provides changelogs for the individual Confluent Platform components. ... PR-4438 - docs: update tutorial stack file for v0.6.0/5.4.0 (DOCS-3330) ...

Openfire Changelog - Ignite Realtime Downloads

Stopping update service. [OF-2482] - Error when opening keystore admin console page; [OF-2480] - Admin console is unavailable ~30 seconds after setup ...

Bug List - Bugs - Eclipse

387304, Subversi, Core, a.gurov, RESO, NOT_, update svn:externals source file results in removal of the svn:mime-type property, 2012-09-06.