Comments (7)
1.0.0 released
from vulndb-data-mirror.
This project was blocked due to an issue with VulnDB that the vendor has just recently fixed. The fix has been implemented, not tested, and the project still is not feature complete - still lacking update synchronization. I likely won't be releasing 1.0.0 until mid-2019 at the earliest.
If you're not using VulnDB however, none of the code in this library will ever be called. In fact, if a vulndb directory doesn't exist in the dependency-track data directory, this library can likely be manually omitted.
from vulndb-data-mirror.
Also: refer to https://github.com/DependencyTrack/dependency-track/blob/master/src/main/java/org/dependencytrack/tasks/VulnDbSyncTask.java#L71
from vulndb-data-mirror.
my main concern is not the exact number of the project itself but that's it's a SNAPSHOT dependency which may change with every build.
Is it possible to decrease the version and go for < 1.0.0 releases, to indicate it's not feature-complete project?
from vulndb-data-mirror.
-SNAPSHOT already indicates its not complete. No need to alter versions which would be seriously problematic for organizations already using this library.
from vulndb-data-mirror.
by always depending on on a -SNAPSHOT
dependency in release-builds I can't be sure that I get the same version each time I'm building my source.
By this release builds from the same source are not getting the same result which is far more problematic (since it's hard to go back on a previous SNAPSHOT). There is a reason the maven-release-plugin
is forbidding SNAPSHOT dependencies.
from vulndb-data-mirror.
If reproducibility is what you're after, why don't you just pin to a specific version of a snapshot.
Current:
1.0.0-20180524.022156-17
from vulndb-data-mirror.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulndb-data-mirror.