Skip to content

(Yarn Audit Analyzer) Invalid version string format Version [0.32+git] is not valid semver. #7488

Closed
#7525
Closed
(Yarn Audit Analyzer) Invalid version string format Version [0.32+git] is not valid semver.#7488
#7525
Labels
bugpending more information
@xpoinsard

Description

@xpoinsard
xpoinsard
opened on Feb 28, 2025

Precondition

  • [ X] I checked the issues list for existing open or closed reports of the same problem.

Describe the bug
When trying to run on my local ubuntu 22.04 laptop, I have got an error that seems related to yarn :

[WARNING] An unexpected error occurred during analysis of '/tmp/dctemp98af9c47-82c5-45e1-b705-45212f70e500/check12211452104991911139tmp/7489/META-INF/resources/webjars/combined-stream/1.0.8/yarn.lock' (Yarn Audit Analyzer): Invalid version string format
[ERROR] 
java.lang.IllegalStateException: Invalid version string format
    at org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer.getYarnMajorVersion (YarnAuditAnalyzer.java:119)
    at org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer.analyzeDependency (YarnAuditAnalyzer.java:267)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    at java.lang.Thread.run (Thread.java:1583)
Caused by: org.semver4j.SemverException: Version [0.32+git] is not valid semver.
    at org.semver4j.internal.StrictParser.parse (StrictParser.java:33)
    at org.semver4j.Semver.<init> (Semver.java:38)
    at org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer.getYarnMajorVersion (YarnAuditAnalyzer.java:116)
    at org.owasp.dependencycheck.analyzer.YarnAuditAnalyzer.analyzeDependency (YarnAuditAnalyzer.java:267)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    at java.lang.Thread.run (Thread.java:1583)

Version of dependency-check used
maven plugin version 12.1.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugpending more information

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions