fix: de-duplicate and sort both includedBy and projectReferences in reports#8440
Merged
jeremylong merged 3 commits intodependency-check:mainfrom Apr 22, 2026
Merged
Conversation
Since a6010aa these references have been duplicated, since they are put into HashSets but the type doesn't have equals/hashCode Signed-off-by: Chad Wilson <[email protected]>
chadlwilson
changed the title
includedBy and projectReferences in reportsincludedBy and projectReferences in reports
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes duplicated includedBy entries introduced by the switch to IncludedByReference (missing equals/hashCode) and updates report outputs to use de-duplicated, sorted includedBy and projectReferences for easier scanning in large projects.
Changes:
- Implement
equals/hashCode(+Comparable) onIncludedByReferenceand add sorted accessors onDependency. - Update HTML/XML/JSON/JUnit/Jenkins (and commented GitLab) report templates to render sorted
includedBy/projectReferences. - Add unit tests asserting sorting behavior for the new sorted accessors.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| core/src/main/java/org/owasp/dependencycheck/dependency/IncludedByReference.java | Adds equality and natural ordering to enable de-duplication + sorting. |
| core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java | Adds get*Sorted() accessors and changes some getters to *copyOf(...). |
| core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java | Adds tests for sorted accessors. |
| core/src/main/resources/templates/htmlReport.vsl | Uses sorted accessors for deterministic, easier-to-scan output. |
| core/src/main/resources/templates/jenkinsReport.vsl | Uses sorted accessors in Jenkins output. |
| core/src/main/resources/templates/xmlReport.vsl | Uses sorted accessors in XML output. |
| core/src/main/resources/templates/jsonReport.vsl | Uses sorted accessors in JSON output. |
| core/src/main/resources/templates/junitReport.vsl | Uses sorted projectReferences in JUnit output. |
| core/src/main/resources/templates/gitlabReport.vsl | Updates a commented loop to reference the sorted accessor. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
These can be very large for bigger projects; and sorting them makes it easier to scan through. Added new methods rather than changing semantics of the existing accessors on Dependency. Signed-off-by: Chad Wilson <[email protected]>
chadlwilson
force-pushed
the
de-duplicate-includedby
branch
from
e580a26 to
667f791
Compare
Signed-off-by: Chad Wilson <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jeremylong
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Change
includedByreferences have been accidentally duplicated, since they are put intoSetsbut the custom type doesn't have equals/hashCode like the previousPairtype did.Related issues
N/A
Have test cases been added to cover the new functionality?
yes
Example HTML report:
dependency-check-report.html