Dependencies Outdated

Older, outdated versions of dependencies are more likely to be affected by security issues. Oftentimes, updating your dependencies to the most recent version will resolve these issues. Outdated dependencies are the direct and transitive dependencies within your project that are not the most current version published. For more information on how dependencies are identified, please see Dependency Detection.

Ion Channel will determine whether the versions of all detected dependencies are outdated for all supported languages except for Go.

Governance:

The Major Versions Behind rule governs the pass/fail status of the scan results. When this rule is enabled in the governing ruleset, the analysis will only pass if the major version of all direct dependencies is not further behind the most recent version than the rule dictates.

Dependencies Outdated Details:

By selecting the Dependencies Outdated tile, you will find detailed information on each of the direct outdated dependencies and the full scan results in JSON format. In the Details tab, the following information is provided.

• Major Behind - The number of major versions that this dependency is behind the most recent version. The major version is determined using any numeric value that appears before the first dot or any other non-numeric character.
• Minor Behind - The number of minor versions that this dependency is behind the most recent version. The minor version is determined using the first numeric value that appears after the first dot and before the second dot or any other non-numeric character.
• Transitives Outdated - The number of this dependency's direct dependencies that are not the most recent version.
• Version - The version of this dependency that is being used.
• Required Version - The version of this dependency that is required in the dependency file where this dependency was detected.
• Latest Version - The most recent version of this dependency.

These dependencies are sorted by major behind first, followed by minor behind, transitives outdated, and alphabetical.

Tile Statuses:

Passing: All of the direct dependency's major versions are within the threshold specified in the Major Versions Behind rule, and the governing ruleset includes that rule.

Failing: At least one of the direct dependency's major versions is further behind than the threshold specified in the Major Versions Behind rule, and the governing ruleset includes that rule.

Not Evaluated: The scan has been completed, the count of all detected outdated dependencies is displayed, and the governing ruleset does not include the Major Versions Behind rule.

Error: An error occurred during the scan or analysis. Selecting the tile will provide information on the cause of the error.