Duplicated components after version upgrade

[maur1]

Current Behavior

When a component is updated the old component is still kept in dependency track increasing the vulnerability score.

See example of spring-webflux below. Version defined in the pom.xml is 6.1.11

Steps to Reproduce

1. Create a java project with the dependency [email protected]

2. Generate bom with cdxgen cdxgen --output backend_bom.json --type java

3. Upload bom to dependency track

4. Update spring-webflux -> 6.1.11

5. Generate bom with cdxgen cdxgen --output backend_bom.json --type java

6. Upload bom to dependency track

Both versions will be present

Expected Behavior

Expect that the lastet version should be the only one present

Dependency-Track Version

4.11.6

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[maur1]

Closing issue as it was due to a hidden dependency

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.