knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject [knox] branch master updated: KNOX-1822 - Upgrade dependency-check-maven to 5.0.0-M1
Date Tue, 12 Mar 2019 16:28:46 GMT
This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new bd0ab3e  KNOX-1822 - Upgrade dependency-check-maven to 5.0.0-M1
bd0ab3e is described below

commit bd0ab3e1f8afd2453ca60b723c04d043a283d451
Author: Kevin Risden <krisden@apache.org>
AuthorDate: Tue Mar 12 10:44:59 2019 -0400

    KNOX-1822 - Upgrade dependency-check-maven to 5.0.0-M1
    
    Signed-off-by: Kevin Risden <krisden@apache.org>
---
 .../build-tools/dependency-check/suppressions.xml  | 24 ++++++++++++++++++++++
 pom.xml                                            |  2 +-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
index ee181fe..e97a901 100644
--- a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
+++ b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
@@ -17,6 +17,16 @@ limitations under the License.
 -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
     <suppress>
+        <notes><![CDATA[file name: commons-net-.*.jar]]></notes>
+        <gav regex="true">^commons-net:commons-net:.*$</gav>
+        <cpe>cpe:/a:echo_project:echo</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: amqp-client-.*.jar]]></notes>
+        <gav regex="true">^com\.rabbitmq:amqp-client:.*$</gav>
+        <cpe>cpe:/a:pivotal_software:rabbitmq</cpe>
+    </suppress>
+    <suppress>
         <notes><![CDATA[file name: javax.jws-api-.*.jar]]></notes>
         <gav regex="true">^javax\.jws:javax\.jws-api:.*$</gav>
         <cpe>cpe:/a:oracle:glassfish</cpe>
@@ -45,6 +55,7 @@ limitations under the License.
         <cpe>cpe:/a:apache:apache_http_server</cpe>
         <cpe>cpe:/a:apache:apache_test</cpe>
         <cpe>cpe:/a:apache:hadoop</cpe>
+        <cpe>cpe:/a:apache:hbase</cpe>
         <cpe>cpe:/a:apache:hive</cpe>
         <cpe>cpe:/a:apache:http_server</cpe>
         <cpe>cpe:/a:apache:nifi</cpe>
@@ -97,11 +108,24 @@ limitations under the License.
         <cpe>cpe:/a:oracle:glassfish</cpe>
     </suppress>
     <suppress>
+        <notes><![CDATA[file name: apache-jsp-.*.jar]]></notes>
+        <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav>
+        <cpe>cpe:/a:apache:tomcat</cpe>
+        <cpe>cpe:/a:apache_software_foundation:tomcat</cpe>
+    </suppress>
+    <suppress>
         <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
         <gav regex="true">^org\.slf4j:.*$</gav>
         <cve>CVE-2018-8088</cve>
     </suppress>
     <suppress>
+        <notes><![CDATA[file name: spring-vault-core-.*.jar]]></notes>
+        <gav regex="true">^org\.springframework\.vault:spring-vault-core:.*$</gav>
+        <cpe>cpe:/a:pivotal:spring_framework</cpe>
+        <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
+        <cpe>cpe:/a:springsource:spring_framework</cpe>
+    </suppress>
+    <suppress>
         <notes><![CDATA[file name: xz-.*.jar]]></notes>
         <gav regex="true">^org\.tukaani:xz:.*$</gav>
         <cve>CVE-2015-4035</cve>
diff --git a/pom.xml b/pom.xml
index 8442cdd..8b5b2dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -165,7 +165,7 @@
         <cors-filter.version>2.6</cors-filter.version>
         <curator.version>4.2.0</curator.version>
         <curator-test.version>2.13.0</curator-test.version>
-        <dependency-check-maven.version>4.0.2</dependency-check-maven.version>
+        <dependency-check-maven.version>5.0.0-M1</dependency-check-maven.version>
         <dockerfile-maven-plugin.version>1.4.10</dockerfile-maven-plugin.version>
         <easymock.version>4.0.2</easymock.version>
         <eclipselink.version>2.7.4</eclipselink.version>


Mime
View raw message