You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2018/01/24 12:44:52 UTC

[myfaces-tobago] branch tobago-2.0.x updated: * update slf4j * check dependencies (CVE)

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch tobago-2.0.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git


The following commit(s) were added to refs/heads/tobago-2.0.x by this push:
     new 3693141  * update slf4j * check dependencies (CVE)
3693141 is described below

commit 369314152aac21653a06021ac24e933d2136dc2e
Author: Udo Schnurpfeil <lo...@apache.org>
AuthorDate: Wed Jan 24 13:31:41 2018 +0100

    * update slf4j
    * check dependencies (CVE)
---
 pom.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index ce0acaf..9f1cd9f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1008,9 +1008,10 @@
         <plugin>
           <groupId>org.owasp</groupId>
           <artifactId>dependency-check-maven</artifactId>
-          <version>1.4.5</version>
+          <version>3.1.0</version>
           <configuration>
-            <failBuildOnCVSS>0</failBuildOnCVSS>
+            <!-- XXX can be set to 0, after releasing checkstyle-rules 10 -->
+            <failBuildOnCVSS>5.5</failBuildOnCVSS>
             <suppressionFile>tobago/dependency-check-suppression-for-tobago-2.0.xml</suppressionFile>
           </configuration>
           <dependencies>
@@ -1522,7 +1523,7 @@
     <mojarra20.version>2.0.11-04</mojarra20.version>
     <mojarra21.version>2.1.29-08</mojarra21.version>
     <mojarra22.version>2.2.14</mojarra22.version>
-    <slf4j.version>1.7.22</slf4j.version>
+    <slf4j.version>1.7.25</slf4j.version>
     <logback.version>1.2.3</logback.version>
     <log4j.version>1.2.17</log4j.version>
     <commons-io.version>2.4</commons-io.version>
@@ -1535,7 +1536,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <jsf.target>2.0</jsf.target>
     <required.maven.version>2.2.1</required.maven.version>
-    <checkstyle-rules.version>8</checkstyle-rules.version>
+    <checkstyle-rules.version>9</checkstyle-rules.version>
     <tobago.basedir>${project.basedir}</tobago.basedir>
   </properties>
 </project>

-- 
To stop receiving notification emails like this one, please contact
lofwyr@apache.org.