You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2018/01/24 12:44:52 UTC
[myfaces-tobago] branch tobago-2.0.x updated: * update slf4j *
check dependencies (CVE)
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch tobago-2.0.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/tobago-2.0.x by this push:
new 3693141 * update slf4j * check dependencies (CVE)
3693141 is described below
commit 369314152aac21653a06021ac24e933d2136dc2e
Author: Udo Schnurpfeil <lo...@apache.org>
AuthorDate: Wed Jan 24 13:31:41 2018 +0100
* update slf4j
* check dependencies (CVE)
---
pom.xml | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index ce0acaf..9f1cd9f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1008,9 +1008,10 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>1.4.5</version>
+ <version>3.1.0</version>
<configuration>
- <failBuildOnCVSS>0</failBuildOnCVSS>
+ <!-- XXX can be set to 0, after releasing checkstyle-rules 10 -->
+ <failBuildOnCVSS>5.5</failBuildOnCVSS>
<suppressionFile>tobago/dependency-check-suppression-for-tobago-2.0.xml</suppressionFile>
</configuration>
<dependencies>
@@ -1522,7 +1523,7 @@
<mojarra20.version>2.0.11-04</mojarra20.version>
<mojarra21.version>2.1.29-08</mojarra21.version>
<mojarra22.version>2.2.14</mojarra22.version>
- <slf4j.version>1.7.22</slf4j.version>
+ <slf4j.version>1.7.25</slf4j.version>
<logback.version>1.2.3</logback.version>
<log4j.version>1.2.17</log4j.version>
<commons-io.version>2.4</commons-io.version>
@@ -1535,7 +1536,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<jsf.target>2.0</jsf.target>
<required.maven.version>2.2.1</required.maven.version>
- <checkstyle-rules.version>8</checkstyle-rules.version>
+ <checkstyle-rules.version>9</checkstyle-rules.version>
<tobago.basedir>${project.basedir}</tobago.basedir>
</properties>
</project>
--
To stop receiving notification emails like this one, please contact
lofwyr@apache.org.