You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by GitBox <gi...@apache.org> on 2022/02/15 23:49:21 UTC

[GitHub] [ws-wss4j] free2create opened a new pull request #43: WSS-693 Fail build if CVSS score is above 6

free2create opened a new pull request #43:
URL: https://github.com/apache/ws-wss4j/pull/43


   Ignore findings by editing build-tools/dependency-check-suppression.xml and adding checksum of jar File.
   
   * Remove unneeded profile for dependency check since it is not optional anymore.
   * trim dep management to just version info. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org

[GitHub] [ws-wss4j] free2create commented on pull request #43: WSS-693 Fail build if CVSS score is above 6

Posted by GitBox <gi...@apache.org>.

free2create commented on pull request #43:
URL: https://github.com/apache/ws-wss4j/pull/43#issuecomment-1059123070


   @coheigea any feedback ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org

[GitHub] [ws-wss4j] free2create commented on pull request #43: WSS-693 Fail build if CVSS score is above 6

Posted by GitBox <gi...@apache.org>.

free2create commented on pull request #43:
URL: https://github.com/apache/ws-wss4j/pull/43#issuecomment-1062547930


   Are you using this behind a firewall? 
   
   When I added this for a application  behind a firewall that normally used a Nexus as a mirror for maven central we added a proxy configuration in the settings file. You tell the proxy that you still want to continue to use Nexus as a mirror, but all other traffic should go through the proxy. 
   
   Anyway I will move this back to a profile and  update the Apache CI to use the profile does that sound like a plan ? 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org

[GitHub] [ws-wss4j] coheigea commented on pull request #43: WSS-693 Fail build if CVSS score is above 6

Posted by GitBox <gi...@apache.org>.

coheigea commented on pull request #43:
URL: https://github.com/apache/ws-wss4j/pull/43#issuecomment-1062634030


   Thanks, that sounds good.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org

[GitHub] [ws-wss4j] free2create commented on pull request #43: WSS-693 Fail build if CVSS score is above 6

Posted by GitBox <gi...@apache.org>.

free2create commented on pull request #43:
URL: https://github.com/apache/ws-wss4j/pull/43#issuecomment-1065983811


   FYI
   There is some maven lifecycle strangeness that is happening when this is moved to a profile that I am trying to figure out. 
   A 'mvn deploy' , is not triggering the plugin even when I pin this the _compile_ or _verify_ lifecycle. I even added _verify_ to the release plugings preparationGoals. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org