You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2017/09/29 06:59:45 UTC
svn commit: r1810056 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle
tools/security/dependency-check/dependency-check-report.html
Author: jleroux
Date: Fri Sep 29 06:59:45 2017
New Revision: 1810056
URL: http://svn.apache.org/viewvc?rev=1810056&view=rev
Log:
No functional change
Updates xstream from 1.4.9 to 1.4.10 to fixes a vulnerability reported by
Dependency Check
Updates the dependency-check-report.html
There are more to do, but my time is limited...
Modified:
ofbiz/ofbiz-framework/trunk/build.gradle
ofbiz/tools/security/dependency-check/dependency-check-report.html
Modified: ofbiz/ofbiz-framework/trunk/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1810056&r1=1810055&r2=1810056&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/build.gradle (original)
+++ ofbiz/ofbiz-framework/trunk/build.gradle Fri Sep 29 06:59:45 2017
@@ -28,12 +28,15 @@ buildscript {
}
dependencies {
classpath "at.bxm.gradleplugins:gradle-svntools-plugin:latest.release"
+ classpath "org.kordamp.gradle:jdeps-gradle-plugin:0.2.0"
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'maven-publish'
apply plugin: "at.bxm.svntools"
+apply plugin: 'org.kordamp.jdeps'
+apply plugin: 'codenarc'
apply from: 'common.gradle'
@@ -103,7 +106,7 @@ dependencies {
compile 'com.lowagie:itext:2.1.7'
compile 'com.sun.mail:javax.mail:1.5.1'
compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
- compile 'com.thoughtworks.xstream:xstream:1.4.9'
+ compile 'com.thoughtworks.xstream:xstream:1.4.10'
compile 'commons-cli:commons-cli:1.3.1'
compile 'commons-net:commons-net:3.3'
compile 'commons-validator:commons-validator:1.5.1'
@@ -1006,3 +1009,21 @@ def gradlewSubprocess(commandList) {
fullCommand.addAll(commandList)
exec { commandLine fullCommand }
}
+
+//codenarcMain {
+// ignoreFailures false
+// configFile file('config/codenarc/codenarc-main.rules')
+//
+// maxPriority1Violations 0
+// maxPriority2Violations 10
+// maxPriority3Violations 20
+//}
+//
+//codenarcTest {
+// ignoreFailures true
+// configFile file('config/codenarc/codenarc-test.rules')
+//
+// maxPriority1Violations 0
+// maxPriority2Violations 10
+// maxPriority3Violations 20
+//}
\ No newline at end of file
Re: svn commit: r1810056 [1/2] - in /ofbiz:
ofbiz-framework/trunk/build.gradle
tools/security/dependency-check/dependency-check-report.html
Posted by Jacques Le Roux <ja...@les7arts.com>.
Ha sorry,
These are unsuccessful WIP
Just noticed it also on my side while reviewing (again) my last commits, removed at r1810062
Jacques
Le 29/09/2017 à 09:32, Taher Alkhateeb a écrit :
> Why did you apply the jdeps and codenarc plugins? Why did you add
> commented out code? What's this all about?
>
> On Fri, Sep 29, 2017 at 9:59 AM, <jl...@apache.org> wrote:
>> Author: jleroux
>> Date: Fri Sep 29 06:59:45 2017
>> New Revision: 1810056
>>
>> URL: http://svn.apache.org/viewvc?rev=1810056&view=rev
>> Log:
>> No functional change
>>
>> Updates xstream from 1.4.9 to 1.4.10 to fixes a vulnerability reported by
>> Dependency Check
>> Updates the dependency-check-report.html
>>
>> There are more to do, but my time is limited...
>>
>> Modified:
>> ofbiz/ofbiz-framework/trunk/build.gradle
>> ofbiz/tools/security/dependency-check/dependency-check-report.html
>>
>> Modified: ofbiz/ofbiz-framework/trunk/build.gradle
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1810056&r1=1810055&r2=1810056&view=diff
>> ==============================================================================
>> --- ofbiz/ofbiz-framework/trunk/build.gradle (original)
>> +++ ofbiz/ofbiz-framework/trunk/build.gradle Fri Sep 29 06:59:45 2017
>> @@ -28,12 +28,15 @@ buildscript {
>> }
>> dependencies {
>> classpath "at.bxm.gradleplugins:gradle-svntools-plugin:latest.release"
>> + classpath "org.kordamp.gradle:jdeps-gradle-plugin:0.2.0"
>> }
>> }
>> apply plugin: 'java'
>> apply plugin: 'eclipse'
>> apply plugin: 'maven-publish'
>> apply plugin: "at.bxm.svntools"
>> +apply plugin: 'org.kordamp.jdeps'
>> +apply plugin: 'codenarc'
>>
>> apply from: 'common.gradle'
>>
>> @@ -103,7 +106,7 @@ dependencies {
>> compile 'com.lowagie:itext:2.1.7'
>> compile 'com.sun.mail:javax.mail:1.5.1'
>> compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
>> - compile 'com.thoughtworks.xstream:xstream:1.4.9'
>> + compile 'com.thoughtworks.xstream:xstream:1.4.10'
>> compile 'commons-cli:commons-cli:1.3.1'
>> compile 'commons-net:commons-net:3.3'
>> compile 'commons-validator:commons-validator:1.5.1'
>> @@ -1006,3 +1009,21 @@ def gradlewSubprocess(commandList) {
>> fullCommand.addAll(commandList)
>> exec { commandLine fullCommand }
>> }
>> +
>> +//codenarcMain {
>> +// ignoreFailures false
>> +// configFile file('config/codenarc/codenarc-main.rules')
>> +//
>> +// maxPriority1Violations 0
>> +// maxPriority2Violations 10
>> +// maxPriority3Violations 20
>> +//}
>> +//
>> +//codenarcTest {
>> +// ignoreFailures true
>> +// configFile file('config/codenarc/codenarc-test.rules')
>> +//
>> +// maxPriority1Violations 0
>> +// maxPriority2Violations 10
>> +// maxPriority3Violations 20
>> +//}
>> \ No newline at end of file
>>
>>
Re: svn commit: r1810056 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle
tools/security/dependency-check/dependency-check-report.html
Posted by Taher Alkhateeb <sl...@gmail.com>.
Why did you apply the jdeps and codenarc plugins? Why did you add
commented out code? What's this all about?
On Fri, Sep 29, 2017 at 9:59 AM, <jl...@apache.org> wrote:
> Author: jleroux
> Date: Fri Sep 29 06:59:45 2017
> New Revision: 1810056
>
> URL: http://svn.apache.org/viewvc?rev=1810056&view=rev
> Log:
> No functional change
>
> Updates xstream from 1.4.9 to 1.4.10 to fixes a vulnerability reported by
> Dependency Check
> Updates the dependency-check-report.html
>
> There are more to do, but my time is limited...
>
> Modified:
> ofbiz/ofbiz-framework/trunk/build.gradle
> ofbiz/tools/security/dependency-check/dependency-check-report.html
>
> Modified: ofbiz/ofbiz-framework/trunk/build.gradle
> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1810056&r1=1810055&r2=1810056&view=diff
> ==============================================================================
> --- ofbiz/ofbiz-framework/trunk/build.gradle (original)
> +++ ofbiz/ofbiz-framework/trunk/build.gradle Fri Sep 29 06:59:45 2017
> @@ -28,12 +28,15 @@ buildscript {
> }
> dependencies {
> classpath "at.bxm.gradleplugins:gradle-svntools-plugin:latest.release"
> + classpath "org.kordamp.gradle:jdeps-gradle-plugin:0.2.0"
> }
> }
> apply plugin: 'java'
> apply plugin: 'eclipse'
> apply plugin: 'maven-publish'
> apply plugin: "at.bxm.svntools"
> +apply plugin: 'org.kordamp.jdeps'
> +apply plugin: 'codenarc'
>
> apply from: 'common.gradle'
>
> @@ -103,7 +106,7 @@ dependencies {
> compile 'com.lowagie:itext:2.1.7'
> compile 'com.sun.mail:javax.mail:1.5.1'
> compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
> - compile 'com.thoughtworks.xstream:xstream:1.4.9'
> + compile 'com.thoughtworks.xstream:xstream:1.4.10'
> compile 'commons-cli:commons-cli:1.3.1'
> compile 'commons-net:commons-net:3.3'
> compile 'commons-validator:commons-validator:1.5.1'
> @@ -1006,3 +1009,21 @@ def gradlewSubprocess(commandList) {
> fullCommand.addAll(commandList)
> exec { commandLine fullCommand }
> }
> +
> +//codenarcMain {
> +// ignoreFailures false
> +// configFile file('config/codenarc/codenarc-main.rules')
> +//
> +// maxPriority1Violations 0
> +// maxPriority2Violations 10
> +// maxPriority3Violations 20
> +//}
> +//
> +//codenarcTest {
> +// ignoreFailures true
> +// configFile file('config/codenarc/codenarc-test.rules')
> +//
> +// maxPriority1Violations 0
> +// maxPriority2Violations 10
> +// maxPriority3Violations 20
> +//}
> \ No newline at end of file
>
>