You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2021/10/08 01:49:16 UTC

[GitHub] [solr] sonatype-lift[bot] commented on a change in pull request #335: Drive JMH benchmarks via Apache Zeppelin.

sonatype-lift[bot] commented on a change in pull request #335:
URL: https://github.com/apache/solr/pull/335#discussion_r724644502



##########
File path: zeppelin-jmh-interpreter/build.gradle
##########
@@ -0,0 +1,102 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ */
+
+plugins {
+    id 'java'
+    id 'maven-publish'
+    id 'com.github.johnrengelman.shadow' version '6.1.0'
+    id 'net.nemerosa.versioning' version '2.6.1'
+}
+
+apply plugin: 'com.github.johnrengelman.shadow'
+
+configurations.all {
+    resolutionStrategy {
+        cacheChangingModulesFor 0, 'seconds'
+    }
+}
+
+repositories {
+    mavenLocal()
+    maven {
+        url = uri('http://repository.apache.org/snapshots')
+    }
+
+    maven {
+        url = uri('https://repo.maven.apache.org/maven2/')
+    }
+    maven {
+        url 'https://repo.maven.apache.org/maven2'
+        name 'Maven Central'
+    }
+}
+
+dependencies {
+    implementation ('org.slf4j:slf4j-api:1.7.32')
+    implementation 'org.apache.commons:commons-exec:1.3'
+    implementation 'org.apache.commons:commons-lang3:3.12.0'
+    implementation 'commons-io:commons-io:2.5'
+    implementation 'commons-cli:commons-cli:20040117.000000'
+    implementation 'org.jline:jline-reader:3.20.0'
+    implementation 'org.apache.commons:commons-csv:1.8'
+    implementation 'net.openhft:chronicle-map:3.21ea82' // TODO: remove
+    implementation (group: 'org.apache.solr', name: 'solr-solrj', version: '8.9.0', {

Review comment:
       *Severe OSS Vulnerability:*
   ### pkg:maven/org.apache.solr/solr-solrj@8.9.0
   0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
   
   <details>
     <summary><b>Components</b></summary><br/>
     <ul>
         <details>
           <summary><b>pkg:maven/org.apache.httpcomponents/httpclient@4.5.12</b></summary>
           <ul>
     <details>
       <summary><b>SEVERE Vulnerabilities (1)</b></summary><br/>
   <ul>
   
   > #### [CVE-2020-13956] Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret ma...
   > Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
   >
   > **CVSS Score:** 5.3
   >
   > **CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
   
   </ul>
       </details>
           </ul>
         </details>
     </ul>
   </details>
   (at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with `help` or `ignore`)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org