You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by kr...@apache.org on 2023/01/19 14:05:37 UTC

[solr] branch main updated: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new eb7c423b389 SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
eb7c423b389 is described below

commit eb7c423b3890283933ad395f01fb08adc671bc4d
Author: Kevin Risden <ri...@users.noreply.github.com>
AuthorDate: Thu Jan 19 09:05:29 2023 -0500

    SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
---
 build.gradle                                    | 2 +-
 gradle/validation/owasp-dependency-check.gradle | 5 ++++-
 solr/CHANGES.txt                                | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 4d64e2c2201..dbf58b45a37 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ import java.time.format.DateTimeFormatter
 plugins {
   id "base"
   id "com.palantir.consistent-versions" version "2.11.0"
-  id "org.owasp.dependencycheck" version "7.4.1"
+  id "org.owasp.dependencycheck" version "8.0.1"
   id 'ca.cutterslade.analyze' version "1.9.0"
   id 'de.thetaphi.forbiddenapis' version '3.4' apply false
   id "de.undercouch.download" version "5.2.0" apply false
diff --git a/gradle/validation/owasp-dependency-check.gradle b/gradle/validation/owasp-dependency-check.gradle
index 6d76e9cb7ff..eb5961e8269 100644
--- a/gradle/validation/owasp-dependency-check.gradle
+++ b/gradle/validation/owasp-dependency-check.gradle
@@ -26,9 +26,12 @@ configure(rootProject) {
   dependencyCheck {
     failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as Integer
     formats = ['ALL']
-    skipProjects = [':solr:solr-ref-guide']
+    skipProjects = [':solr:solr-ref-guide', ':solr-missing-doclet']
     skipConfigurations = ['unifiedClasspath', 'permitUnusedDeclared']
     suppressionFile = file("${resources}/exclusions.xml")
+    analyzers {
+      assemblyEnabled = false
+    }
   }
 
   task owasp() {
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 89f02246edb..8c5e2cf5915 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -185,6 +185,8 @@ Build
 
 * SOLR-16624: Remove Gradle Groovy version override (Kevin Risden)
 
+* SOLR-16625: Upgrade OWASP dependency check to 8.0.1 (Kevin Risden)
+
 Other Changes
 ---------------------
 * SOLR-16545: Upgrade Carrot2 to 4.5.0 (Dawid Weiss)