You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by kr...@apache.org on 2023/01/19 14:05:37 UTC
[solr] branch main updated: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new eb7c423b389 SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
eb7c423b389 is described below
commit eb7c423b3890283933ad395f01fb08adc671bc4d
Author: Kevin Risden <ri...@users.noreply.github.com>
AuthorDate: Thu Jan 19 09:05:29 2023 -0500
SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
---
build.gradle | 2 +-
gradle/validation/owasp-dependency-check.gradle | 5 ++++-
solr/CHANGES.txt | 2 ++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index 4d64e2c2201..dbf58b45a37 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ import java.time.format.DateTimeFormatter
plugins {
id "base"
id "com.palantir.consistent-versions" version "2.11.0"
- id "org.owasp.dependencycheck" version "7.4.1"
+ id "org.owasp.dependencycheck" version "8.0.1"
id 'ca.cutterslade.analyze' version "1.9.0"
id 'de.thetaphi.forbiddenapis' version '3.4' apply false
id "de.undercouch.download" version "5.2.0" apply false
diff --git a/gradle/validation/owasp-dependency-check.gradle b/gradle/validation/owasp-dependency-check.gradle
index 6d76e9cb7ff..eb5961e8269 100644
--- a/gradle/validation/owasp-dependency-check.gradle
+++ b/gradle/validation/owasp-dependency-check.gradle
@@ -26,9 +26,12 @@ configure(rootProject) {
dependencyCheck {
failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as Integer
formats = ['ALL']
- skipProjects = [':solr:solr-ref-guide']
+ skipProjects = [':solr:solr-ref-guide', ':solr-missing-doclet']
skipConfigurations = ['unifiedClasspath', 'permitUnusedDeclared']
suppressionFile = file("${resources}/exclusions.xml")
+ analyzers {
+ assemblyEnabled = false
+ }
}
task owasp() {
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 89f02246edb..8c5e2cf5915 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -185,6 +185,8 @@ Build
* SOLR-16624: Remove Gradle Groovy version override (Kevin Risden)
+* SOLR-16625: Upgrade OWASP dependency check to 8.0.1 (Kevin Risden)
+
Other Changes
---------------------
* SOLR-16545: Upgrade Carrot2 to 4.5.0 (Dawid Weiss)