You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by ji...@apache.org on 2020/04/11 22:43:16 UTC

[druid] branch 0.18.0 updated: Skip node dev dependency vulnerability scan (#9684) (#9686)

This is an automated email from the ASF dual-hosted git repository.

jihoonson pushed a commit to branch 0.18.0
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/0.18.0 by this push:
     new 385a8c1  Skip node dev dependency vulnerability scan (#9684) (#9686)
385a8c1 is described below

commit 385a8c1a3363791d16cd91d992c391791e7ecf14
Author: Jihoon Son <ji...@apache.org>
AuthorDate: Sat Apr 11 15:43:04 2020 -0700

    Skip node dev dependency vulnerability scan (#9684) (#9686)
    
    Since they are not production dependencies, security vulnerabilities in
    the dev dependencies can be ignored.
    
    Co-authored-by: Chi Cao Minh <ch...@imply.io>
---
 pom.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d514542..8323040 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1522,12 +1522,15 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.3.0</version>
+                <version>5.3.2</version>
                 <configuration>
                     <cveValidForHours>24</cveValidForHours>
                     <failBuildOnCVSS>7</failBuildOnCVSS>
                     <skipProvidedScope>true</skipProvidedScope>
                     <skipSystemScope>true</skipSystemScope>  <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
+                    <!-- For node analysis info, see https://github.com/jeremylong/DependencyCheck/issues/2482#issuecomment-603755623 -->
+                    <nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>  <!-- plugin author (jeremylong) recommends to disable, since this analyzer is retired -->
+                    <nodeAuditSkipDevDependencies>true</nodeAuditSkipDevDependencies>
                     <suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org