You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by ji...@apache.org on 2020/04/11 22:43:16 UTC
[druid] branch 0.18.0 updated: Skip node dev dependency
vulnerability scan (#9684) (#9686)
This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a commit to branch 0.18.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.18.0 by this push:
new 385a8c1 Skip node dev dependency vulnerability scan (#9684) (#9686)
385a8c1 is described below
commit 385a8c1a3363791d16cd91d992c391791e7ecf14
Author: Jihoon Son <ji...@apache.org>
AuthorDate: Sat Apr 11 15:43:04 2020 -0700
Skip node dev dependency vulnerability scan (#9684) (#9686)
Since they are not production dependencies, security vulnerabilities in
the dev dependencies can be ignored.
Co-authored-by: Chi Cao Minh <ch...@imply.io>
---
pom.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index d514542..8323040 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1522,12 +1522,15 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>5.3.0</version>
+ <version>5.3.2</version>
<configuration>
<cveValidForHours>24</cveValidForHours>
<failBuildOnCVSS>7</failBuildOnCVSS>
<skipProvidedScope>true</skipProvidedScope>
<skipSystemScope>true</skipSystemScope> <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
+ <!-- For node analysis info, see https://github.com/jeremylong/DependencyCheck/issues/2482#issuecomment-603755623 -->
+ <nodeAnalyzerEnabled>false</nodeAnalyzerEnabled> <!-- plugin author (jeremylong) recommends to disable, since this analyzer is retired -->
+ <nodeAuditSkipDevDependencies>true</nodeAuditSkipDevDependencies>
<suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
</configuration>
<executions>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org