You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by qi...@apache.org on 2019/11/30 15:45:51 UTC
[incubator-iotdb] branch revert-599-revert-590-move_oss_to_profile
created (now 45aa8cd)
This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a change to branch revert-599-revert-590-move_oss_to_profile
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git.
at 45aa8cd Revert "Revert "Move the vulnera-checks section into the apache-release profile (#590)" (#599)"
This branch includes the following new commits:
new 45aa8cd Revert "Revert "Move the vulnera-checks section into the apache-release profile (#590)" (#599)"
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[incubator-iotdb] 01/01: Revert "Revert "Move the vulnera-checks
section into the apache-release profile (#590)" (#599)"
Posted by qi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch revert-599-revert-590-move_oss_to_profile
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
commit 45aa8cd51e6d18bc8117facaf4992ec00bfe16f0
Author: Jialin Qiao <qj...@mails.tsinghua.edu.cn>
AuthorDate: Sat Nov 30 23:45:43 2019 +0800
Revert "Revert "Move the vulnera-checks section into the apache-release profile (#590)" (#599)"
This reverts commit 094aefd454c05885fa197b495db0e8bd39addaf8.
---
pom.xml | 160 ++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 80 insertions(+), 80 deletions(-)
diff --git a/pom.xml b/pom.xml
index a29906d..b8771b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -518,86 +518,6 @@
</pluginManagement>
<plugins>
<!--
- Strange things usually happen if you run with a too low Java version.
- This plugin not only checks the minimum java version of 1.8, but also
- checks all dependencies (and transitive dependencies) for reported CVEs.
- -->
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-enforcer-plugin</artifactId>
- <version>3.0.0-M2</version>
- <!--$NO-MVN-MAN-VER$-->
- <executions>
- <!-- Ensure we're not mixing dependency versions -->
- <execution>
- <id>enforce-version-convergence</id>
- <configuration>
- <rules>
- <dependencyConvergence/>
- </rules>
- </configuration>
- <goals>
- <goal>enforce</goal>
- </goals>
- </execution>
- <!--
- Fails the build if classes are included from multiple
- artifacts and these are not identical.
- -->
- <!--execution>
- <id>enforce-ban-duplicate-classes</id>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <rules>
- <banDuplicateClasses>
- <scopes>
- <scope>compile</scope>
- <scope>provided</scope>
- </scopes>
- <findAllDuplicates>true</findAllDuplicates>
- <ignoreWhenIdentical>true</ignoreWhenIdentical>
- </banDuplicateClasses>
- </rules>
- <fail>true</fail>
- </configuration>
- </execution-->
- <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
- <execution>
- <id>vulnerability-checks</id>
- <phase>validate</phase>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <!-- Just generate warnings for now -->
- <fail>false</fail>
- <rules>
- <requireJavaVersion>
- <version>1.8.0</version>
- </requireJavaVersion>
- <!-- Disabled for now as it breaks the ability to build single modules -->
- <!--reactorModuleConvergence/-->
- <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
- </rules>
- </configuration>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.sonatype.ossindex.maven</groupId>
- <artifactId>ossindex-maven-enforcer-rules</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>extra-enforcer-rules</artifactId>
- <version>1.2</version>
- </dependency>
- </dependencies>
- </plugin>
- <!--
Even if Maven transitively pulls in dependencies, relying on these can
quite often cause hard to find problems. So it's a good practice to make
sure everything directly required is also directly added as a dependency.
@@ -1035,6 +955,86 @@
</execution>
</executions>
</plugin>
+ <!--
+ Strange things usually happen if you run with a too low Java version.
+ This plugin not only checks the minimum java version of 1.8, but also
+ checks all dependencies (and transitive dependencies) for reported CVEs.
+ -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0-M2</version>
+ <!--$NO-MVN-MAN-VER$-->
+ <executions>
+ <!-- Ensure we're not mixing dependency versions -->
+ <execution>
+ <id>enforce-version-convergence</id>
+ <configuration>
+ <rules>
+ <dependencyConvergence/>
+ </rules>
+ </configuration>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ </execution>
+ <!--
+ Fails the build if classes are included from multiple
+ artifacts and these are not identical.
+ -->
+ <!--execution>
+ <id>enforce-ban-duplicate-classes</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banDuplicateClasses>
+ <scopes>
+ <scope>compile</scope>
+ <scope>provided</scope>
+ </scopes>
+ <findAllDuplicates>true</findAllDuplicates>
+ <ignoreWhenIdentical>true</ignoreWhenIdentical>
+ </banDuplicateClasses>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution-->
+ <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
+ <execution>
+ <id>vulnerability-checks</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <!-- Just generate warnings for now -->
+ <fail>false</fail>
+ <rules>
+ <requireJavaVersion>
+ <version>1.8.0</version>
+ </requireJavaVersion>
+ <!-- Disabled for now as it breaks the ability to build single modules -->
+ <!--reactorModuleConvergence/-->
+ <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.sonatype.ossindex.maven</groupId>
+ <artifactId>ossindex-maven-enforcer-rules</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>extra-enforcer-rules</artifactId>
+ <version>1.2</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</build>
</profile>