You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by "zl (Jira)" <ji...@apache.org> on 2022/03/28 12:40:00 UTC
[jira] [Created] (FLINK-26883) Bump dependency-check-maven to 2.10.1
zl created FLINK-26883:
--------------------------
Summary: Bump dependency-check-maven to 2.10.1
Key: FLINK-26883
URL: https://issues.apache.org/jira/browse/FLINK-26883
Project: Flink
Issue Type: Improvement
Components: Build System
Reporter: zl
when running *_mvn org.owasp:dependency-check-maven:aggregate ,_* the following error occurred:
{code:java}
IO Exception connecting to https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz
...... {code}
That's because org.owasp:dependency-check-maven:5.0.0-M2 in _*flink-parent/pom.xml*_ is outdated and the data is unavailable. we may need to bump dependency-check-maven to newer version, like 7.0.1.
I rerun *_mvn org.owasp:dependency-check-maven:aggregate_* with org.owasp:dependency-check-maven:7.0.1, it works well.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)