You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "zl (Jira)" <ji...@apache.org> on 2022/03/28 12:40:00 UTC

[jira] [Created] (FLINK-26883) Bump dependency-check-maven to 2.10.1

zl created FLINK-26883:
--------------------------

             Summary: Bump dependency-check-maven to 2.10.1
                 Key: FLINK-26883
                 URL: https://issues.apache.org/jira/browse/FLINK-26883
             Project: Flink
          Issue Type: Improvement
          Components: Build System
            Reporter: zl


when running *_mvn org.owasp:dependency-check-maven:aggregate ,_* the following error occurred:

 
{code:java}
IO Exception connecting to https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz 
...... {code}
 

That's because org.owasp:dependency-check-maven:5.0.0-M2 in _*flink-parent/pom.xml*_ is outdated and the data is unavailable. we may need to bump dependency-check-maven to newer version, like 7.0.1.

I rerun *_mvn org.owasp:dependency-check-maven:aggregate_* with org.owasp:dependency-check-maven:7.0.1, it works well.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)