You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/12/02 16:02:06 UTC

[GitHub] [nifi] exceptionfactory opened a new pull request, #6751: NIFI-10933 Upgrade OWASP Dependency Check from 7.1.2 to 7.3.2

exceptionfactory opened a new pull request, #6751:
URL: https://github.com/apache/nifi/pull/6751

   # Summary
   
   [NIFI-10933](https://issues.apache.org/jira/browse/NIFI-10933) Upgrades the OWASP Dependency Check Plugin from 7.1.2 to 7.3.2. The upgrade includes a number of improvements, including removal of many false positives, which allowed for the removal of several custom suppressions. Additional changes include adding suppressions for Elasticsearch client libraries being flagged with server vulnerabilities, along with several other false positives.
   
   The dependency check plugin can be executed by running `mvn validate -P dependency-check`
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
   
   ### Pull Request Tracking
   
   - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
   - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
   
   ### Pull Request Formatting
   
   - [X] Pull Request based on current revision of the `main` branch
   - [X] Pull Request refers to a feature branch with one commit containing changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request creation.
   
   ### Build
   
   - [X] Build completed using `mvn clean install -P contrib-check`
     - [X] JDK 8
     - [X] JDK 11
     - [X] JDK 17
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] asfgit closed pull request #6751: NIFI-10933 Upgrade OWASP Dependency Check from 7.1.2 to 7.3.2

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #6751: NIFI-10933 Upgrade OWASP Dependency Check from 7.1.2 to 7.3.2
URL: https://github.com/apache/nifi/pull/6751


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org