You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by kr...@apache.org on 2019/03/12 16:28:46 UTC
[knox] branch master updated: KNOX-1822 - Upgrade
dependency-check-maven to 5.0.0-M1
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new bd0ab3e KNOX-1822 - Upgrade dependency-check-maven to 5.0.0-M1
bd0ab3e is described below
commit bd0ab3e1f8afd2453ca60b723c04d043a283d451
Author: Kevin Risden <kr...@apache.org>
AuthorDate: Tue Mar 12 10:44:59 2019 -0400
KNOX-1822 - Upgrade dependency-check-maven to 5.0.0-M1
Signed-off-by: Kevin Risden <kr...@apache.org>
---
.../build-tools/dependency-check/suppressions.xml | 24 ++++++++++++++++++++++
pom.xml | 2 +-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
index ee181fe..e97a901 100644
--- a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
+++ b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
@@ -17,6 +17,16 @@ limitations under the License.
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
+ <notes><![CDATA[file name: commons-net-.*.jar]]></notes>
+ <gav regex="true">^commons-net:commons-net:.*$</gav>
+ <cpe>cpe:/a:echo_project:echo</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: amqp-client-.*.jar]]></notes>
+ <gav regex="true">^com\.rabbitmq:amqp-client:.*$</gav>
+ <cpe>cpe:/a:pivotal_software:rabbitmq</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: javax.jws-api-.*.jar]]></notes>
<gav regex="true">^javax\.jws:javax\.jws-api:.*$</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
@@ -45,6 +55,7 @@ limitations under the License.
<cpe>cpe:/a:apache:apache_http_server</cpe>
<cpe>cpe:/a:apache:apache_test</cpe>
<cpe>cpe:/a:apache:hadoop</cpe>
+ <cpe>cpe:/a:apache:hbase</cpe>
<cpe>cpe:/a:apache:hive</cpe>
<cpe>cpe:/a:apache:http_server</cpe>
<cpe>cpe:/a:apache:nifi</cpe>
@@ -97,11 +108,24 @@ limitations under the License.
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress>
+ <notes><![CDATA[file name: apache-jsp-.*.jar]]></notes>
+ <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav>
+ <cpe>cpe:/a:apache:tomcat</cpe>
+ <cpe>cpe:/a:apache_software_foundation:tomcat</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[slf4j-ext and EventData not used]]></notes>
<gav regex="true">^org\.slf4j:.*$</gav>
<cve>CVE-2018-8088</cve>
</suppress>
<suppress>
+ <notes><![CDATA[file name: spring-vault-core-.*.jar]]></notes>
+ <gav regex="true">^org\.springframework\.vault:spring-vault-core:.*$</gav>
+ <cpe>cpe:/a:pivotal:spring_framework</cpe>
+ <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
+ <cpe>cpe:/a:springsource:spring_framework</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: xz-.*.jar]]></notes>
<gav regex="true">^org\.tukaani:xz:.*$</gav>
<cve>CVE-2015-4035</cve>
diff --git a/pom.xml b/pom.xml
index 8442cdd..8b5b2dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -165,7 +165,7 @@
<cors-filter.version>2.6</cors-filter.version>
<curator.version>4.2.0</curator.version>
<curator-test.version>2.13.0</curator-test.version>
- <dependency-check-maven.version>4.0.2</dependency-check-maven.version>
+ <dependency-check-maven.version>5.0.0-M1</dependency-check-maven.version>
<dockerfile-maven-plugin.version>1.4.10</dockerfile-maven-plugin.version>
<easymock.version>4.0.2</easymock.version>
<eclipselink.version>2.7.4</eclipselink.version>