You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by afine <gi...@git.apache.org> on 2017/09/28 07:33:00 UTC
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
GitHub user afine opened a pull request:
https://github.com/apache/zookeeper/pull/384
ZOOKEEPER-2906: The OWASP dependency check jar should not be included…
… in the default classpath
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/afine/zookeeper ZOOKEEPER-2906
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/384.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #384
----
commit 241fbeb2b33bafb1ca79a3cd322ea04c24c2f755
Author: Abraham Fine <af...@apache.org>
Date: 2017-09-28T07:31:11Z
ZOOKEEPER-2906: The OWASP dependency check jar should not be included in the default classpath
----
---
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
Posted by afine <gi...@git.apache.org>.
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/384#discussion_r141748582
--- Diff: build.xml ---
@@ -1558,8 +1565,8 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
classpathref="releaseaudit-classpath"/>
</target>
- <target name="owasp-taskdef" depends="ivy-retrieve-releaseaudit">
--- End diff --
+1
---
[GitHub] zookeeper issue #384: ZOOKEEPER-2906: The OWASP dependency check jar should ...
Posted by phunt <gi...@git.apache.org>.
Github user phunt commented on the issue:
https://github.com/apache/zookeeper/pull/384
+1, lgtm. Thanks Abe!
---
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
Posted by phunt <gi...@git.apache.org>.
Github user phunt commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/384#discussion_r141546698
--- Diff: build.xml ---
@@ -121,6 +121,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
<property name="ivy.test.lib" value="${build.dir}/test/lib"/>
<property name="ivy.jdiff.lib" value="${build.dir}/jdiff/lib"/>
<property name="ivy.javacc.lib" value="${build.dir}/javacc/lib"/>
+ <property name="ivy.owasp.lib" value="${build.dir}/owasp/lib"/>
--- End diff --
iirc the reports are output to build/test/owasp/.... perhaps you should move them here as well rather than spreading around?
---
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/zookeeper/pull/384
---
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
Posted by phunt <gi...@git.apache.org>.
Github user phunt commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/384#discussion_r141546115
--- Diff: build.xml ---
@@ -1558,8 +1565,8 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
classpathref="releaseaudit-classpath"/>
</target>
- <target name="owasp-taskdef" depends="ivy-retrieve-releaseaudit">
--- End diff --
Notice that the release audit jars are being dumped into build/lib - I'd recommend we fix that as part of this patch as well.
---
[GitHub] zookeeper pull request #384: ZOOKEEPER-2906: The OWASP dependency check jar ...
Posted by afine <gi...@git.apache.org>.
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/384#discussion_r141748009
--- Diff: build.xml ---
@@ -121,6 +121,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
<property name="ivy.test.lib" value="${build.dir}/test/lib"/>
<property name="ivy.jdiff.lib" value="${build.dir}/jdiff/lib"/>
<property name="ivy.javacc.lib" value="${build.dir}/javacc/lib"/>
+ <property name="ivy.owasp.lib" value="${build.dir}/owasp/lib"/>
--- End diff --
the reports are output to build/test/owasp/ in order to match what we do with clover
so i felt it was best to follow convention rather than drop the actual report in with the dependencies
---