This is an automated email from the ASF dual-hosted git repository. martin_s pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/archiva.git
commit ee45f7b29f63292c88f891a15569c9c51ac0f9cb Author: Martin Stockhammer <[email protected]> AuthorDate: Mon Jan 4 15:20:36 2021 +0100 Upgrading dependency check and suppress jquery upload --- archiva-modules/archiva-web/archiva-webapp/pom.xml | 2 +- .../src/main/resources/META-INF/owasp/cve-suppressions.xml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/archiva-modules/archiva-web/archiva-webapp/pom.xml b/archiva-modules/archiva-web/archiva-webapp/pom.xml index 1a73bb4..6e869f7 100644 --- a/archiva-modules/archiva-web/archiva-webapp/pom.xml +++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml @@ -935,7 +935,7 @@ <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> - <version>5.3.2</version> + <version>6.0.4</version> <configuration> <skipProvidedScope>true</skipProvidedScope> <failBuildOnCVSS>8</failBuildOnCVSS> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml index 420e6a5..2a3f08f 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml @@ -64,4 +64,13 @@ <vulnerabilityName>CVE-2019-20444</vulnerabilityName> </suppress> + + <suppress> + <notes><![CDATA[ + file name: jquery-file-upload-9.10.1.jar is part of deprecated Web UI. + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.webjars/jquery\-file\-upload@.*$</packageUrl> + <cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe> + </suppress> + </suppressions>
