shoothzj opened a new pull request, #4406: URL: https://github.com/apache/bookkeeper/pull/4406
### Motivation The purpose of this update is to correct a configuration error in our OWASP Dependency Check Maven plugin setup. I appreciate @xiezhx9 for opening the issue on [jeremylong/DependencyCheck #6697](https://github.com/jeremylong/DependencyCheck/issues/6697). Also, a special thanks to @jeremylong for his guidance and response. From dependency-check-plugin maintainer jeremylong > With the setup specified ODC would run too many times - once with the specified configuration and once without. You can either put the plugin into the build/plugins or in the reporting - don't do both. > Regarding it re-running on each child module - you likely want to specify <inherited>false</inherited>. ### Changes - **Version Update:** The `dependency-check-maven.version` in `pom.xml` has been updated from `9.1.0` to `9.2.0`. This update incorporates the latest vulnerability definitions and enhancements from OWASP. - **Fix Configuration Inheritance:** Added `<inherited>false</inherited>` to the dependency-check plugin configuration under the build section. This correction prevents the plugin from inheriting settings unnecessarily across multi-module projects, reducing superfluous scans and speeding up builds. - **Remove Duplicate Configuration:** Eliminated the OWASP plugin configuration from the reporting section. This change fixes a prior oversight where the plugin was configured to execute twice, once in the build and once in the reporting phase, leading to unnecessary build delays. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
