This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.17 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit db8e472fc6a5bbed240456af7afb751e1aee43c7 Author: ZhangJian He <[email protected]> AuthorDate: Mon Jul 29 17:10:19 2024 +0800 [fix][ci] Fix OWASP Dependency Check download by using NVD API key (#4473) Signed-off-by: ZhangJian He <[email protected]> (cherry picked from commit 7ab29e6a7a12921d87604744bc26ae85c8fde351) --- .github/workflows/bk-ci.yml | 1 + pom.xml | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml index e3a0dc057c..e73670eaee 100644 --- a/.github/workflows/bk-ci.yml +++ b/.github/workflows/bk-ci.yml @@ -32,6 +32,7 @@ on: env: MAVEN_OPTS: -Xss1500k -Xmx1500m -Daether.connector.http.reuseConnections=false -Daether.connector.requestTimeout=60000 -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.serviceUnavailableRetryStrategy.class=standard -Dmaven.wagon.rto=60000 + NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }} concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/pom.xml b/pom.xml index c7115eb98b..2e2c9e0d39 100644 --- a/pom.xml +++ b/pom.xml @@ -191,7 +191,7 @@ <maven-checkstyle-plugin.version>3.3.1</maven-checkstyle-plugin.version> <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version> <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version> - <dependency-check-maven.version>9.2.0</dependency-check-maven.version> + <dependency-check-maven.version>10.0.2</dependency-check-maven.version> <nar-maven-plugin.version>3.10.1</nar-maven-plugin.version> <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version> <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version> @@ -1164,6 +1164,10 @@ <version>${dependency-check-maven.version}</version> <inherited>false</inherited> <configuration> + <!-- https://issues.apache.org/jira/projects/INFRA/issues/INFRA-26000 --> + <nvdApiKeyEnvironmentVariable>NIST_NVD_API_KEY</nvdApiKeyEnvironmentVariable> + <!-- Uncomment the following to use the NVD data feed provided by the Dependency-Check project --> + <!-- <nvdDatafeedUrl>https://jeremylong.github.io/DependencyCheck/hb_nvd/</nvdDatafeedUrl> --> <suppressionFiles> <suppressionFile>src/owasp-dependency-check-suppressions.xml</suppressionFile> </suppressionFiles>
