zhuangchong commented on PR #13163: URL: https://github.com/apache/dolphinscheduler/pull/13163#issuecomment-1377075076
> > CI exception is zk related dependency version detection exception. If zk-3.8 is used as the default option, there will be no problem with this dependency check. > > Error: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating '[CVE-2020-36569](https://github.com/advisories/GHSA-hrm3-3xm6-x33h)' org.owasp.dependencycheck.data.update.exception.UpdateException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating '[CVE-2020-36569](https://github.com/advisories/GHSA-hrm3-3xm6-x33h)' > > [CVE-2020-36569](https://github.com/advisories/GHSA-hrm3-3xm6-x33h) Authentication is globally bypassed in githubcom/nanobox-io/golang-nanoauth between v000-20160722212129-ac0cc4484ad4 and v000-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token authentication complexity vector not available not available not available confidentiality integrity availability not available not availabl > > No correlation seen I'm talking about this part 'https://github.com/apache/dolphinscheduler/actions/runs/3867927850/jobs/6597354529#step:7:1027', OWASP detection is not mandatory to succeed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
