suneet-s opened a new pull request #10883: URL: https://github.com/apache/druid/pull/10883
### Description This PR aims to make the dependency-check job less flaky. It addresses intermittent failures with error messages like `Failed to request component-reports` This was inspired by the workaround suggested in https://github.com/jeremylong/DependencyCheck/issues/1908 Local testing appears to support the workaround mentioned in this issue. The drawback of this approach is that the job will no longer produce a dependency vulnerability report - so if the job fails, devs need to run `mvn dependency-check:check` locally to see which project the vulnerability is reported from. This PR also updates the version to the latest. The upgrade from 5.x to 6.x is a breaking change for some use cases, but AFAICT nothing was needed as part of the version upgrade. <hr> This PR has: - [ ] been self-reviewed. - [ ] using the [concurrency checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md) (Remove this item if the PR doesn't have any relation to concurrency.) - [ ] added documentation for new or modified features or behaviors. - [ ] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links. - [ ] added or updated version, license, or notice information in [licenses.yaml](https://github.com/apache/druid/blob/master/licenses.yaml) - [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
