[GitHub] [druid] abhishekagarwal87 commented on a diff in pull request #13119: Suppress Calcite CVE

Fri, 23 Sep 2022 03:53:14 -0700 


abhishekagarwal87 commented on code in PR #13119:
URL: https://github.com/apache/druid/pull/13119#discussion_r978509295


##########
owasp-dependency-check-suppressions.xml:
##########
@@ -632,4 +632,26 @@
     <cve>CVE-2022-31197</cve>
   </suppress>
 
+  <suppress>
+    <!-- avatica-server-1.17.0.jar -->
+    <notes><![CDATA[
+   file name: avatica-server-1.17.0.jar

Review Comment:
   the failure is being reported for `avatica-server` as well. 
   ```
   [ERROR] ----------------------------------------------------
   [ERROR] .NET Assembly Analyzer could not be initialized and at least one 
'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the 
path; either disable the Assembly Analyzer or add the path to dotnet core in 
the configuration.
   [ERROR] ----------------------------------------------------
   [ERROR] Failed to execute goal 
org.owasp:dependency-check-maven:7.0.4:aggregate (default-cli) on project 
druid: 
   [ERROR] 
   [ERROR] One or more dependencies were identified with vulnerabilities that 
have a CVSS score greater than or equal to '7.0': 
   [ERROR] 
   [ERROR] avatica-server-1.17.0.jar: CVE-2022-39135(9.8)
   [ERROR] calcite-core-1.21.0.jar: CVE-2022-39135(9.8)
   [ERROR] 
   [ERROR] See the dependency-check report for more details.
   [ERROR] -> [Help 1]
   [ERROR] 
   [ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
   [ERROR] Re-run Maven using the -X switch to enable full debug logging.
   [ERROR] 
   [ERROR] For more information about the errors and possible solutions, please 
read the following articles:
   [ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to