This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 2d5e24c0a2 NIFI-9975 Upgraded OWASP Dependency Check from 6.5.3 to
7.1.0
2d5e24c0a2 is described below
commit 2d5e24c0a22b98e45b4298d14bcf75281362ce91
Author: exceptionfactory <[email protected]>
AuthorDate: Thu Apr 28 16:26:46 2022 -0500
NIFI-9975 Upgraded OWASP Dependency Check from 6.5.3 to 7.1.0
- Removed unnecessary suppression configurations due to detection
improvements
Signed-off-by: Pierre Villard <[email protected]>
This closes #6004.
---
nifi-dependency-check-maven/suppressions.xml | 20 --------------------
pom.xml | 2 +-
2 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml
b/nifi-dependency-check-maven/suppressions.xml
index d81aa7fd76..3184dff06b 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -19,34 +19,14 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.nifi.*$</packageUrl>
<cpe regex="true">^cpe:.*$</cpe>
</suppress>
- <suppress>
- <notes>Jetty Test Helper is incorrectly identified as part of Jetty
Server</notes>
- <packageUrl
regex="true">^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty-test-helper.*$</packageUrl>
- <cpe regex="true">^cpe:.*$</cpe>
- </suppress>
- <suppress>
- <notes>Apache FTP Server library is incorrectly identified with Apache
HTTP Server</notes>
- <packageUrl
regex="true">^pkg:maven/org\.apache\.ftpserver/ftpserver\-core@.*$</packageUrl>
- <cpe>cpe:/a:apache:http_server</cpe>
- </suppress>
<suppress>
<notes>Meta MX HTTP Client is incorrectly identified as Netty</notes>
<packageUrl
regex="true">^pkg:maven/com\.metamx/http\-client@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
- <suppress>
- <notes>Servlet API libraries with the Jetty package are incorrectly
associated with Jetty Server</notes>
- <packageUrl
regex="true">^pkg:maven/org\.mortbay\.jetty/servlet\-api@.*$</packageUrl>
- <cpe regex="true">^cpe:/a:.*:jetty:.*$</cpe>
- </suppress>
<suppress>
<notes>Testcontainers MySQL is incorrectly identified with MySQL
server</notes>
<packageUrl
regex="true">^pkg:maven/org\.testcontainers/mysql@.*$</packageUrl>
<cpe>cpe:/a:mysql:mysql</cpe>
</suppress>
- <suppress>
- <notes>Vorbis Java Tika is incorrectly linked to flac_project</notes>
- <packageUrl
regex="true">^pkg:maven/org\.gagravarr/vorbis\-java\-tika@.*$</packageUrl>
- <cpe>cpe:/a:flac_project:flac</cpe>
- </suppress>
</suppressions>
diff --git a/pom.xml b/pom.xml
index f59017a27f..29bf1f561e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1205,7 +1205,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>6.5.3</version>
+ <version>7.1.0</version>
<executions>
<execution>
<inherited>false</inherited>
