This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix-omid.git
The following commit(s) were added to refs/heads/master by this push:
new b6ddbad OMID-158 Add OWASP dependency check, and update the flagged
direct dependencies
b6ddbad is described below
commit b6ddbad0bf9c6626e475e69ce7a8b8c887187bf8
Author: Istvan Toth <[email protected]>
AuthorDate: Mon Aug 10 08:53:26 2020 +0200
OMID-158 Add OWASP dependency check, and update the flagged direct
dependencies
add check (activated with -Powasp-dependency-check)
remove spurious log4j-extras dependency
update commons-beanutils to latest
Closes #63
---
examples/pom.xml | 6 -----
.../transaction/HBaseOmidClientConfiguration.java | 2 +-
pom.xml | 28 +++++++++++++++++++++-
3 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/examples/pom.xml b/examples/pom.xml
index b948650..03bea50 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -59,12 +59,6 @@
<version>${slf4j.version}</version>
</dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
- <version>${log4j.version}</version>
- </dependency>
-
</dependencies>
<build>
diff --git
a/hbase-client/src/main/java/org/apache/omid/transaction/HBaseOmidClientConfiguration.java
b/hbase-client/src/main/java/org/apache/omid/transaction/HBaseOmidClientConfiguration.java
index b526267..0489cdb 100644
---
a/hbase-client/src/main/java/org/apache/omid/transaction/HBaseOmidClientConfiguration.java
+++
b/hbase-client/src/main/java/org/apache/omid/transaction/HBaseOmidClientConfiguration.java
@@ -58,7 +58,7 @@ public class HBaseOmidClientConfiguration extends
SecureHBaseConfig {
this(CONFIG_FILE_NAME);
}
- public <K, V> HBaseOmidClientConfiguration(Map<K, V> properties) {
+ public <K, V> HBaseOmidClientConfiguration(Map<String, ? extends Object>
properties) {
try {
BeanUtils.populate(this, properties);
} catch (IllegalAccessException | InvocationTargetException e) {
diff --git a/pom.xml b/pom.xml
index 51c56ef..19756c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -193,7 +193,7 @@
<curator.version>2.13.0</curator.version>
<zookeeper.version>3.4.9</zookeeper.version>
<snakeyaml.version>1.11</snakeyaml.version>
- <beanutils.version>1.8.3</beanutils.version>
+ <beanutils.version>1.9.4</beanutils.version>
<commons-io.version>2.4</commons-io.version>
<google.findbugs.version>3.0.1</google.findbugs.version>
<commons-pool2.version>2.4.2</commons-pool2.version>
@@ -218,6 +218,7 @@
<maven-checkstyle-plugin.version>2.17</maven-checkstyle-plugin.version>
<maven-jxr-plugin.version>2.3</maven-jxr-plugin.version>
<maven-findbugs-maven-plugin.version>3.0.1</maven-findbugs-maven-plugin.version>
+ <maven-owasp-plugin.version>5.3.2</maven-owasp-plugin.version>
<!-- Licensing properties (for license-maven-plugins) -->
<license.header>misc/header.txt</license.header>
@@ -644,6 +645,31 @@
</properties>
</profile>
+ <profile>
+ <id>owasp-dependency-check</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${maven-owasp-plugin.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ <skipSystemScope>true</skipSystemScope>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>aggregate</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+
</profiles>
<dependencyManagement>
