[solr] branch branch_9x updated: SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)

Thu, 19 Jan 2023 06:12:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new 7c3e0930a91 SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
7c3e0930a91 is described below

commit 7c3e0930a9181420a142bbdfc53bc95d7ccb3158
Author: Kevin Risden <[email protected]>
AuthorDate: Thu Jan 19 09:05:29 2023 -0500

    SOLR-16625: Upgrade OWASP Dependency Check to 8.0.1 (#1299)
---
 build.gradle                                    | 2 +-
 gradle/validation/owasp-dependency-check.gradle | 5 ++++-
 solr/CHANGES.txt                                | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index b75a9f766bc..3edea114fe7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ import java.time.format.DateTimeFormatter
 plugins {
   id "base"
   id "com.palantir.consistent-versions" version "2.11.0"
-  id "org.owasp.dependencycheck" version "7.4.1"
+  id "org.owasp.dependencycheck" version "8.0.1"
   id 'ca.cutterslade.analyze' version "1.9.0"
   id 'de.thetaphi.forbiddenapis' version '3.4' apply false
   id "de.undercouch.download" version "5.2.0" apply false
diff --git a/gradle/validation/owasp-dependency-check.gradle 
b/gradle/validation/owasp-dependency-check.gradle
index 6d76e9cb7ff..eb5961e8269 100644
--- a/gradle/validation/owasp-dependency-check.gradle
+++ b/gradle/validation/owasp-dependency-check.gradle
@@ -26,9 +26,12 @@ configure(rootProject) {
   dependencyCheck {
     failBuildOnCVSS = propertyOrDefault("validation.owasp.threshold", 7) as 
Integer
     formats = ['ALL']
-    skipProjects = [':solr:solr-ref-guide']
+    skipProjects = [':solr:solr-ref-guide', ':solr-missing-doclet']
     skipConfigurations = ['unifiedClasspath', 'permitUnusedDeclared']
     suppressionFile = file("${resources}/exclusions.xml")
+    analyzers {
+      assemblyEnabled = false
+    }
   }
 
   task owasp() {
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 1192e79729f..01f7ba9c0b2 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -159,6 +159,8 @@ Build
 
 * SOLR-16624: Remove Gradle Groovy version override (Kevin Risden)
 
+* SOLR-16625: Upgrade OWASP dependency check to 8.0.1 (Kevin Risden)
+
 Other Changes
 ---------------------
 * SOLR-16545: Upgrade Carrot2 to 4.5.0 (Dawid Weiss)

Reply via email to