This is an automated email from the ASF dual-hosted git repository.
gk pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/turbine-core.git
The following commit(s) were added to refs/heads/trunk by this push:
new f5c4bb7 update to released parent v9, update deps (jackson2,
testcontainer)
f5c4bb7 is described below
commit f5c4bb747160d9679d893e04934e51380792b2a6
Author: Georg Kallidis <[email protected]>
AuthorDate: Fri Oct 22 11:52:56 2021 +0200
update to released parent v9, update deps (jackson2, testcontainer)
---
pom.xml | 9 +++++----
suppression-owasp-fp.xml | 18 ++++++++++++++++--
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1e8f47e..ec16a69 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.turbine</groupId>
<artifactId>turbine-parent</artifactId>
- <version>9-SNAPSHOT</version>
+ <version>9</version>
</parent>
<artifactId>turbine</artifactId>
<name>Apache Turbine</name>
@@ -1297,12 +1297,13 @@
<turbine.site.path>turbine-core</turbine.site.path>
<fulcrum.intake>2.0.0</fulcrum.intake>
<fulcrum.parser>2.0.1</fulcrum.parser>
- <fulcrum.security>2.0.1-SNAPSHOT</fulcrum.security>
+ <!--fulcrum.securityafter release change to 2.1.0 -->
+ <fulcrum.security>2.0.1-SNAPSHOT</fulcrum.security>
<fulcrum.yaafi>1.0.8</fulcrum.yaafi>
<torque.version>5.0</torque.version>
- <jackson2.version>2.12.3</jackson2.version>
+ <jackson2.version>2.12.5</jackson2.version>
<doclint>none</doclint>
- <docker.testcontainers.version>1.15.3</docker.testcontainers.version>
+ <docker.testcontainers.version>1.16.0</docker.testcontainers.version>
<jacoco.skip>true</jacoco.skip>
<argLine></argLine>
</properties>
diff --git a/suppression-owasp-fp.xml b/suppression-owasp-fp.xml
index 09a1b58..b7fd3f7 100644
--- a/suppression-owasp-fp.xml
+++ b/suppression-owasp-fp.xml
@@ -17,8 +17,22 @@
specific language governing permissions and limitations
under the License.
-->
-<!-- general cft.
https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
-<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";>
+<!-- more info here:
https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
+<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";>
+ <suppress>
+ <notes><![CDATA[
+ file name: commons-io-2.6.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
+ <cve>CVE-2021-29425</cve>
+</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: jython-standalone-2.7.2.jar (shaded:
com.google.guava:guava:28.0-android)
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+</suppress>
<!-- suppress c3p0 warning until quartz v1.1.2 is released (in fulcrum
quartz), which fixes https://github.com/quartz-scheduler/quartz/issues/316 -->
<suppress>
<notes><