Steve Loughran created HADOOP-19700:
---------------------------------------
Summary: hadoop-thirdparty build to use later
dependency-check-plugin version
Key: HADOOP-19700
URL: https://issues.apache.org/jira/browse/HADOOP-19700
Project: Hadoop Common
Issue Type: Improvement
Components: hadoop-thirdparty
Affects Versions: thirdparty-1.5.0
Reporter: Steve Loughran
Assignee: Steve Loughran
github action builds of PRs for hadoopHthirdparty fail because of throttling
NVE throttling of requests; needs an update to a later version with either
retries or use of a github source cve list.
dependency checker 11+
{code}
Mandatory Upgrade Notice
Upgrading to 10.0.2 or later is mandatory
Older versions of dependency-check are causing numerous, duplicative requests
that end in processing failures are causing unnecassary load on the NVD API.
Dependency-check 10.0.2 uses an updated User-Agent header that will allow the
NVD to block calls from the older client.
{code}
I'd upgrade later except that 11.0.0+ is java11+, and I don't yet want to block
off the option of a 3.4.3 release
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
