[
https://issues.apache.org/jira/browse/HADOOP-19700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-19700:
------------------------------------
Description:
github action builds of PRs for hadoopHthirdparty fail because of throttling
NVE throttling of requests; needs an update to a later version with either
retries or use of a github source cve list.
dependency checker 11+
{code}
Mandatory Upgrade Notice
Upgrading to 10.0.2 or later is mandatory
Older versions of dependency-check are causing numerous, duplicative requests
that end in processing failures are causing unnecassary load on the NVD API.
Dependency-check 10.0.2 uses an updated User-Agent header that will allow the
NVD to block calls from the older client.
{code}
----
The upgraded dependency checker now *requires* java11+, and *prefers* the
provision of an API key for the national vulnerabilities database. It also
skips the sonatype check as that no longer supports anonymous checks at all
was:
github action builds of PRs for hadoopHthirdparty fail because of throttling
NVE throttling of requests; needs an update to a later version with either
retries or use of a github source cve list.
dependency checker 11+
{code}
Mandatory Upgrade Notice
Upgrading to 10.0.2 or later is mandatory
Older versions of dependency-check are causing numerous, duplicative requests
that end in processing failures are causing unnecassary load on the NVD API.
Dependency-check 10.0.2 uses an updated User-Agent header that will allow the
NVD to block calls from the older client.
{code}
I'd upgrade later except that 11.0.0+ is java11+, and I don't yet want to block
off the option of a 3.4.3 release
> hadoop-thirdparty build to update maven plugin dependencies
> -----------------------------------------------------------
>
> Key: HADOOP-19700
> URL: https://issues.apache.org/jira/browse/HADOOP-19700
> Project: Hadoop Common
> Issue Type: Improvement
> Components: hadoop-thirdparty
> Affects Versions: thirdparty-1.5.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Labels: pull-request-available
> Fix For: thirdparty-1.5.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> github action builds of PRs for hadoopHthirdparty fail because of throttling
> NVE throttling of requests; needs an update to a later version with either
> retries or use of a github source cve list.
> dependency checker 11+
> {code}
> Mandatory Upgrade Notice
> Upgrading to 10.0.2 or later is mandatory
> Older versions of dependency-check are causing numerous, duplicative requests
> that end in processing failures are causing unnecassary load on the NVD API.
> Dependency-check 10.0.2 uses an updated User-Agent header that will allow the
> NVD to block calls from the older client.
> {code}
> ----
> The upgraded dependency checker now *requires* java11+, and *prefers* the
> provision of an API key for the national vulnerabilities database. It also
> skips the sonatype check as that no longer supports anonymous checks at all
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
