smoyer64 closed pull request #6: Update OWASP dep scan configuration
URL: https://github.com/apache/directory-scimple/pull/6
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/pom.xml b/pom.xml
index c2911ee..74e5d59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,7 @@
<!-- TODO: is this needed? -->
<version.gwt>2.8.0</version.gwt>
- <version.jackson>2.8.8</version.jackson>
+ <version.jackson>2.9.5</version.jackson>
<version.lombok>1.16.14</version.lombok>
<version.lombok.plugin>${version.lombok}.0</version.lombok.plugin>
<version.restfuse>1.2.0</version.restfuse>
@@ -294,6 +294,9 @@
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>3.1.1</version>
+ <configuration>
+ <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+ </configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -418,7 +421,7 @@
<executions>
<execution>
<goals>
- <goal>aggregate</goal>
+ <goal>check</goal>
</goals>
</execution>
</executions>
diff --git a/scim-client/pom.xml b/scim-client/pom.xml
index 45e561e..33f6430 100644
--- a/scim-client/pom.xml
+++ b/scim-client/pom.xml
@@ -54,7 +54,11 @@
<dependency>
<groupId>edu.psu.swe.commons</groupId>
<artifactId>commons-jaxrs</artifactId>
- <version>1.17</version>
+ </dependency>
+ <dependency>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ <scope>provided</scope>
</dependency>
</dependencies>
diff --git a/scim-compliance/scim-compliance-server/pom.xml
b/scim-compliance/scim-compliance-server/pom.xml
index d4aa3f2..ae33520 100644
--- a/scim-compliance/scim-compliance-server/pom.xml
+++ b/scim-compliance/scim-compliance-server/pom.xml
@@ -27,6 +27,19 @@
<artifactId>scim-compliance-server</artifactId>
<name>SCIM - Compliance - Server</name>
+ <dependencyManagement>
+ <dependencies>
+ <!-- update the version of jetty that restfuse uses, fixes
CVE-2017-9735-->
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-bom</artifactId>
+ <version>9.4.8.v20180619</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<dependencies>
<dependency>
<groupId>com.restfuse</groupId>
diff --git a/scim-server/scim-server-common/pom.xml
b/scim-server/scim-server-common/pom.xml
index 28045c6..6bbf8ee 100644
--- a/scim-server/scim-server-common/pom.xml
+++ b/scim-server/scim-server-common/pom.xml
@@ -127,7 +127,7 @@
<dependency>
<groupId>com.flipkart.zjsonpatch</groupId>
<artifactId>zjsonpatch</artifactId>
- <version>0.2.4</version>
+ <version>0.4.4</version>
</dependency>
</dependencies>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
