[
https://issues.apache.org/jira/browse/CALCITE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16581438#comment-16581438
]
ASF GitHub Bot commented on CALCITE-2467:
-----------------------------------------
Github user joshelser commented on a diff in the pull request:
https://github.com/apache/calcite-avatica/pull/66#discussion_r210358510
--- Diff: pom.xml ---
@@ -776,5 +786,28 @@ limitations under the License.
<javadoc-link>https://docs.oracle.com/javase/9/docs/api/</javadoc-link>
</properties>
</profile>
+ <profile>
+ <!-- Extra checks that are disabled in the regular build, enabled for
+ releases and on demand. -->
+ <id>pedantic</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <failBuildOnCVSS>${failBuildOnCVSS}</failBuildOnCVSS>
--- End diff --
Do you need to propagate this into the plugin's configuration? Would
certainly be nice if the plugin would just pick it up from the definition in
the properties up-above (I don't know off the top of my head if it does this
though)
> Upgrade owasp-dependency-check maven plugin to 3.3.1
> ----------------------------------------------------
>
> Key: CALCITE-2467
> URL: https://issues.apache.org/jira/browse/CALCITE-2467
> Project: Calcite
> Issue Type: Improvement
> Components: build
> Affects Versions: 1.17.0, avatica-1.12.0
> Reporter: Albert Baker
> Assignee: Julian Hyde
> Priority: Minor
>
> In pom.xml, upgrade <owasp-dependency-check.version> maven plugin from 2.1.1
> to 3.3.1 (current version).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
