zl created FLINK-26883:
--------------------------
Summary: Bump dependency-check-maven to 2.10.1
Key: FLINK-26883
URL: https://issues.apache.org/jira/browse/FLINK-26883
Project: Flink
Issue Type: Improvement
Components: Build System
Reporter: zl
when running *_mvn org.owasp:dependency-check-maven:aggregate ,_* the following
error occurred:
{code:java}
IO Exception connecting to
https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz: HEAD request
returned a non-200 status code:
https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz
...... {code}
That's because org.owasp:dependency-check-maven:5.0.0-M2 in
_*flink-parent/pom.xml*_ is outdated and the data is unavailable. we may need
to bump dependency-check-maven to newer version, like 7.0.1.
I rerun *_mvn org.owasp:dependency-check-maven:aggregate_* with
org.owasp:dependency-check-maven:7.0.1, it works well.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
