[jira] [Commented] (FLINK-26883) Bump dependency-check-maven to 2.10.1

zl (Jira) Mon, 28 Mar 2022 05:48:07 -0700


    [ 
https://issues.apache.org/jira/browse/FLINK-26883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17513353#comment-17513353
 ]


zl commented on FLINK-26883:
----------------------------

cc [~chesnay] , wdyt ?

> Bump dependency-check-maven to 2.10.1
> -------------------------------------
>
>                 Key: FLINK-26883
>                 URL: https://issues.apache.org/jira/browse/FLINK-26883
>             Project: Flink
>          Issue Type: Improvement
>          Components: Build System
>            Reporter: zl
>            Priority: Major
>
> when running *_mvn org.owasp:dependency-check-maven:aggregate ,_* the 
> following error occurred:
>  
> {code:java}
> IO Exception connecting to 
> https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz: HEAD request 
> returned a non-200 status code: 
> https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz 
> ...... {code}
>  
> That's because org.owasp:dependency-check-maven:5.0.0-M2 in 
> _*flink-parent/pom.xml*_ is outdated and the data is unavailable. we may need 
> to bump dependency-check-maven to newer version, like 7.0.1.
> I rerun *_mvn org.owasp:dependency-check-maven:aggregate_* with 
> org.owasp:dependency-check-maven:7.0.1, it works well.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (FLINK-26883) Bump dependency-check-maven to 2.10.1

Reply via email to