[
https://issues.apache.org/jira/browse/NIFI-12393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17788369#comment-17788369
]
ASF subversion and git services commented on NIFI-12393:
--------------------------------------------------------
Commit e5e76d0161988d633ff554a3cb12e149b79576b6 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=e5e76d0161 ]
NIFI-12393 Upgraded OWASP Check from 8.4.2 to 8.4.3
- Upgraded Azure SDK BOM from 1.2.17 to 1.2.18
- Upgraded Reactor Netty HTTP from 1.0.34 to 1.0.39 for Azure Identity
- Upgraded MSAL4J from 1.13.10 to 1.14.0
- Upgraded Box Java SDK from 4.4.0 to 4.6.1
- Relocated Apache Ant managed versions to bundle parent modules
- Added okio-fakefilesystem to managed dependencies
- Suppressed vulnerability for Picocli misidentified as LINE library
- Added managed dependencies to nifi-code-coverage to avoid false positives due
to different parent modules
Signed-off-by: Pierre Villard <[email protected]>
This closes #8054.
> Upgrade OWASP Dependency Check to 8.4.3 and Address Findings
> ------------------------------------------------------------
>
> Key: NIFI-12393
> URL: https://issues.apache.org/jira/browse/NIFI-12393
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 2.latest
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The OWASP Dependency Check Plugin should be upgraded to 8.4.3 and recent
> findings in the report should be resolved.
> Several findings are false positives due to misidentified dependencies, and
> other findings are related to version settings that are not carried through
> to the nifi-code-coverage module, which is specific to JaCoCo coverage
> aggregation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
