sonatype-lift[bot] commented on a change in pull request #335:
URL: https://github.com/apache/solr/pull/335#discussion_r724644502
##########
File path: zeppelin-jmh-interpreter/build.gradle
##########
@@ -0,0 +1,102 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ */
+
+plugins {
+ id 'java'
+ id 'maven-publish'
+ id 'com.github.johnrengelman.shadow' version '6.1.0'
+ id 'net.nemerosa.versioning' version '2.6.1'
+}
+
+apply plugin: 'com.github.johnrengelman.shadow'
+
+configurations.all {
+ resolutionStrategy {
+ cacheChangingModulesFor 0, 'seconds'
+ }
+}
+
+repositories {
+ mavenLocal()
+ maven {
+ url = uri('http://repository.apache.org/snapshots')
+ }
+
+ maven {
+ url = uri('https://repo.maven.apache.org/maven2/')
+ }
+ maven {
+ url 'https://repo.maven.apache.org/maven2'
+ name 'Maven Central'
+ }
+}
+
+dependencies {
+ implementation ('org.slf4j:slf4j-api:1.7.32')
+ implementation 'org.apache.commons:commons-exec:1.3'
+ implementation 'org.apache.commons:commons-lang3:3.12.0'
+ implementation 'commons-io:commons-io:2.5'
+ implementation 'commons-cli:commons-cli:20040117.000000'
+ implementation 'org.jline:jline-reader:3.20.0'
+ implementation 'org.apache.commons:commons-csv:1.8'
+ implementation 'net.openhft:chronicle-map:3.21ea82' // TODO: remove
+ implementation (group: 'org.apache.solr', name: 'solr-solrj', version:
'8.9.0', {
Review comment:
*Severe OSS Vulnerability:*
### pkg:maven/org.apache.solr/[email protected]
0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found
across 1 dependencies
<details>
<summary><b>Components</b></summary><br/>
<ul>
<details>
<summary><b>pkg:maven/org.apache.httpcomponents/[email protected]</b></summary>
<ul>
<details>
<summary><b>SEVERE Vulnerabilities (1)</b></summary><br/>
<ul>
> #### [CVE-2020-13956] Apache HttpClient versions prior to version 4.5.13
and 5.0.3 can misinterpret ma...
> Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to the
library as java.net.URI object and pick the wrong target host for request
execution.
>
> **CVSS Score:** 5.3
>
> **CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
</ul>
</details>
</ul>
</details>
</ul>
</details>
(at-me [in a reply](https://help.sonatype.com/lift/talking-to-lift) with
`help` or `ignore`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
