[FLINK-26883] Bump dependency-check-maven to 2.10.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Build System
Labels:
None

Description

when running mvn org.owasp:dependency-check-maven:aggregate , the following error occurred:

IO Exception connecting to https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz 
......

That's because org.owasp:dependency-check-maven:5.0.0-M2 in flink-parent/pom.xml is outdated and the data is unavailable. we may need to bump dependency-check-maven to newer version, like 7.0.1.

I rerun mvn org.owasp:dependency-check-maven:aggregate with org.owasp:dependency-check-maven:7.0.1, it works well.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: zhouli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Mar/22 12:39

Updated:: 28/Mar/22 12:47