directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] smoyer64 closed pull request #6: Update OWASP dep scan configuration
Date Wed, 25 Jul 2018 17:27:54 GMT
smoyer64 closed pull request #6: Update OWASP dep scan configuration
URL: https://github.com/apache/directory-scimple/pull/6
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/pom.xml b/pom.xml
index c2911ee..74e5d59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,7 @@
 
     <!-- TODO: is this needed? -->
     <version.gwt>2.8.0</version.gwt>
-    <version.jackson>2.8.8</version.jackson>
+    <version.jackson>2.9.5</version.jackson>
     <version.lombok>1.16.14</version.lombok>
     <version.lombok.plugin>${version.lombok}.0</version.lombok.plugin>
     <version.restfuse>1.2.0</version.restfuse>
@@ -294,6 +294,9 @@
           <groupId>org.owasp</groupId>
           <artifactId>dependency-check-maven</artifactId>
           <version>3.1.1</version>
+          <configuration>
+            <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+          </configuration>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -418,7 +421,7 @@
             <executions>
               <execution>
                 <goals>
-                  <goal>aggregate</goal>
+                  <goal>check</goal>
                 </goals>
               </execution>
             </executions>
diff --git a/scim-client/pom.xml b/scim-client/pom.xml
index 45e561e..33f6430 100644
--- a/scim-client/pom.xml
+++ b/scim-client/pom.xml
@@ -54,7 +54,11 @@
     <dependency>
       <groupId>edu.psu.swe.commons</groupId>
       <artifactId>commons-jaxrs</artifactId>
-      <version>1.17</version>
+    </dependency>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <scope>provided</scope>
     </dependency>
   </dependencies>
   
diff --git a/scim-compliance/scim-compliance-server/pom.xml b/scim-compliance/scim-compliance-server/pom.xml
index d4aa3f2..ae33520 100644
--- a/scim-compliance/scim-compliance-server/pom.xml
+++ b/scim-compliance/scim-compliance-server/pom.xml
@@ -27,6 +27,19 @@
   <artifactId>scim-compliance-server</artifactId>
   <name>SCIM - Compliance - Server</name>
 
+  <dependencyManagement>
+    <dependencies>
+      <!-- update the version of jetty that restfuse uses, fixes CVE-2017-9735-->
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-bom</artifactId>
+        <version>9.4.8.v20180619</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
   <dependencies>
     <dependency>
       <groupId>com.restfuse</groupId>
diff --git a/scim-server/scim-server-common/pom.xml b/scim-server/scim-server-common/pom.xml
index 28045c6..6bbf8ee 100644
--- a/scim-server/scim-server-common/pom.xml
+++ b/scim-server/scim-server-common/pom.xml
@@ -127,7 +127,7 @@
     <dependency>
       <groupId>com.flipkart.zjsonpatch</groupId>
       <artifactId>zjsonpatch</artifactId>
-      <version>0.2.4</version>
+      <version>0.4.4</version>
     </dependency>
   </dependencies>
 


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message