KNOX-1721 - Upgrade dependency-check-maven to 4.0.2
authorKevin Risden <krisden@apache.org>
Wed, 2 Jan 2019 20:56:51 +0000 (15:56 -0500)
committerKevin Risden <krisden@apache.org>
Mon, 7 Jan 2019 15:02:46 +0000 (10:02 -0500)
Signed-off-by: Kevin Risden <krisden@apache.org>
build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
pom.xml

index 5074ddd..ee181fe 100644 (file)
@@ -35,6 +35,7 @@ limitations under the License.
         <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
         <gav regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
         <cpe>cpe:/a:apache:apache_http_server</cpe>
+        <cpe>cpe:/a:apache:http_server</cpe>
         <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
     </suppress>
     <suppress>
@@ -50,6 +51,7 @@ limitations under the License.
         <cpe>cpe:/a:apache:shiro</cpe>
         <cpe>cpe:/a:apache:storm</cpe>
         <cpe>cpe:/a:content_project:content</cpe>
+        <cpe>cpe:/a:jwt_project:jwt</cpe>
         <cpe>cpe:/a:request_it:request_it</cpe>
     </suppress>
     <suppress>
@@ -95,11 +97,6 @@ limitations under the License.
         <cpe>cpe:/a:oracle:glassfish</cpe>
     </suppress>
     <suppress>
-        <notes><![CDATA[file name: pac4j-oidc-.*.jar]]></notes>
-        <gav regex="true">^org\.pac4j:pac4j-oidc:.*$</gav>
-        <cpe>cpe:/a:openid:openid</cpe>
-    </suppress>
-    <suppress>
         <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
         <gav regex="true">^org\.slf4j:.*$</gav>
         <cve>CVE-2018-8088</cve>
diff --git a/pom.xml b/pom.xml
index 0d5f44b..52f80c3 100644 (file)
--- a/pom.xml
+++ b/pom.xml
         <cors-filter.version>2.6</cors-filter.version>
         <curator.version>4.1.0</curator.version>
         <curator-test.version>2.13.0</curator-test.version>
-        <dependency-check-maven.version>4.0.1</dependency-check-maven.version>
+        <dependency-check-maven.version>4.0.2</dependency-check-maven.version>
         <easymock.version>4.0.2</easymock.version>
         <eclipselink.version>2.7.3</eclipselink.version>
         <ehcache.version>2.6.11</ehcache.version>
         </profile>
         <profile>
             <id>owasp</id>
+            <!--
+            These repositories are defined by dependencies but the owasp dependency check
+            plugin doesn't pull in these repositories. This then causes failures when
+            trying to download commonj and saml dependencies.
+            -->
+            <repositories>
+                <repository>
+                    <id>jboss-puplic</id>
+                    <url>https://repository.jboss.org/nexus/content/repositories/public</url>
+                    <snapshots>
+                        <enabled>false</enabled>
+                    </snapshots>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                </repository>
+                <repository>
+                    <id>shib-release</id>
+                    <url>https://build.shibboleth.net/nexus/content/groups/public</url>
+                    <snapshots>
+                        <enabled>false</enabled>
+                    </snapshots>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                </repository>
+            </repositories>
             <build>
                 <plugins>
                     <plugin>