- Update Spring boot Version
- Update dependency check version
- Exclude irrelevant nodejs cve

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 7 years ago
parent 83ef76a098
commit 8d3c0ec9a0
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
  1. 5
      airsonic-main/cve-suppressed.xml
  2. 4
      pom.xml

@ -124,4 +124,9 @@
<gav regex="true">^org\.postgresql:postgresql:.*$</gav>
<cve>CVE-2018-1115</cve>
</suppress>
<suppress>
<notes>This is for nodejs</notes>
<gav regex="true">^org\.mariadb\.jdbc:mariadb-java-client:.*$</gav>
<cve>CVE-2017-16046</cve>
</suppress>
</suppressions>

@ -86,7 +86,7 @@
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>1.5.12.RELEASE</version>
<version>1.5.14.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@ -205,7 +205,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>3.1.2</version>
<version>3.2.1</version>
<inherited>true</inherited>
<configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>

Loading…
Cancel
Save