Updates

- Update Spring boot Version - Update dependency check version - Exclude irrelevant nodejs cve Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago · 8d3c0ec9a0
parent 83ef76a098
commit 8d3c0ec9a0
2 changed files with 7 additions and 2 deletions
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@ -124,4 +124,9 @@
        <gav regex="true">^org\.postgresql:postgresql:.*$</gav>
        <cve>CVE-2018-1115</cve>
    </suppress>
+    <suppress>
+        <notes>This is for nodejs</notes>
+        <gav regex="true">^org\.mariadb\.jdbc:mariadb-java-client:.*$</gav>
+        <cve>CVE-2017-16046</cve>
+    </suppress>
 </suppressions>
--- a/pom.xml
+++ b/pom.xml
@ -86,7 +86,7 @@
                <!-- Import dependency management from Spring Boot -->
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
-                <version>1.5.12.RELEASE</version>
+                <version>1.5.14.RELEASE</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
@ -205,7 +205,7 @@
                <plugin>
                    <groupId>org.owasp</groupId>
                    <artifactId>dependency-check-maven</artifactId>
-                    <version>3.1.2</version>
+                    <version>3.2.1</version>
                    <inherited>true</inherited>
                    <configuration>
                        <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>