Skip to content

Commit

Permalink
Merge pull request #4845 from jeremylong/release-7.2.0
Browse files Browse the repository at this point in the history
Prepare Release 7.2.0
  • Loading branch information
jeremylong authored Sep 14, 2022
2 parents 84bcf7f + dc2e1c9 commit 2db45fe
Show file tree
Hide file tree
Showing 9 changed files with 67 additions and 28 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -186,10 +186,11 @@ jobs:
draft: false
body: |
### Changes
- The maven plugin now includes pnpm and yarn lock files in the scan by default (#4753).
- If a suppression rule is no longer used a log entry will be written (#4685).
- Several bug fixes made and suppression rules added.
- See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/47?closed=1).
- Add support for Bazel's pinned `maven_install.json` (#4772).
- Fixed bug preventing the use of custom report templates (#4800).
- Updated several dependencies including upgrades for dependencies with CVEs.
- Several bug fixes made and suppression rules were added.
- See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/48?closed=1).
- name: Upload CLI
id: upload-release-cli
Expand Down
2 changes: 1 addition & 1 deletion ant/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>

<artifactId>dependency-check-ant</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion archetype/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>
<artifactId>dependency-check-plugin</artifactId>
<name>Dependency-Check Plugin Archetype</name>
Expand Down
2 changes: 1 addition & 1 deletion cli/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>

<artifactId>dependency-check-cli</artifactId>
Expand Down
4 changes: 3 additions & 1 deletion core/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>

<artifactId>dependency-check-core</artifactId>
Expand Down Expand Up @@ -268,10 +268,12 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-afterburner</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.h3xstream.retirejs</groupId>
Expand Down
65 changes: 50 additions & 15 deletions core/src/main/resources/dependencycheck-base-suppression.xml
Original file line number Diff line number Diff line change
@@ -1,5 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress base="true">
<notes><![CDATA[
obvious fp - currently not returning any CVEs
]]></notes>
<packageUrl regex="true">^pkg:maven/commons\-cli/commons\-cli@.*$</packageUrl>
<cpe>cpe:/a:spirit-project:spirit</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
obvious fp - currently not returning any CVEs
]]></notes>
<packageUrl regex="true">^pkg:maven/javax\.xml\.bind/jaxb\-api@.*$</packageUrl>
<cpe>cpe:/a:oracle:java_se</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
obvious fp - currently not returning any CVEs
]]></notes>
<packageUrl regex="true">^pkg:maven/joda\-time/joda\-time@.*$</packageUrl>
<cpe>cpe:/a:time_project:time</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
obvious fp - currently not returning any CVEs
]]></notes>
<packageUrl regex="true">^pkg:maven/javax\.ws\.rs/javax\.ws\.rs\-api@.*$</packageUrl>
<cpe>cpe:/a:oracle:web_services</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
obvious fp - currently not returning any CVEs
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.sonatype\.ossindex/ossindex\-service\-api@.*$</packageUrl>
<cpe>cpe:/a:service_project:service</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #4180, #4188, #4189, #4190
Expand Down Expand Up @@ -4536,33 +4571,33 @@
<cpe>cpe:/a:oracle:projects</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
<notes><![CDATA[
FP per issue #4140, 4256
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.aspectj/aspectj.*@.*$</packageUrl>
<cpe>cpe:/a:vmware:tools</cpe>
<packageUrl regex="true">^pkg:maven/org\.aspectj/aspectj.*@.*$</packageUrl>
<cpe>cpe:/a:vmware:tools</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
<notes><![CDATA[
FP per issue #4149
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.kafka/kafka-log4j-appender@.*$</packageUrl>
<cpe>cpe:/a:apache:log4j</cpe>
<cpe>cpe:/a:apache:kafka</cpe>
<packageUrl regex="true">^pkg:maven/org\.apache\.kafka/kafka-log4j-appender@.*$</packageUrl>
<cpe>cpe:/a:apache:log4j</cpe>
<cpe>cpe:/a:apache:kafka</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
<notes><![CDATA[
FP per issue #4156
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.lightbend\.akka\.management/akka-management-cluster-bootstrap_2\.13@.*$</packageUrl>
<cpe>cpe:/a:akka:akka</cpe>
<packageUrl regex="true">^pkg:maven/com\.lightbend\.akka\.management/akka-management-cluster-bootstrap_2\.13@.*$</packageUrl>
<cpe>cpe:/a:akka:akka</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
<notes><![CDATA[
FP per issue #4154
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty-tcnative-boringssl-static@.*$</packageUrl>
<cpe>cpe:/a:chromium:chromium</cpe>
<packageUrl regex="true">^pkg:maven/io\.netty/netty-tcnative-boringssl-static@.*$</packageUrl>
<cpe>cpe:/a:chromium:chromium</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Expand Down Expand Up @@ -4698,8 +4733,8 @@
<notes><![CDATA[
FP per issue #4368, #4384, #4369 async_project:async is an npm package
]]></notes>
<packageUrl regex="true">^pkg:maven/.*async.*@.*$</packageUrl>
<cpe>cpe:/a:async_project:async</cpe>
<packageUrl regex="true">^pkg:maven/.*async.*@.*$</packageUrl>
<cpe>cpe:/a:async_project:async</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Expand Down
2 changes: 1 addition & 1 deletion maven/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>
<artifactId>dependency-check-maven</artifactId>
<packaging>maven-plugin</packaging>
Expand Down
6 changes: 3 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long

<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
<packaging>pom</packaging>

<modules>
Expand Down Expand Up @@ -165,7 +165,7 @@ Copyright (c) 2012 - Jeremy Long
<groovy-all.version>2.4.21</groovy-all.version>
<gmavenplus-plugin.version>1.13.1</gmavenplus-plugin.version>
<com.h3xstream.retirejs.core.version>3.0.3</com.h3xstream.retirejs.core.version>

<jackson.version>2.13.4</jackson.version>
<!--necassary for some IDEs to be able to execute test cases (Netbeans)-->
<surefireArgLine />

Expand Down Expand Up @@ -1096,7 +1096,7 @@ Copyright (c) 2012 - Jeremy Long
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>2.13.4</version>
<version>${jackson.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Expand Down
3 changes: 2 additions & 1 deletion utils/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<parent>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-parent</artifactId>
<version>7.1.3-SNAPSHOT</version>
<version>7.2.1-SNAPSHOT</version>
</parent>

<artifactId>dependency-check-utils</artifactId>
Expand Down Expand Up @@ -52,6 +52,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
Expand Down

0 comments on commit 2db45fe

Please sign in to comment.