Skip node dev dependency vulnerability scan (#9684)

Since they are not production dependencies, security vulnerabilities in the dev dependencies can be ignored.
2020-04-11 14:24:25 -07:00 · 2020-04-11 14:24:25 -07:00 · e6dd6a4119
parent cbbfd63bed
commit e6dd6a4119
1 changed files with 4 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -1525,12 +1525,15 @@
            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
-                <version>5.3.0</version>
+                <version>5.3.2</version>
                <configuration>
                    <cveValidForHours>24</cveValidForHours>
                    <failBuildOnCVSS>7</failBuildOnCVSS>
                    <skipProvidedScope>true</skipProvidedScope>
                    <skipSystemScope>true</skipSystemScope>  <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
+                    <!-- For node analysis info, see https://github.com/jeremylong/DependencyCheck/issues/2482#issuecomment-603755623 -->
+                    <nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>  <!-- plugin author (jeremylong) recommends to disable, since this analyzer is retired -->
+                    <nodeAuditSkipDevDependencies>true</nodeAuditSkipDevDependencies>
                    <suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
                </configuration>
                <executions>