- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6405.
- Suppressed Apache Calcite vulnerabilities not applicable to Calcite Avatica subproject
- Suppressed HBase server vulnerabilities not applicable to client libraries
- Suppressed several mismatched product vulnerabilities
This closes#6290
Signed-off-by: Paul Grey <greyp@apache.org>
- Changed from com.github.shyiko to com.zendesk dependency group for current library version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6302.
- Changed Maven profile from owasp to dependency-check
- Configured dependency check plugin to run in validate phase
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6100.
- Removed unnecessary suppression configurations due to detection improvements
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6004.
- Adjusted OWASP dependency-check suppressions to match Registry and MiNiFi packages
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5431.
- Suppressed false positive for ftpserver
- Suppressed false positive for com.metamx:http-client
- Suppressed false positive for Jetty servlet-api
- Suppressed false positive for Testcontainers MySQL
- Suppressed false positive for vorbis-java-tika
This closes#5384
Signed-off-by: Joe Gresock <jgresock@gmail.com>