From 25a0abd6c386dc04ab58b5dbe1c30bde77681f32 Mon Sep 17 00:00:00 2001 From: Giuseppe Nespolino Date: Mon, 23 Oct 2023 16:55:24 +0200 Subject: [PATCH] Check URL Api episode 2 (#77) * check URL API * check URL API * check URL API * check URL API --- build.gradle | 6 +++++- config/dependency-check/dependency-check-known-issues.xml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index f7576079..8319f52d 100644 --- a/build.gradle +++ b/build.gradle @@ -1,5 +1,5 @@ plugins { - id 'org.springframework.boot' version '2.7.14' + id 'org.springframework.boot' version '2.7.17' id 'io.spring.dependency-management' version '1.0.11.RELEASE' id 'java' id 'com.google.cloud.tools.jib' version '3.1.4' @@ -58,6 +58,7 @@ dependencies { implementation 'org.eclipse.jgit:org.eclipse.jgit:5.13.0.202109080827-r' implementation 'javax.xml.bind:jaxb-api:2.3.1' + implementation 'org.apache.commons:commons-compress:1.24.0' implementation 'org.springdoc:springdoc-openapi-ui:1.6.1' implementation 'org.openapitools:jackson-databind-nullable:0.2.1' @@ -218,6 +219,9 @@ dependencyCheck { //let's consider that a vulnerability has a high severity level if its CVSS score is higher than 7 //the build is going to fail if vulnerabilities with high severity level found failBuildOnCVSS = 7 + analyzers { + assemblyEnabled = false + } //specify a list of known issues which contain: //false-positives diff --git a/config/dependency-check/dependency-check-known-issues.xml b/config/dependency-check/dependency-check-known-issues.xml index 433459df..7546f4fa 100644 --- a/config/dependency-check/dependency-check-known-issues.xml +++ b/config/dependency-check/dependency-check-known-issues.xml @@ -11,6 +11,6 @@ CVE-2016-1000027 - CVE-2023-35116 + CVE-2023-4759