root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MINOR: skip 'zinc' phase from gradle dependency-check plugin (#15054) 

This avoids `gradle dependencyCheckAggregate` from reporting on
advisories in build-time dependencies (e.g. CVE-2023-46122) which
typically should not affect us.

I checked that this does not prevent advisories in 'regular'
dependencies from being reported (but there currently are none).

Reviewers: Josep Prat <josep.prat@aiven.io>
This commit is contained in:
Arnout Engelen 2024-04-25 16:10:30 +02:00 committed by GitHub
parent dcdf812880
commit bed23b7978
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build.gradle
View File

@ -784,6 +784,7 @@ subprojects {
dependencyCheck { dependencyCheck {
suppressionFile = "$rootDir/gradle/resources/dependencycheck-suppressions.xml" suppressionFile = "$rootDir/gradle/resources/dependencycheck-suppressions.xml"
skipProjects = [ ":jmh-benchmarks", ":trogdor" ] skipProjects = [ ":jmh-benchmarks", ":trogdor" ]
skipConfigurations = [ "zinc" ]
} }
} }