MINOR: skip 'zinc' phase from gradle dependency-check plugin (#15054)

This avoids `gradle dependencyCheckAggregate` from reporting on advisories in build-time dependencies (e.g. CVE-2023-46122) which typically should not affect us. I checked that this does not prevent advisories in 'regular' dependencies from being reported (but there currently are none). Reviewers: Josep Prat <josep.prat@aiven.io>
2024-04-25 16:10:30 +02:00 · 2024-04-25 16:10:30 +02:00 · bed23b7978
parent dcdf812880
commit bed23b7978
1 changed files with 1 additions and 0 deletions
--- a/build.gradle
+++ b/build.gradle
@ -784,6 +784,7 @@ subprojects {
  dependencyCheck {
    suppressionFile = "$rootDir/gradle/resources/dependencycheck-suppressions.xml"
    skipProjects = [ ":jmh-benchmarks", ":trogdor" ]
+    skipConfigurations = [ "zinc" ]
  }
 }