From 95d91e6fff76d8561e5d9dd71379dde8bc6258fa Mon Sep 17 00:00:00 2001 From: Eric Hartmann Date: Mon, 23 Oct 2017 16:51:57 +0200 Subject: [PATCH] SONAR-10018 Upgrade JJWT to 0.9.0 --- pom.xml | 9 +- .../dependency-check-suppressions.xml | 178 ++++++++++++++++++ sonar-plugin-api-deps/pom.xml | 34 ++++ 3 files changed, 217 insertions(+), 4 deletions(-) create mode 100644 sonar-application/dependency-check-suppressions.xml diff --git a/pom.xml b/pom.xml index a7b14c9f60d..6974435331a 100644 --- a/pom.xml +++ b/pom.xml @@ -86,7 +86,7 @@ 3.15.0.1256 3.7.0 2.6.6 - + 0.9.0 3.0.0-beta-2 3.8.6 @@ -237,10 +237,11 @@ org.owasp dependency-check-maven - 1.2.11 + 3.0.1 8 - cve-false-positives.xml + dependency-check-suppressions.xml + true @@ -817,7 +818,7 @@ io.jsonwebtoken jjwt - 0.6.0 + ${jjwt.version} com.fasterxml.jackson.core diff --git a/sonar-application/dependency-check-suppressions.xml b/sonar-application/dependency-check-suppressions.xml new file mode 100644 index 00000000000..28e626eabd7 --- /dev/null +++ b/sonar-application/dependency-check-suppressions.xml @@ -0,0 +1,178 @@ + + + + + + ^org\.apache\.commons:commons-email:.*$ + cpe:/a:apache:commons_email + + + + ^ch\.qos\.logback:logback-core:.*$ + cpe:/a:logback:logback + + + + ^ch\.qos\.logback:logback-classic:.*$ + cpe:/a:logback:logback + + + + + + + + + ^com\.google\.protobuf:protobuf-java:.*$ + cpe:/a:google:protobuf + + + + ^.*Google.Protobuf.dll$ + CVE-2015-5237 + + + + + + ^org\.apache\.tomcat:tomcat-annotations-api:.*$ + cpe:/a:apache:tomcat + cpe:/a:apache_software_foundation:tomcat + cpe:/a:apache_tomcat:apache_tomcat + + + + + + + ^com\.microsoft\.sqlserver:mssql-jdbc:.*$ + cpe:/a:microsoft:sql_server:6.2.2.jre8 + cpe:/a:microsoft:project_server:6.2.2.jre8 + cpe:/a:microsoft:server:6.2.2.jre8 + + + + + + ^mysql:mysql-connector-java:.*$ + cpe:/a:oracle:mysql_connectors + cpe:/a:mysql:mysql:5.1.44 + cpe:/a:oracle:connector/j:5.1.44 + cpe:/a:oracle:mysql:5.1.44 + cpe:/a:sun:mysql_connector/j:5.1.44 + + + + + + ^org\.sonarsource\.flex:flex-checks:.*$ + cpe:/a:flex_project:flex + + + + ^org\.sonarsource\.flex:sonar-flex-plugin:.*$ + cpe:/a:flex_project:flex + + + + + + ^org\.sonarsource\.php:sonar-php-plugin:.*$ + cpe:/a:php:php + + + + ^org\.sonarsource\.php:php-checks:.*$ + cpe:/a:php:php + + + + ^org\.sonarsource\.php:php-frontend:.*$ + cpe:/a:php:php + + + + + + ^org\.sonarsource\.python:sonar-python-plugin:.*$ + cpe:/a:python:python + cpe:/a:python_software_foundation:python + + + + ^org\.sonarsource\.python:python-checks:.*$ + cpe:/a:python:python + cpe:/a:python_software_foundation:python + + + + + + ^org\.sonarsource\.scm\.git:sonar-scm-git-plugin:.*$ + cpe:/a:git:git + cpe:/a:git_project:git + cpe:/a:git-scm:git + + + + + + ^org\.sonarsource\.scm\.svn:sonar-scm-svn-plugin:.*$ + cpe:/a:subversion:subversion + + + + ^org\.tmatesoft\.sqljet:sqljet:.*$ + cpe:/a:sqlite:sqlite + + + + + + ^org\.sonarsource\.xml:xml-squid:.*$ + cpe:/a:squid:squid + + diff --git a/sonar-plugin-api-deps/pom.xml b/sonar-plugin-api-deps/pom.xml index 8bf169b14b8..ae4048405a4 100644 --- a/sonar-plugin-api-deps/pom.xml +++ b/sonar-plugin-api-deps/pom.xml @@ -194,4 +194,38 @@ + + + + + + securityCheck + + + + org.owasp + dependency-check-maven + + + + check + + + true + + + + + + + + + -- 2.39.5