Skip to content

Commit

Permalink
Merge branch 'develop' into fb_updateTestFileTemplates
Browse files Browse the repository at this point in the history
  • Loading branch information
@labkey-tchad
labkey-tchad authored Oct 17, 2024
2 parents b0dca08 + f7c4f9a commit 9a4123b
Show file tree
Hide file tree
Showing 4 changed files with 158 additions and 120 deletions.
1 change: 0 additions & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,6 @@ if (BuildUtils.shouldPublish(project) || BuildUtils.shouldPublishDistribution(pr
username = artifactory_user
password = artifactory_password
}
maven = true
}
defaults
{
Expand Down
123 changes: 123 additions & 0 deletions dependencyCheckSuppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,5 +246,128 @@
<cve>CVE-2005-1260</cve>
</suppress>

<!--
suppress CVE-2024-45772 for lucene 9.10, fixed in develop with bump to 9.12
-->
<suppress>
<notes><![CDATA[
file name: lucene-analysis-common-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-analysis-common@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: lucene-backward-codecs-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-backward-codecs@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: lucene-core-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-core@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: lucene-queries-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-queries@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: lucene-queryparser-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-queryparser@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: lucene-sandbox-9.10.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene-sandbox@.*$</packageUrl>
<cve>CVE-2024-45772</cve>
</suppress>
<!-- end of lucene suppressions -->

<!--
suppress glassfish false positives, being corrected in:
https://github.com/jeremylong/DependencyCheck/issues/7015
https://github.com/jeremylong/DependencyCheck/pull/7016
https://github.com/jeremylong/DependencyCheck/pull/7024
-->
<suppress>
<notes><![CDATA[
file name: jaxb-core-4.0.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-core@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: jaxb-core-4.0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-core@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: jaxb-core-4.0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-core@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: jaxb-runtime-4.0.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: jaxb-runtime-4.0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: osgi-resource-locator-1.0.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.hk2/osgi-resource-locator@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: txw2-4.0.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/txw2@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>

<suppress>
<notes><![CDATA[
file name: txw2-4.0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish\.jaxb/txw2@.*$</packageUrl>
<cve>CVE-2024-9329</cve>
</suppress>
<!-- end of glassfish false positive suppressions -->

</suppressions>

15 changes: 8 additions & 7 deletions gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ osxProteomicsBinariesVersion=1.0
windowsProteomicsBinariesVersion=1.0

# The current version numbers for the gradle plugins.
artifactoryPluginVersion=4.31.9
artifactoryPluginVersion=5.2.5
gradleNodePluginVersion=3.5.1
gradlePluginsVersion=4.1.0
owaspDependencyCheckPluginVersion=10.0.3
gradlePluginsVersion=4.2.0
owaspDependencyCheckPluginVersion=10.0.4
versioningPluginVersion=1.1.2

# Versions of node and npm to use during the build. If set, these versions
Expand Down Expand Up @@ -108,7 +108,7 @@ apacheTomcatVersion=10.1.30
asmVersion=9.7

# Apache Batik -- Batik version needs to be compatible with Apache FOP, but we need to pull in batik-codec separately
batikVersion=1.17
batikVersion=1.18

# sync with Tika version (or later)
bouncycastlePgpVersion=1.78.1
Expand Down Expand Up @@ -136,6 +136,7 @@ commonsMath3Version=3.6.1
commonsPoolVersion=1.6
commonsTextVersion=1.12.0
commonsValidatorVersion=1.9.0
commonsVfs2Version=2.7.0

datadogVersion=1.39.1

Expand All @@ -149,7 +150,7 @@ eigenbaseXomVersion=1.3.7
flyingsaucerVersion=R8

# Apache FOP -- linked to Apache Batik version above
fopVersion=2.9
fopVersion=2.10

# Force latest for consistency
googleAutoValueAnnotationsVersion=1.10.4
Expand Down Expand Up @@ -179,8 +180,8 @@ hamcrestVersion=2.2
# Note: if changing this, we might need to match with the picard version in the SequenceAnalysis module build.gradle
htsjdkVersion=4.0.0

httpclient5Version=5.3.1
httpcore5Version=5.2.5
httpclient5Version=5.4
httpcore5Version=5.3

# Not used directly, but these are widely used transitive dependencies
httpclientVersion=4.5.14
Expand Down
Loading

0 comments on commit 9a4123b

Please sign in to comment.