OFBiz › OFBiz - Dev

Re: svn commit: r1810056 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle tools/security/dependency-check/dependency-check-report.html

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

taher

Re: svn commit: r1810056 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle tools/security/dependency-check/dependency-check-report.html

Why did you apply the jdeps and codenarc plugins? Why did you add
commented out code? What's this all about?

On Fri, Sep 29, 2017 at 9:59 AM, <[hidden email]> wrote:

> Author: jleroux
> Date: Fri Sep 29 06:59:45 2017
> New Revision: 1810056
>
> URL: http://svn.apache.org/viewvc?rev=1810056&view=rev
> Log:
> No functional change
>
> Updates xstream from 1.4.9 to 1.4.10 to fixes a vulnerability reported by
> Dependency Check
> Updates the dependency-check-report.html
>
> There are more to do, but my time is limited...
>
> Modified:
> ofbiz/ofbiz-framework/trunk/build.gradle
> ofbiz/tools/security/dependency-check/dependency-check-report.html
>
> Modified: ofbiz/ofbiz-framework/trunk/build.gradle
> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1810056&r1=1810055&r2=1810056&view=diff
> ==============================================================================
> --- ofbiz/ofbiz-framework/trunk/build.gradle (original)
> +++ ofbiz/ofbiz-framework/trunk/build.gradle Fri Sep 29 06:59:45 2017
> @@ -28,12 +28,15 @@ buildscript {
> }
> dependencies {
> classpath "at.bxm.gradleplugins:gradle-svntools-plugin:latest.release"
> + classpath "org.kordamp.gradle:jdeps-gradle-plugin:0.2.0"
> }
> }
> apply plugin: 'java'
> apply plugin: 'eclipse'
> apply plugin: 'maven-publish'
> apply plugin: "at.bxm.svntools"
> +apply plugin: 'org.kordamp.jdeps'
> +apply plugin: 'codenarc'
>
> apply from: 'common.gradle'
>
> @@ -103,7 +106,7 @@ dependencies {
> compile 'com.lowagie:itext:2.1.7'
> compile 'com.sun.mail:javax.mail:1.5.1'
> compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
> - compile 'com.thoughtworks.xstream:xstream:1.4.9'
> + compile 'com.thoughtworks.xstream:xstream:1.4.10'
> compile 'commons-cli:commons-cli:1.3.1'
> compile 'commons-net:commons-net:3.3'
> compile 'commons-validator:commons-validator:1.5.1'
> @@ -1006,3 +1009,21 @@ def gradlewSubprocess(commandList) {
> fullCommand.addAll(commandList)
> exec { commandLine fullCommand }
> }
> +
> +//codenarcMain {
> +// ignoreFailures false
> +// configFile file('config/codenarc/codenarc-main.rules')
> +//
> +// maxPriority1Violations 0
> +// maxPriority2Violations 10
> +// maxPriority3Violations 20
> +//}
> +//
> +//codenarcTest {
> +// ignoreFailures true
> +// configFile file('config/codenarc/codenarc-test.rules')
> +//
> +// maxPriority1Violations 0
> +// maxPriority2Violations 10
> +// maxPriority3Violations 20
> +//}
> \ No newline at end of file
>
>

Jacques Le Roux

Re: svn commit: r1810056 [1/2] - in /ofbiz: ofbiz-framework/trunk/build.gradle tools/security/dependency-check/dependency-check-report.html

Administrator

Ha sorry,

These are unsuccessful WIP

Just noticed it also on my side while reviewing (again) my last commits, removed at r1810062

Jacques

Le 29/09/2017 à 09:32, Taher Alkhateeb a écrit :

> Why did you apply the jdeps and codenarc plugins? Why did you add
> commented out code? What's this all about?
>
> On Fri, Sep 29, 2017 at 9:59 AM, <[hidden email]> wrote:
>> Author: jleroux
>> Date: Fri Sep 29 06:59:45 2017
>> New Revision: 1810056
>>
>> URL: http://svn.apache.org/viewvc?rev=1810056&view=rev
>> Log:
>> No functional change
>>
>> Updates xstream from 1.4.9 to 1.4.10 to fixes a vulnerability reported by
>> Dependency Check
>> Updates the dependency-check-report.html
>>
>> There are more to do, but my time is limited...
>>
>> Modified:
>> ofbiz/ofbiz-framework/trunk/build.gradle
>> ofbiz/tools/security/dependency-check/dependency-check-report.html
>>
>> Modified: ofbiz/ofbiz-framework/trunk/build.gradle
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1810056&r1=1810055&r2=1810056&view=diff
>> ==============================================================================
>> --- ofbiz/ofbiz-framework/trunk/build.gradle (original)
>> +++ ofbiz/ofbiz-framework/trunk/build.gradle Fri Sep 29 06:59:45 2017
>> @@ -28,12 +28,15 @@ buildscript {
>> }
>> dependencies {
>> classpath "at.bxm.gradleplugins:gradle-svntools-plugin:latest.release"
>> + classpath "org.kordamp.gradle:jdeps-gradle-plugin:0.2.0"
>> }
>> }
>> apply plugin: 'java'
>> apply plugin: 'eclipse'
>> apply plugin: 'maven-publish'
>> apply plugin: "at.bxm.svntools"
>> +apply plugin: 'org.kordamp.jdeps'
>> +apply plugin: 'codenarc'
>>
>> apply from: 'common.gradle'
>>
>> @@ -103,7 +106,7 @@ dependencies {
>> compile 'com.lowagie:itext:2.1.7'
>> compile 'com.sun.mail:javax.mail:1.5.1'
>> compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
>> - compile 'com.thoughtworks.xstream:xstream:1.4.9'
>> + compile 'com.thoughtworks.xstream:xstream:1.4.10'
>> compile 'commons-cli:commons-cli:1.3.1'
>> compile 'commons-net:commons-net:3.3'
>> compile 'commons-validator:commons-validator:1.5.1'
>> @@ -1006,3 +1009,21 @@ def gradlewSubprocess(commandList) {
>> fullCommand.addAll(commandList)
>> exec { commandLine fullCommand }
>> }
>> +
>> +//codenarcMain {
>> +// ignoreFailures false
>> +// configFile file('config/codenarc/codenarc-main.rules')
>> +//
>> +// maxPriority1Violations 0
>> +// maxPriority2Violations 10
>> +// maxPriority3Violations 20
>> +//}
>> +//
>> +//codenarcTest {
>> +// ignoreFailures true
>> +// configFile file('config/codenarc/codenarc-test.rules')
>> +//
>> +// maxPriority1Violations 0
>> +// maxPriority2Violations 10
>> +// maxPriority3Violations 20
>> +//}
>> \ No newline at end of file
>>
>>