Thanks to visit codestin.com
Credit goes to github.com

Skip to content

optimize: add dependency-check-maven plugin to detect potential vulnerabilities #7187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
slievrly merged 23 commits into from
Mar 8, 2025
Merged

optimize: add dependency-check-maven plugin to detect potential vulnerabilities #7187

slievrly merged 23 commits into from
Mar 8, 2025

Conversation

@xingfudeshi
Copy link
Member

@xingfudeshi xingfudeshi commented Feb 28, 2025
edited
Loading

  • I have registered the PR changes.

Ⅰ. Describe what this PR did

Add dependency-check-maven plugin to detect potential vulnerabilities.

Ⅱ. Does this pull request fix one issue?

#7140

Ⅲ. Why don't you add test cases (unit test/integration test)?

Ⅳ. Describe how to verify it

You can execute the following command to run the dependency check:

mvn verify -DskipTests=true

After the command finishes, you can find the report in the target folder named dependency-check-report.html.
image

Ⅴ. Special notes for reviews

@codecov
Copy link

codecov bot commented Mar 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.57%. Comparing base (efa341a) to head (26be068).
Report is 1 commits behind head on 2.x.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##                2.x    #7187      +/-   ##
============================================
- Coverage     51.58%   51.57%   -0.01%     
+ Complexity     6815     6814       -1     
============================================
  Files          1169     1169              
  Lines         41505    41505              
  Branches       4857     4857              
============================================
- Hits          21409    21408       -1     
  Misses        18073    18073              
- Partials       2023     2024       +1

see 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@slievrly
Copy link
Member

slievrly commented Mar 6, 2025

@xingfudeshi
Error: Failed to execute goal org.owasp:dependency-check-maven:12.1.0:check (default) on project seata-parent: The plugin org.owasp:dependency-check-maven:12.1.0 requires Maven version 3.6.3

xingfudeshi added 20 commits March 7, 2025 09:50
@xingfudeshi
Merge branch '2.x' into fix_#7140
5b1ed0b
@xingfudeshi
Setup Maven Action
875d7ee
@xingfudeshi
Merge branch '2.x' into fix_#7140
700085c
@xingfudeshi
Setup Maven Action
7786cdb
@xingfudeshi
Setup Maven Action
5ef6ebe
@xingfudeshi
Setup Maven Action
ce9e38e
@xingfudeshi
Setup Maven Action
29427b1
@xingfudeshi
Setup Maven Action
66276c0
@xingfudeshi
Setup Maven Action
9bb5e9b
@xingfudeshi
Setup Maven Action
0589e93
@xingfudeshi
Revert "Setup Maven Action"
3e62ce9 
This reverts commit 0589e93.
@xingfudeshi
Revert "Setup Maven Action"
d5cad54 
This reverts commit 9bb5e9b.
@xingfudeshi
Revert "Setup Maven Action"
7887a44 
This reverts commit 66276c0.
@xingfudeshi
Revert "Setup Maven Action"
d8bb4b4 
This reverts commit 29427b1.
@xingfudeshi
Revert "Setup Maven Action"
2b84f6f 
This reverts commit ce9e38e.
@xingfudeshi
Revert "Setup Maven Action"
98289b1 
This reverts commit 5ef6ebe.
@xingfudeshi
Revert "Setup Maven Action"
693debb 
This reverts commit 7786cdb.
@xingfudeshi
Revert "Setup Maven Action"
2b4c003 
This reverts commit 875d7ee.
@xingfudeshi
Fix CodeQL
2eb44df
@xingfudeshi
Skip dependency checking by default
26be068
@xingfudeshi
Copy link
Member Author

xingfudeshi commented Mar 7, 2025

@xingfudeshi Error: Failed to execute goal org.owasp:dependency-check-maven:12.1.0:check (default) on project seata-parent: The plugin org.owasp:dependency-check-maven:12.1.0 requires Maven version 3.6.3

Fixed.

@slievrly slievrly changed the title optimize:Add dependency-check-maven plugin to detect potential vulnerabilities optimize: add dependency-check-maven plugin to detect potential vulnerabilities Mar 8, 2025
slievrly
slievrly approved these changes Mar 8, 2025
View reviewed changes
Copy link
Member

@slievrly slievrly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@slievrly slievrly merged commit 62aa6af into apache:2.x Mar 8, 2025
8 checks passed
@slievrly slievrly added this to the 2.4.0 milestone Mar 8, 2025
slievrly pushed a commit to slievrly/fescar that referenced this pull request Oct 21, 2025
@xingfudeshi
optimize: add dependency-check-maven plugin to detect potential vulne…
906716d 
…rabilities (apache#7187)
YvCeung pushed a commit to YvCeung/incubator-seata that referenced this pull request Dec 25, 2025
@xingfudeshi
optimize: add dependency-check-maven plugin to detect potential vulne…
91731bc 
…rabilities (apache#7187)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slievrly slievrly slievrly approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.4.0

Development

Successfully merging this pull request may close these issues.

2 participants

@xingfudeshi @slievrly