svn commit: r1855924 - /db/torque/torque4/trunk/torque-maven-plugin/pom.xml

classic Classic list List threaded Threaded
1 message Options
gk
Reply | Threaded
Open this post in threaded view
|

svn commit: r1855924 - /db/torque/torque4/trunk/torque-maven-plugin/pom.xml

gk
Author: gk
Date: Wed Mar 20 16:23:42 2019
New Revision: 1855924

URL: http://svn.apache.org/viewvc?rev=1855924&view=rev
Log:
- fix owasp guava 8may be not needed)

Modified:
    db/torque/torque4/trunk/torque-maven-plugin/pom.xml

Modified: db/torque/torque4/trunk/torque-maven-plugin/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/torque4/trunk/torque-maven-plugin/pom.xml?rev=1855924&r1=1855923&r2=1855924&view=diff
==============================================================================
--- db/torque/torque4/trunk/torque-maven-plugin/pom.xml (original)
+++ db/torque/torque4/trunk/torque-maven-plugin/pom.xml Wed Mar 20 16:23:42 2019
@@ -47,6 +47,18 @@
       <groupId>org.apache.maven</groupId>
       <artifactId>maven-core</artifactId>
       <version>${maven.api.version}</version>
+      <exclusions>
+          <exclusion>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+          </exclusion>
+       </exclusions>
+    </dependency>
+    <!-- exclude from maven-core and add updated transitive dep guava from 20, due to  https://nvd.nist.gov/vuln/detail/CVE-2018-10237  -->
+    <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>27.1-jre</version>
     </dependency>
     <dependency>
       <groupId>org.apache.maven.plugin-tools</groupId>



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]