The DependencyCheck plugin we use to scan for vulnerabilities in our library is, itself, vulnerable. This is a red herring that unfortunately causes our CI to fail.
This PR will ignore this known vulnerability for the time being.
This does NOT pass vulnerable code down to our end-users, as this is purely an issue with one of the plugins we use to test the library.
Testing
make scan calls dependency check as expected
Dependency scan passes as expected (no current vulnerabilities other than the aforementioned vulnerability inside the now-removed Maven plugin)
Pull Request Type
Please select the option(s) that are relevant to this PR.
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[x] Improvement (fixing a typo, updating readme, renaming a variable name, etc)
Description
The DependencyCheck plugin we use to scan for vulnerabilities in our library is, itself, vulnerable. This is a red herring that unfortunately causes our CI to fail.
This PR will ignore this known vulnerability for the time being.
This does NOT pass vulnerable code down to our end-users, as this is purely an issue with one of the plugins we use to test the library.
Testing
make scancalls dependency check as expectedPull Request Type
Please select the option(s) that are relevant to this PR.