ssvaidyanathan
commented
5 months ago @spjohn85 - pls do send it to ssvaidyanathan@google.com
Open spjohn85 opened 5 months ago
ssvaidyanathan
commented
5 months ago @spjohn85 - pls do send it to ssvaidyanathan@google.com
spjohn85
commented
5 months ago @ssvaidyanathan - I did share this over email. Do you have any thoughts on how to resolve them ?
ssvaidyanathan
commented
4 months ago @spjohn85 - am still working on this. Been busy with a few other deliverables. Feel free to submit a PR if you can update the pom dependencies and then am happy to merge that as well.
ssvaidyanathan
commented
3 months ago @spjohn85 - can you pls confirm the sheet you sent with all the vulnerabilities is for the latest plugin? The versions you sent are not matching being used. Check this link for the pom dependencies. I want to be sure am working on the right codebase for fixing the versions
spjohn85
commented
3 months ago @ssvaidyanathan - Yes, its this version. The report might have contained the poms of config-maven-plugin (1.5.5) as well since we are using both the tools.
ssvaidyanathan
commented
3 months ago @spjohn85 - if I update a branch in this repo, will you be able to run a report pointing to that and see if it made any difference?
spjohn85
commented
3 months ago @ssvaidyanathan - If it can be downloaded from maven repository then I can get the report for new version. Its due to the process set currently, I cannot manually run them.
@ssvaidyanathan - We are using the 1.3.4 version of this deploy tool and when we download the dependencies, we are running into lot of violations for dependent pom files. Are there any plans to migrate them to latest versions to reduce the violations ?
I can help provide a report of violations from our customer environment if needed to private email address, but its quite a lot.