Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log when non-base suppressions rules are unused #4709

Merged
merged 26 commits into from Aug 18, 2022
Merged

Log when non-base suppressions rules are unused #4709

merged 26 commits into from Aug 18, 2022

Commits on Jul 27, 2022

  1. fixes #4685

    @jeremylong
    jeremylong committed Jul 27, 2022
    Configuration menu
    Copy the full SHA
    47f5f5a View commit details
    Browse the repository at this point in the history

  2. make suppression rules collection a singleton so when rules run multi… 

    …ple times we can track if a rule was used
    @jeremylong
    jeremylong committed Jul 27, 2022
    Configuration menu
    Copy the full SHA
    679b0ab View commit details
    Browse the repository at this point in the history

Commits on Jul 28, 2022

  1. make checkstyle happier

    @jeremylong
    jeremylong committed Jul 28, 2022
    Configuration menu
    Copy the full SHA
    0c3c3f3 View commit details
    Browse the repository at this point in the history

  2. fix build

    @jeremylong
    jeremylong committed Jul 28, 2022
    Configuration menu
    Copy the full SHA
    9a9a8f7 View commit details
    Browse the repository at this point in the history

  3. suppress warning

    @jeremylong
    jeremylong committed Jul 28, 2022
    Configuration menu
    Copy the full SHA
    6ed4062 View commit details
    Browse the repository at this point in the history

Commits on Aug 17, 2022

  1. purge github action cache

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    5bc821b View commit details
    Browse the repository at this point in the history

  2. Bump ossindex-service-client from 1.8.1 to 1.8.2 

    Bumps ossindex-service-client from 1.8.1 to 1.8.2.

---
updated-dependencies:
- dependency-name: org.sonatype.ossindex:ossindex-service-client
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @jeremylong
    dependabot[bot] authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    ea4662c View commit details
    Browse the repository at this point in the history

  3. Extend Quarkus Liquibase pattern 

    This extends the existing regex to also cover all Quarkus
Liquibase artifacts. See https://regex101.com/r/2xOJwo/1
for a regex test.

Fixes #4630
    @marcelstoer @jeremylong
    marcelstoer authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    f255f92 View commit details
    Browse the repository at this point in the history

  4. Add FP for parseurl

    @MisaelBustamante @jeremylong
    MisaelBustamante authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    0d6504e View commit details
    Browse the repository at this point in the history

  5. Apply suggestions from code review 

    Co-authored-by: Hans Aikema <aikebah-github@aikebah.net>
    @MisaelBustamante @aikebah @jeremylong
    2 people authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    8dc569c View commit details
    Browse the repository at this point in the history

  6. merge #4703

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    7e32b9d View commit details
    Browse the repository at this point in the history

  7. merge #4715

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    cc66a98 View commit details
    Browse the repository at this point in the history

  8. Bump maven-reporting-api from 3.1.0 to 3.1.1 

    Bumps [maven-reporting-api](https://github.com/apache/maven-reporting-api) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/apache/maven-reporting-api/releases)
- [Commits](apache/maven-reporting-api@maven-reporting-api-3.1.0...maven-reporting-api-3.1.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.reporting:maven-reporting-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @jeremylong
    dependabot[bot] authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    64e2a4a View commit details
    Browse the repository at this point in the history

  9. Bump postgresql from 42.4.0 to 42.4.1 

    Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.4.0 to 42.4.1.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.4.0...REL42.4.1)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @jeremylong
    dependabot[bot] authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    7952bb4 View commit details
    Browse the repository at this point in the history

  10. Fix issue 4733. Update the mysql, mssql, postgresql and oracle initia… 

    …lize files.
    @albertwangnz @jeremylong
    albertwangnz authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    a6927ad View commit details
    Browse the repository at this point in the history

  11. Bump maven-site-plugin from 3.12.0 to 3.12.1 

    Bumps [maven-site-plugin](https://github.com/apache/maven-site-plugin) from 3.12.0 to 3.12.1.
- [Release notes](https://github.com/apache/maven-site-plugin/releases)
- [Commits](apache/maven-site-plugin@maven-site-plugin-3.12.0...maven-site-plugin-3.12.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-site-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @jeremylong
    dependabot[bot] authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    807a813 View commit details
    Browse the repository at this point in the history

  12. fix vuln count check on test

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    169d975 View commit details
    Browse the repository at this point in the history

  13. add yarn.lock to mixedLangSet to enable yarnAuditAnalyzer 

    yarnAuditAnalyzer cannot be enabled if we don't have yarn.lock is added to mixedLangSet.
    @livingwithcode @jeremylong
    livingwithcode authored and jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    82b046a View commit details
    Browse the repository at this point in the history

  14. Update maven/src/main/java/org/owasp/dependencycheck/maven/BaseDepend… 

    …encyCheckMojo.java
    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    e3396cc View commit details
    Browse the repository at this point in the history

  15. update test cases to work with the singleton implementation

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    db56450 View commit details
    Browse the repository at this point in the history

  16. remove unused interface

    @jeremylong
    jeremylong committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    0167809 View commit details
    Browse the repository at this point in the history

Commits on Aug 18, 2022

  1. Update core/src/main/java/org/owasp/dependencycheck/analyzer/Abstract… 

    …SuppressionAnalyzer.java

Co-authored-by: Hans Aikema <aikebah-github@aikebah.net>
    @jeremylong @aikebah
    jeremylong and aikebah committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    c0ce698 View commit details
    Browse the repository at this point in the history

  2. Update core/src/main/java/org/owasp/dependencycheck/analyzer/Abstract… 

    …SuppressionAnalyzer.java

Co-authored-by: Hans Aikema <aikebah-github@aikebah.net>
    @jeremylong @aikebah
    jeremylong and aikebah committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    071dde7 View commit details
    Browse the repository at this point in the history

  3. remove un-needed code

    @jeremylong
    jeremylong committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    58ef8c7 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'main' into logUnusedSuppressionRules

    @jeremylong
    jeremylong committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    7e36392 View commit details
    Browse the repository at this point in the history

  5. fix javadoc

    @jeremylong
    jeremylong committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    596b237 View commit details
    Browse the repository at this point in the history