Track CVE in PMD for Gradle
binkley opened this issue · comments
OWASP complains about commons-io 2.6. 2.8.0 is current version
Work out how to update a plugin dependency without making it a runtime dependency.
See unbroken-dome/gradle-testsets-plugin#117 which is blocking trying Gradle 7.0. The assumption: Gradle 7.0 has an updated PMD bundled plugin which uses a newer commons-io.
Related to #49
Likewise, see how to disable the Gradle PMD plugin from the command line with a flag
Resolved via a workaround.