Track CVE in PMD for Gradle

Question

Track CVE in PMD for Gradle

binkley opened this issue 3 years ago · comments

Brian Oxley (binkley) commented 3 years ago

OWASP complains about commons-io 2.6. 2.8.0 is current version

Work out how to update a plugin dependency without making it a runtime dependency.

Brian Oxley (binkley) · Answer 1 · Sat Apr 24 2021 17:04:09 GMT+0800 (China Standard Time)

See unbroken-dome/gradle-testsets-plugin#117 which is blocking trying Gradle 7.0. The assumption: Gradle 7.0 has an updated PMD bundled plugin which uses a newer commons-io.

Related to #49

Brian Oxley (binkley) · Answer 2 · Mon Apr 26 2021 11:07:34 GMT+0800 (China Standard Time)

Likewise, see how to disable the Gradle PMD plugin from the command line with a flag

Brian Oxley (binkley) · Answer 3 · Sat May 15 2021 16:04:08 GMT+0800 (China Standard Time)

Resolved via a workaround.