[
https://issues.apache.org/jira/browse/CALCITE-7561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stamatis Zampetakis resolved CALCITE-7561.
------------------------------------------
Fix Version/s: 1.42.0
Resolution: Fixed
Fixed in
https://github.com/apache/calcite/commit/c1550dedec6693c01a99d1d2a4a83ff56f6711e4
> Upgrade OWASP plugin from 6.1.6 to 12.2.2
> -----------------------------------------
>
> Key: CALCITE-7561
> URL: https://issues.apache.org/jira/browse/CALCITE-7561
> Project: Calcite
> Issue Type: Task
> Components: build
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.42.0
>
>
> The plugin is currently unusable and the dependencyCheck goals fail with the
> following error:
> {noformat}
> $ ./gradlew dependencyCheckUpdate dependencyCheckAggregate
> ...
> > Task :dependencyCheckUpdate
> Error retrieving
> https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received
> response code 403; Forbidden
> Unable to download meta file:
> https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
> org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to
> download meta file:
> https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
> at
> org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:349)
> at
> org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:387)
> at
> org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:122)
> at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
> at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:833)
> at org.owasp.dependencycheck.Engine$doUpdates.call(Unknown Source)
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:130)
> at
> org.owasp.dependencycheck.gradle.tasks.Update.update(Update.groovy:55)
> at
> [email protected]/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
> at [email protected]/java.lang.reflect.Method.invoke(Method.java:580)
> at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125)
> at
> org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58)
> at
> org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51)
> at
> org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:244)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:30)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:27)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:67)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:167)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:48)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:229)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:212)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:195)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:162)
> at
> org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:105)
> at
> org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:44)
> at
> org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:59)
> at
> org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:56)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:210)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:205)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:67)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:167)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:54)
> at
> org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:56)
> at
> org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:44)
> at
> org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:42)
> at
> org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:75)
> at
> org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55)
> at
> org.gradle.internal.execution.steps.PreCreateOutputParentsStep.execute(PreCreateOutputParentsStep.java:50)
> at
> org.gradle.internal.execution.steps.PreCreateOutputParentsStep.execute(PreCreateOutputParentsStep.java:28)
> at
> org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:67)
> at
> org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:37)
> at
> org.gradle.internal.execution.steps.BroadcastChangingOutputsStep.execute(BroadcastChangingOutputsStep.java:61)
> at
> org.gradle.internal.execution.steps.BroadcastChangingOutputsStep.execute(BroadcastChangingOutputsStep.java:26)
> at
> org.gradle.internal.execution.steps.CaptureOutputsAfterExecutionStep.execute(CaptureOutputsAfterExecutionStep.java:69)
> at
> org.gradle.internal.execution.steps.CaptureOutputsAfterExecutionStep.execute(CaptureOutputsAfterExecutionStep.java:46)
> at
> org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:40)
> at
> org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:29)
> at
> org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:189)
> at
> org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:75)
> at org.gradle.internal.Either$Right.fold(Either.java:175)
> at
> org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:62)
> at
> org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:73)
> at
> org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:48)
> at
> org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:46)
> at
> org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:35)
> at
> org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:75)
> at
> org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:53)
> at [email protected]/java.util.Optional.orElseGet(Optional.java:364)
> at
> org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:53)
> at
> org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:35)
> at
> org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37)
> at
> org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27)
> at
> org.gradle.internal.execution.steps.ResolveIncrementalCachingStateStep.executeDelegate(ResolveIncrementalCachingStateStep.java:49)
> at
> org.gradle.internal.execution.steps.ResolveIncrementalCachingStateStep.executeDelegate(ResolveIncrementalCachingStateStep.java:27)
> at
> org.gradle.internal.execution.steps.AbstractResolveCachingStateStep.execute(AbstractResolveCachingStateStep.java:71)
> at
> org.gradle.internal.execution.steps.AbstractResolveCachingStateStep.execute(AbstractResolveCachingStateStep.java:39)
> at
> org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:65)
> at
> org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:36)
> at
> org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:107)
> at
> org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:56)
> at
> org.gradle.internal.execution.steps.AbstractCaptureStateBeforeExecutionStep.execute(AbstractCaptureStateBeforeExecutionStep.java:64)
> at
> org.gradle.internal.execution.steps.AbstractCaptureStateBeforeExecutionStep.execute(AbstractCaptureStateBeforeExecutionStep.java:43)
> at
> org.gradle.internal.execution.steps.AbstractSkipEmptyWorkStep.executeWithNonEmptySources(AbstractSkipEmptyWorkStep.java:125)
> at
> org.gradle.internal.execution.steps.AbstractSkipEmptyWorkStep.execute(AbstractSkipEmptyWorkStep.java:56)
> at
> org.gradle.internal.execution.steps.AbstractSkipEmptyWorkStep.execute(AbstractSkipEmptyWorkStep.java:36)
> at
> org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38)
> at
> org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:36)
> at
> org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:23)
> at
> org.gradle.internal.execution.steps.HandleStaleOutputsStep.execute(HandleStaleOutputsStep.java:75)
> at
> org.gradle.internal.execution.steps.HandleStaleOutputsStep.execute(HandleStaleOutputsStep.java:41)
> at
> org.gradle.internal.execution.steps.AssignMutableWorkspaceStep.lambda$execute$0(AssignMutableWorkspaceStep.java:35)
> at
> org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:289)
> at
> org.gradle.internal.execution.steps.AssignMutableWorkspaceStep.execute(AssignMutableWorkspaceStep.java:31)
> at
> org.gradle.internal.execution.steps.AssignMutableWorkspaceStep.execute(AssignMutableWorkspaceStep.java:22)
> at
> org.gradle.internal.execution.steps.ChoosePipelineStep.execute(ChoosePipelineStep.java:40)
> at
> org.gradle.internal.execution.steps.ChoosePipelineStep.execute(ChoosePipelineStep.java:23)
> at
> org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.lambda$execute$2(ExecuteWorkBuildOperationFiringStep.java:67)
> at [email protected]/java.util.Optional.orElseGet(Optional.java:364)
> at
> org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:67)
> at
> org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:39)
> at
> org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:46)
> at
> org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:34)
> at
> org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:48)
> at
> org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:35)
> at
> org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:64)
> at
> org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:127)
> at
> org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:116)
> at
> org.gradle.api.internal.tasks.execution.ProblemsTaskPathTrackingTaskExecuter.execute(ProblemsTaskPathTrackingTaskExecuter.java:41)
> at
> org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
> at
> org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51)
> at
> org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57)
> at
> org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:74)
> at
> org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
> at
> org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77)
> at
> org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55)
> at
> org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:210)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:205)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:67)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:167)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:60)
> at
> org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:54)
> at
> org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52)
> at
> org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:42)
> at
> org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:331)
> at
> org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:318)
> at
> org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.lambda$execute$0(DefaultTaskExecutionGraph.java:314)
> at
> org.gradle.internal.operations.CurrentBuildOperationRef.with(CurrentBuildOperationRef.java:85)
> at
> org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:314)
> at
> org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:303)
> at
> org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:459)
> at
> org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:376)
> at
> org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
> at
> org.gradle.internal.concurrent.AbstractManagedExecutor$1.run(AbstractManagedExecutor.java:48)
> at
> [email protected]/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
> at
> [email protected]/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
> at [email protected]/java.lang.Thread.run(Thread.java:1583)
> Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download
> failed, unable to retrieve
> 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error
> downloading file
> https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to
> connect.
> at
> org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:187)
> at
> org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:342)
> ... 134 more
> Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error
> downloading file
> https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to
> connect.
> at
> org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:267)
> at
> org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163)
> at
> org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:182)
> ... 135 more
> Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error
> retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta;
> received response code 403; Forbidden
> at
> org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:249)
> ... 137 more
> A new version of dependency-check is available. Consider updating to version
> 12.1.0.
> {noformat}
> The NVD API changed so all users are forced to upgrade to 12.1.0+ version as
> per:
> [https://github.com/dependency-check/DependencyCheck#mandatory-upgrade-to-1210]
> All recent versions of the plugin require a JDK 11 or later so essentially we
> cannot use the plugin anymore when running with JDK 8.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
