Apply suggestions from code review

Co-authored-by: Christoph Pirkl <[email protected]>
exasol · Oct 16, 2024 · 763b454 · 763b454
1 parent 51aa109
commit 763b454
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/doc/changes/changes_4.3.4.md b/doc/changes/changes_4.3.4.md
@@ -4,17 +4,15 @@ Code name: Fix vulnerabilities
 
 ## Summary
 
-This release fixes vulnerabilities
-* CVE-2024-47554 in transitive test dependency `commons-io:commons-io` via `com.exasol:maven-plugin-integration-testing:1.1.2` and `com.jcabi:jcabi-github:1.8.0`
-* CVE-2023-7272 in transitive runtime dependency `org.glassfish:javax.json:1.1.4` via `com.jcabi:jcabi-github:1.8.0`
+This release fixes vulnerability CVE-2024-47554 in transitive test dependency `commons-io:commons-io` via `com.exasol:maven-plugin-integration-testing:1.1.2` and `com.jcabi:jcabi-github:1.8.0`
 
 The release ignores vulnerability CVE-2023-7272 in transitive runtime dependency `org.glassfish:javax.json:1.1.4` via `com.jcabi:jcabi-github:jar:1.9.1` as this is accepted for accessing exasol json documents on GitHub.
 
 ### Security
 
 * #586: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.11.0`
 * #587: Fixed vulnerability CVE-2024-47554 in test dependency `commons-io:commons-io:2.13.0`
-* #588: Fixed vulnerability CVE-2023-7272 in runtime dependency `org.glassfish:javax.json:1.1.4`
+* #588: Ignore vulnerability CVE-2023-7272 in runtime dependency `org.glassfish:javax.json:1.1.4`
 
 ## Dependency Updates
 

diff --git a/maven-project-crawler/pom.xml b/maven-project-crawler/pom.xml
@@ -115,10 +115,12 @@
                     </ignoredResourcePatterns>
                     <ignoredDependencies>
                       <dependency>
+                        <!-- provided -->
                         <groupId>org.codehaus.plexus</groupId>
                         <artifactId>plexus-utils</artifactId>
                       </dependency>
                       <dependency>
+                        <!-- provided -->
                         <groupId>org.codehaus.plexus</groupId>
                         <artifactId>plexus-xml</artifactId>
                       </dependency>

diff --git a/project-keeper-maven-plugin/pom.xml b/project-keeper-maven-plugin/pom.xml
@@ -125,9 +125,18 @@
                     <ignoredResourcePatterns>
                         <ignoredResourcePattern>about.html</ignoredResourcePattern>
                     </ignoredResourcePatterns>
-                    <ignoredClassPatterns>
-                        <ignoredClassPattern>^org\.codehaus\.plexus\.util\.xml\..*</ignoredClassPattern>
-                    </ignoredClassPatterns>
+                    <ignoredDependencies>
+                      <dependency>
+                        <!-- provided -->
+                        <groupId>org.codehaus.plexus</groupId>
+                        <artifactId>plexus-utils</artifactId>
+                      </dependency>
+                      <dependency>
+                        <!-- provided -->
+                        <groupId>org.codehaus.plexus</groupId>
+                        <artifactId>plexus-xml</artifactId>
+                      </dependency>
+                    </ignoredDependencies>
                 </configuration>
             </plugin>
             <plugin>