Track CVE in PMD for Gradle

Question

Track CVE in PMD for Gradle

binkley opened this issue 3 years ago · 3 comments

OWASP complains about commons-io 2.6. 2.8.0 is current version

Work out how to update a plugin dependency without making it a runtime dependency.

Answer 1 · 2021-04-24T09:04:09.000Z

See unbroken-dome/gradle-testsets-plugin#117 which is blocking trying Gradle 7.0. The assumption: Gradle 7.0 has an updated PMD bundled plugin which uses a newer commons-io.

Related to #49

Answer 2 · 2021-04-26T03:07:34.000Z

Likewise, see how to disable the Gradle PMD plugin from the command line with a flag

Answer 3 · 2021-05-15T08:04:08.000Z

Resolved via a workaround.