Fix vuln-scan in cron-jobs (#18898)

kgyrtkirk · web-flow · commit 78828284bacf · 2026-01-15T16:06:40.000+01:00
diff --git a/.github/workflows/cron-job-its.yml b/.github/workflows/cron-job-its.yml
@@ -90,8 +90,12 @@ jobs:
         run: mvn clean install -P dist -P skip-static-checks,skip-tests -Dmaven.javadoc.skip=true -Dcyclonedx.skip=true -Dweb.console.skip=true
 
       - name: security vulnerabilities check
+        env:
+          OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
+          OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
         run: |
-          mvn dependency-check:purge dependency-check:check || { echo "
+          mvn -B dependency-check:purge dependency-check:check -DnvdApiKey=$NVD_API_KEY -DossIndexUsername=$OSS_INDEX_USERNAME -DossIndexPassword=$OSS_INDEX_PASSWORD || { echo "
           The OWASP dependency check has found security vulnerabilities. Please use a newer version
           of the dependency that does not have vulnerabilities. To see a report run
           `mvn dependency-check:check`
diff --git a/licenses.yaml b/licenses.yaml
@@ -2466,11 +2466,20 @@ module: java-core
 license_name: Apache License version 2.0
 version: 1.8.1
 libraries:
-  - at.yawk.lz4: lz4-java
   - org.lz4: lz4-java
 
 ---
 
+name: LZ4 Java
+license_category: binary
+module: java-core
+license_name: Apache License version 2.0
+version: 1.10.2
+libraries:
+  - at.yawk.lz4: lz4-java
+
+---
+
 name: MapDB
 license_category: binary
 module: java-core
diff --git a/pom.xml b/pom.xml
@@ -911,7 +911,7 @@
             <dependency>
                 <groupId>at.yawk.lz4</groupId>
                 <artifactId>lz4-java</artifactId>
-                <version>1.8.1</version>
+                <version>1.10.2</version>
             </dependency>
             <dependency>
                 <groupId>org.xerial.snappy</groupId>
@@ -1846,10 +1846,9 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>12.1.0</version>
+                <version>12.2.0</version>
                 <configuration>
                     <nvdApiKey>${nvdApiKey}</nvdApiKey>
-                    <ossIndexServerId>ossindex-credentials</ossIndexServerId>
                     <failBuildOnCVSS>7</failBuildOnCVSS>
                     <skipProvidedScope>true</skipProvidedScope>
                     <skipSystemScope>true</skipSystemScope>  <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
