safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1807: Merge update to latest compatible versions for Java dependencies and JDBC drivers.

Browse Source
This commit is contained in:
James Muehlner
2023-07-11 11:28:08 -07:00
committed by GitHub
parent 7e236daf2f bbf67521f3
commit e7e78f05bb
53 changed files with 173 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@@ -50,6 +50,11 @@ RUN apt-get update && apt-get install -y firefox
# as well: `--build-arg MAVEN_ARGUMENTS="-P lgpl-extensions -DskipTests=false"`.
ARG MAVEN_ARGUMENTS="-DskipTests=false"
# Versions of JDBC drivers to bundle within image
ARG MSSQL_JDBC_VERSION=12.2.0
ARG MYSQL_JDBC_VERSION=8.0.33
ARG PGSQL_JDBC_VERSION=42.6.0
# Build environment variables
ENV \
BUILD_DIR=/tmp/guacamole-docker-BUILD

2
doc/guacamole-example/pom.xml
View File

@@ -122,7 +122,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>2.0.6</version>
<version>2.0.7</version>
</dependency>

8
doc/licenses/caffeine-2.9.3/README Normal file
View File

@@ -0,0 +1,8 @@
Caffeine (https://github.com/ben-manes/caffeine)
------------------------------------------------
Version: 2.9.3
From: 'Ben Manes' (https://github.com/ben-manes)
License(s):
Apache v2.0

1
doc/licenses/caffeine-2.9.3/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.github.ben-manes.caffeine:caffeine:jar:2.9.3

1
doc/licenses/checker-qual-3.12.0/dep-coordinates.txt
View File

@@ -1 +0,0 @@
org.checkerframework:checker-qual:jar:3.12.0

0
doc/licenses/checker-qual-3.12.0/LICENSE.txt → doc/licenses/checker-qual-3.33.0/LICENSE.txt
View File

4
doc/licenses/checker-qual-3.12.0/README → doc/licenses/checker-qual-3.33.0/README
View File

@@ -1,8 +1,8 @@
Checker Framework qualifiers (https://checkerframework.org/)
------------------------------------------------------------
Version: 3.12.0
Version: 3.33.0
From: 'Checker Framework developers' (https://checkerframework.org/)
License(s):
MIT (bundled/checker-qual-3.12.0/LICENSE.txt)
MIT (bundled/checker-qual-3.33.0/LICENSE.txt)

1
doc/licenses/checker-qual-3.33.0/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.checkerframework:checker-qual:jar:3.33.0

1
doc/licenses/directory-api-2.1.2/dep-coordinates.txt
View File

@@ -1 +0,0 @@
org.apache.directory.api:api-all:jar:2.1.2

2
doc/licenses/directory-api-2.1.2/NOTICE → doc/licenses/directory-api-2.1.3/NOTICE
View File

@@ -1,5 +1,5 @@
Apache Directory LDAP API
Copyright 2003-2021 The Apache Software Foundation
Copyright 2003-2022 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).

2
doc/licenses/directory-api-2.1.2/README → doc/licenses/directory-api-2.1.3/README
View File

@@ -1,7 +1,7 @@
Apache Directory LDAP API (http://directory.apache.org)
-------------------------------------------------------
Version: 2.1.2
Version: 2.1.3
From: 'Apache Software Foundation' (https://www.apache.org/)
License(s):
Apache v2.0

1
doc/licenses/directory-api-2.1.3/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.apache.directory.api:api-all:jar:2.1.3

12
doc/licenses/dom4j-2.1.3/LICENSE → doc/licenses/dom4j-2.1.4/LICENSE
View File

@@ -1,4 +1,4 @@
Copyright 2001-2016 (C) MetaStuff, Ltd. and DOM4J contributors. All Rights Reserved.
Copyright 2001-2023 © MetaStuff, Ltd. and DOM4J contributors. All Rights Reserved.
Redistribution and use of this software and associated documentation
("Software"), with or without modification, are permitted provided
@@ -7,24 +7,24 @@ that the following conditions are met:
1. Redistributions of source code must retain copyright
statements and notices. Redistributions must also contain a
copy of this document.
2. Redistributions in binary form must reproduce the
above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other
materials provided with the distribution.
3. The name "DOM4J" must not be used to endorse or promote
products derived from this Software without prior written
permission of MetaStuff, Ltd. For written permission,
please contact dom4j-info@metastuff.com.
4. Products derived from this Software may not be called "DOM4J"
nor may "DOM4J" appear in their names without prior written
permission of MetaStuff, Ltd. DOM4J is a registered
trademark of MetaStuff, Ltd.
5. Due credit should be given to the DOM4J Project - https://dom4j.github.io/
THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

4
doc/licenses/dom4j-2.1.3/README → doc/licenses/dom4j-2.1.4/README
View File

@@ -1,8 +1,8 @@
DOM4J (https://dom4j.github.io/)
--------------------------------
Version: 2.1.3
Version: 2.1.4
From: 'MetaStuff, Ltd. and DOM4J contributors'
License(s):
DOM4J License (bundled/dom4j-2.1.3/LICENSE)
DOM4J License (bundled/dom4j-2.1.4/LICENSE)

2
doc/licenses/dom4j-2.1.3/dep-coordinates.txt → doc/licenses/dom4j-2.1.4/dep-coordinates.txt
View File

@@ -1 +1 @@
org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:jar:2.1.3_1
org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:jar:2.1.4_1

1
doc/licenses/error-prone-2.11.0/dep-coordinates.txt
View File

@@ -1 +0,0 @@
com.google.errorprone:error_prone_annotations:jar:2.11.0

2
doc/licenses/error-prone-2.11.0/README → doc/licenses/error-prone-2.18.0/README
View File

@@ -1,7 +1,7 @@
Error Prone (https://errorprone.info/)
--------------------------------------
Version: 2.11.0
Version: 2.18.0
From: 'Google Inc.' (http://www.google.com/)
License(s):
Apache v2.0

1
doc/licenses/error-prone-2.18.0/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.google.errorprone:error_prone_annotations:jar:2.18.0

2
doc/licenses/guava-31.1-jre/README → doc/licenses/guava-32.1.1-jre/README
View File

@@ -1,7 +1,7 @@
Guava: Google Core Libraries for Java (https://github.com/google/guava)
-----------------------------------------------------------------------
Version: 31.1-jre
Version: 32.1.1-jre
From: 'Google Inc.' (http://www.google.com/)
License(s):
Apache v2.0

2
doc/licenses/guava-31.1-jre/dep-coordinates.txt → doc/licenses/guava-32.1.1-jre/dep-coordinates.txt
View File

@@ -1,3 +1,3 @@
com.google.guava:failureaccess:jar:1.0.1
com.google.guava:guava:jar:31.1-jre
com.google.guava:guava:jar:32.1.1-jre
com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava

1
doc/licenses/j2objc-annotations-1.3/dep-coordinates.txt
View File

@@ -1 +0,0 @@
com.google.j2objc:j2objc-annotations:jar:1.3

2
doc/licenses/j2objc-annotations-1.3/README → doc/licenses/j2objc-annotations-2.8/README
View File

@@ -1,7 +1,7 @@
Java to Objective-C Annotations (https://github.com/google/j2objc)
------------------------------------------------------------------
Version: 1.3
Version: 2.8
From: 'Google Inc.' (http://www.google.com/)
License(s):
Apache v2.0

1
doc/licenses/j2objc-annotations-2.8/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.google.j2objc:j2objc-annotations:jar:2.8

0
doc/licenses/jackson-2.15.0/NOTICE → doc/licenses/jackson-2.15.2/NOTICE
View File

2
doc/licenses/jackson-2.15.0/README → doc/licenses/jackson-2.15.2/README
View File

@@ -1,7 +1,7 @@
Jackson (https://github.com/FasterXML/jackson)
----------------------------------------------
Version: 2.15.0
Version: 2.15.2
From: 'FasterXML, LLC' (https://github.com/FasterXML)
License(s):
Apache v2.0

8
doc/licenses/jackson-2.15.0/dep-coordinates.txt → doc/licenses/jackson-2.15.2/dep-coordinates.txt
View File

@@ -1,4 +1,4 @@
com.fasterxml.jackson.core:jackson-core:jar:2.15.0
com.fasterxml.jackson.core:jackson-annotations:jar:2.15.0
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.15.0
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.15.0
com.fasterxml.jackson.core:jackson-core:jar:2.15.2
com.fasterxml.jackson.core:jackson-annotations:jar:2.15.2
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.15.2
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.15.2

1
doc/licenses/jackson-databind-2.15.0/dep-coordinates.txt
View File

@@ -1 +0,0 @@
com.fasterxml.jackson.core:jackson-databind:jar:2.15.0

0
doc/licenses/jackson-databind-2.15.0/NOTICE → doc/licenses/jackson-databind-2.15.2/NOTICE
View File

2
doc/licenses/jackson-databind-2.15.0/README → doc/licenses/jackson-databind-2.15.2/README
View File

@@ -1,7 +1,7 @@
Jackson-databind (https://github.com/FasterXML/jackson-databind)
----------------------------------------------
Version: 2.15.0
Version: 2.15.2
From: 'FasterXML, LLC' (https://github.com/FasterXML)
License(s):
Apache v2.0

1
doc/licenses/jackson-databind-2.15.2/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.fasterxml.jackson.core:jackson-databind:jar:2.15.2

1
doc/licenses/javassist-3.29.0-ga/dep-coordinates.txt
View File

@@ -1 +0,0 @@
org.javassist:javassist:jar:3.29.0-GA

2
doc/licenses/javassist-3.29.0-ga/README → doc/licenses/javassist-3.29.2-ga/README
View File

@@ -1,7 +1,7 @@
Javassist (https://www.javassist.org/)
--------------------------------------
Version: 3.29.0-GA
Version: 3.29.2-GA
From: 'Shigeru Chiba' (https://github.com/chibash)
License(s):
Apache v2.0

1
doc/licenses/javassist-3.29.2-ga/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.javassist:javassist:jar:3.29.2-GA

7
doc/licenses/jersey-2.39.1/dep-coordinates.txt
View File

@@ -1,7 +0,0 @@
org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.39.1
org.glassfish.jersey.core:jersey-common:jar:2.39.1
org.glassfish.jersey.core:jersey-server:jar:2.39.1
org.glassfish.jersey.core:jersey-client:jar:2.39.1
org.glassfish.jersey.inject:jersey-hk2:jar:2.39.1
org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.39.1
org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.39.1

0
doc/licenses/jersey-2.39.1/LICENSE.md → doc/licenses/jersey-2.40/LICENSE.md
View File

4
doc/licenses/jersey-2.39.1/README → doc/licenses/jersey-2.40/README
View File

@@ -1,8 +1,8 @@
Jersey (https://jersey.java.net/)
---------------------------------
Version: 2.39.1
Version: 2.40
From: 'Eclipse Foundation' (https://www.eclipse.org/)
License(s):
EPL v2.0 (bundled/jersey-2.39.1/LICENSE.md)
EPL v2.0 (bundled/jersey-2.40/LICENSE.md)

7
doc/licenses/jersey-2.40/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,7 @@
org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.40
org.glassfish.jersey.core:jersey-common:jar:2.40
org.glassfish.jersey.core:jersey-server:jar:2.40
org.glassfish.jersey.core:jersey-client:jar:2.40
org.glassfish.jersey.inject:jersey-hk2:jar:2.40
org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.40
org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.40

5
doc/licenses/kotlin-1.8.20/dep-coordinates.txt
View File

@@ -1,5 +0,0 @@
org.jetbrains.kotlin:kotlin-reflect:jar:1.8.20
org.jetbrains.kotlin:kotlin-stdlib:jar:1.8.20
org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.8.20
org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.8.20
org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.8.20

0
doc/licenses/kotlin-1.8.20/NOTICE.txt → doc/licenses/kotlin-1.9.0/NOTICE.txt
View File

2
doc/licenses/kotlin-1.8.20/README → doc/licenses/kotlin-1.9.0/README
View File

@@ -1,7 +1,7 @@
Kotlin (https://kotlinlang.org/)
--------------------------------
Version: 1.8.20
Version: 1.9.0
From: 'JetBrains s.r.o and respective authors and developers'
License(s):
Apache v2.0

5
doc/licenses/kotlin-1.9.0/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,5 @@
org.jetbrains.kotlin:kotlin-reflect:jar:1.9.0
org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.0
org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.9.0
org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.9.0
org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.9.0

1
doc/licenses/ksm-sdk-16.5.3/dep-coordinates.txt
View File

@@ -1 +0,0 @@
com.keepersecurity.secrets-manager:core:jar:16.5.3

0
doc/licenses/ksm-sdk-16.5.3/LICENSE → doc/licenses/ksm-sdk-16.5.4/LICENSE
View File

4
doc/licenses/ksm-sdk-16.5.3/README → doc/licenses/ksm-sdk-16.5.4/README
View File

@@ -2,8 +2,8 @@ Keeper Secrets Manager Java SDK
(https://github.com/Keeper-Security/secrets-manager)
----------------------------------------------------
Version: 16.5.3
Version: 16.5.4
From: 'Keeper Security' (https://www.keepersecurity.com/)
License(s):
MIT (bundled/ksm-sdk-16.5.3/LICENSE)
MIT (bundled/ksm-sdk-16.5.4/LICENSE)

1
doc/licenses/ksm-sdk-16.5.4/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.keepersecurity.secrets-manager:core:jar:16.5.4

2
doc/licenses/logback-1.3.7/dep-coordinates.txt
View File

@@ -1,2 +0,0 @@
ch.qos.logback:logback-classic:jar:1.3.7
ch.qos.logback:logback-core:jar:1.3.7

0
doc/licenses/logback-1.3.7/LICENSE.txt → doc/licenses/logback-1.3.8/LICENSE.txt
View File

4
doc/licenses/logback-1.3.7/README → doc/licenses/logback-1.3.8/README
View File

@@ -1,8 +1,8 @@
Logback (http://logback.qos.ch/)
--------------------------------
Version: 1.3.7
Version: 1.3.8
From: 'QOS.ch Sàrl' (http://qos.ch/)
License(s):
EPL v1.0 (bundled/logback-1.3.7/LICENSE.txt)
EPL v1.0 (bundled/logback-1.3.8/LICENSE.txt)

2
doc/licenses/logback-1.3.8/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,2 @@
ch.qos.logback:logback-classic:jar:1.3.8
ch.qos.logback:logback-core:jar:1.3.8

32
extensions/guacamole-auth-ldap/pom.xml
View File

@@ -51,41 +51,11 @@
<dependency>
<groupId>org.apache.directory.api</groupId>
<artifactId>api-all</artifactId>
<version>2.1.2</version>
<version>2.1.3</version>
<exclusions>
<!-- Resolve version conflict (see below - transitive
dependencies of api-all disagree on 3.12.0 vs. 3.11) -->
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
<!-- Use latest version of commons-text -->
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Force use of version 3.12.0 (transitive dependencies of
api-all disagree on 3.12.0 vs. 3.11) -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
</dependency>
<!-- Force latest version of commons-text (transitive dependency from
Apache Directory API -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
<!-- Guice -->
<dependency>
<groupId>com.google.inject</groupId>

4
extensions/guacamole-vault/modules/guacamole-vault-ksm/pom.xml
View File

@@ -38,7 +38,7 @@
</parent>
<properties>
<kotlin.version>1.8.20</kotlin.version>
<kotlin.version>1.9.0</kotlin.version>
</properties>
<dependencies>
@@ -60,7 +60,7 @@
<dependency>
<groupId>com.keepersecurity.secrets-manager</groupId>
<artifactId>core</artifactId>
<version>16.5.3</version>
<version>16.5.4</version>
<!-- Correct version conflict (different versions across transitive
dependencies) -->

15
guacamole-docker/bin/build-guacamole.sh
View File

@@ -83,7 +83,7 @@ tar -xzf extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-dist/target/
#
echo "Downloading MySQL Connector/J ..."
curl -L "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-8.0.32.tar.gz" | \
curl -L "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_JDBC_VERSION.tar.gz" | \
tar -xz \
-C "$DESTINATION/mysql/" \
--wildcards \
@@ -97,7 +97,8 @@ tar -xz \
#
echo "Downloading PostgreSQL JDBC driver ..."
curl -L "https://jdbc.postgresql.org/download/postgresql-42.3.8.jar" > "$DESTINATION/postgresql/postgresql-42.3.8.jar"
curl -L "https://jdbc.postgresql.org/download/postgresql-$PGSQL_JDBC_VERSION.jar" \
> "$DESTINATION/postgresql/postgresql-$PGSQL_JDBC_VERSION.jar"
#
# Copy SSO auth extensions
@@ -115,14 +116,8 @@ tar -xzf extensions/guacamole-auth-sso/modules/guacamole-auth-sso-dist/target/*.
#
echo "Downloading SQL Server JDBC driver ..."
curl -L "https://go.microsoft.com/fwlink/?linkid=2183223&clcid=0x409" | \
tar -xz \
-C "$DESTINATION/sqlserver/" \
--wildcards \
--no-anchored \
--no-wildcards-match-slash \
--strip-components=2 \
"mssql-jdbc-*.jre8.jar"
curl -L "https://github.com/microsoft/mssql-jdbc/releases/download/v$MSSQL_JDBC_VERSION/mssql-jdbc-$MSSQL_JDBC_VERSION.jre8.jar" \
> "$DESTINATION/sqlserver/mssql-jdbc-$MSSQL_JDBC_VERSION.jre8.jar" \
#
# Copy LDAP auth extension and schema modifications

104
pom.xml
View File

@@ -36,15 +36,15 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Dependency versions -->
<guava.version>31.1-jre</guava.version>
<guava.version>32.1.1-jre</guava.version>
<guice.version>5.1.0</guice.version>
<hk2.version>2.6.1</hk2.version>
<jackson.version>2.15.0</jackson.version>
<jackson-databind.version>2.15.0</jackson-databind.version>
<jersey.version>2.39.1</jersey.version>
<junit.version>5.9.2</junit.version>
<jackson.version>2.15.2</jackson.version>
<jackson-databind.version>2.15.2</jackson-databind.version>
<jersey.version>2.40</jersey.version>
<junit.version>5.9.3</junit.version>
<junit4.version>4.13.2</junit4.version>
<logback.version>1.3.7</logback.version>
<logback.version>1.3.8</logback.version>
<slf4j.version>2.0.7</slf4j.version>
<!-- The directory that should receive all generated dependency lists
@@ -57,6 +57,13 @@
or missing license headers). -->
<ignoreLicenseErrors>false</ignoreLicenseErrors>
<!-- Set to "true" to perform automated checks for available dependency
updates, including whether the declared versions of any
dependencies have associated CVEs in NVD. Beware that both checks
may produce false positives and false negatives. Updates need to be
checked for compatibility and any changes in license information. -->
<checkDependencies>false</checkDependencies>
</properties>
<modules>
@@ -475,6 +482,91 @@
</build>
</profile>
<!-- Perform automated dependency checks if "checkDependencies" is set to "true" -->
<profile>
<id>check-dependencies</id>
<activation>
<property>
<name>checkDependencies</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<!-- Checks for availability of likely-compatibile updates to
dependencies -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.16.0</version>
<configuration>
<allowMajorUpdates>false</allowMajorUpdates>
<dependencyExcludes>*:*:*:*:*:provided,*:*:*:*:*:system</dependencyExcludes>
<outputFile>${project.build.directory}/dependency-update-report.txt</outputFile>
<ruleSet>
<ignoreVersions>
<ignoreVersion>
<type>regex</type>
<version>(.+-SNAPSHOT|.+-(M|RC)\d+)</version>
</ignoreVersion>
<ignoreVersion>
<type>regex</type>
<version>.+-(alpha|beta)\b.*?</version>
</ignoreVersion>
</ignoreVersions>
<rules>
<rule>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<ignoreVersions>
<ignoreVersion>
<type>regex</type>
<version>1\.4\..+</version>
</ignoreVersion>
</ignoreVersions>
</rule>
</rules>
</ruleSet>
</configuration>
<executions>
<execution>
<id>check-dependency-updates</id>
<phase>validate</phase>
<goals>
<goal>display-dependency-updates</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Checks for possible known CVEs against dependencies
NOTE: This WILL produce false positives!!! -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.3.1</version>
<configuration>
<skipProvidedScope>true</skipProvidedScope>
<skipSystemScope>true</skipSystemScope>
<skipTestScope>true</skipTestScope>
<nodeAuditAnalyzerUrl>/-/npm/v1/security/advisories/bulk</nodeAuditAnalyzerUrl>
</configuration>
<executions>
<execution>
<id>check-dependency-updates</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>