Skip to content

chore(deps): update dependency org.owasp:dependency-check-maven from v11.1.1 to v12 #230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency org.owasp:dependency-check-maven from v11.1.1 to v12 #230

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 11.1.1 -> 12.1.1 age adoption passing confidence

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.1.1

Compare Source

  • fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
    • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#​7577)
  • fix: update links for repository move from jeremylong to the dependency-check organization (#​7373)
  • fix: resolve NPE when processing CVE-2025-2682 (#​7558)
  • fix: prevent rogue base suppression files (#​7544)
  • fix: #​6819 handle invalid toml file (#​7548)
  • fix: Use unscored severity only in absence of any CVSS baseScore (#​7530)
  • fix: protect against exotic version number of yarn (#​7525)
  • fix: Ignore require-bundle MANIFEST.MF entry for evidence (#​7523)
  • fix: avoid error on yarn berry audit when no vulnerability found (#​7501)
  • fix: improve null checks in Downloader (#​7493)
  • fix: improve null checks resolves https://github.com/dependency-check/dependency-check-gradle/issues/441
  • fix: Avoid FPs when Composer product name has php (#​7486)
  • fix: cli not honoring window paths correctly (#​7470)
  • fix: Also apply muteNoisyLoggers to UpdateMojo (#​7469)
  • fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#​7437)
  • docs: sync the supported Maven version with the one stated in the system requirement section (#​7570)
  • docs: update proxy config documentation (#​7550)
  • docs: Remove copyright as requested by the Apache foundation
  • docs: drop redundant text in the Internet Access Required section (#​7521)
  • docs: correct gradle documentation (#​7511)

See the full listing of changes

v12.1.0

Compare Source

  • build(deps): bump open-vulnerability-client to 7.2.2 (#​7407)
    • resolves issue with downloading data from the NVD (#​7406)
  • fix: Improve thread safety issue #​7338 alternative (#​7367)
  • feat: Implement Yarn Berry Analyser (#​7319)

See the full listing of changes

v12.0.2

Compare Source

  • fix: correct JSON report error (#​7350)
  • fix: some compatability issues in the gitlab report (#​7349)
  • fix: ArtifactoryAnalyzer updated to use the HTTPClient5-based Downloader and skip unusable results (#​7293)
  • chore: allow messages via EngineVersionCheck (#​7353)
  • chore: switch from javax.json to jakarta.json (#​7326)

See the full listing of changes.

v12.0.1

Compare Source

  • docs: Fix OSS Index Maven config documentation (#​7322)
  • Fix OSS Index Maven config documentation
  • chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule (#​7307)
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax (#​7305)
  • fix: improve error message on improperly configured serverId credentials in settings.xml (#​7313)
  • fix: Lower Basic serverId when Bearer was expected to a warning
  • fix: improve error message on improperly configured serverId credentials
  • fix: Correct nonProxyHosts support when no sys properties set (#​7306)
  • core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration
  • core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support
  • fix: Correct nonProxyHosts support when no sys properties set
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax

See the full listing of changes.

v12.0.0

Compare Source

  • BREAKING CHANGE: report on CVSS v4 (#​7204)
    • the schema has been updated to include CVSS v4 for JSON and XML reports
  • feat: show from which dependency the CVE comes in failure report (#​7224)
  • feat: Use Maven settings decryption API for decrypting secrets from settings.xml (#​7284)
  • feat: Extend authentication to support Bearer token for many resources (#​7277)
  • feat: Add a flag to fail when one or more suppression rules are not used (#​7244)
  • fix: add product evidence as vendor to reduce FN (#​7295)
  • fix: Make the HTTP-Client use pre-emptive authentication (#​7255)
  • fix: Add the missing proxy credentials for suppressionFileUser/Password authentication scenario
  • fix: increase max retry count (#​7252)
  • fix: Make the HTTP-Client use pre-emptive authentication for configured server credentials and extend HTTPClient usage to Nexus search
  • fix: Tranform into UTC the last modified date from database (#​7222)

See the full listing of changes.

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from 70520bb to 04ca98f Compare January 19, 2025 14:18
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from 04ca98f to 965dd80 Compare January 30, 2025 16:14
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from 965dd80 to f01d1d9 Compare February 16, 2025 17:05
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from f01d1d9 to 094f761 Compare April 5, 2025 19:20
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Apr 5, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants