Skip to content

Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1 #130

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1 #130

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2025

Bumps org.owasp:dependency-check-maven from 12.1.0 to 12.1.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.1 (2025-04-05)

  • fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
    • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
  • fix: update links for repository move from jeremylong to the dependency-check organization (#7373)
  • fix: resolve NPE when processing CVE-2025-2682 (#7558)
  • fix: prevent rogue base suppression files (#7544)
  • fix: #6819 handle invalid toml file (#7548)
  • fix: Use unscored severity only in absence of any CVSS baseScore (#7530)
  • fix: protect against exotic version number of yarn (#7525)
  • fix: Ignore require-bundle MANIFEST.MF entry for evidence (#7523)
  • fix: avoid error on yarn berry audit when no vulnerability found (#7501)
  • fix: improve null checks in Downloader (#7493)
  • fix: improve null checks resolves dependency-check/dependency-check-gradle#441
  • fix: Avoid FPs when Composer product name has php (#7486)
  • fix: cli not honoring window paths correctly (#7470)
  • fix: Also apply muteNoisyLoggers to UpdateMojo (#7469)
  • fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#7437)
  • docs: sync the supported Maven version with the one stated in the system requirement section (#7570)
  • docs: update proxy config documentation (#7550)
  • docs: Remove copyright as requested by the Apache foundation
  • docs: drop redundant text in the Internet Access Required section (#7521)
  • docs: correct gradle documentation (#7511)

See the full listing of changes

Commits
  • 67cccfb build: prepare release v12.1.1
  • d7f876d docs: release 12.1.1
  • f7e3d05 build(deps): bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
  • 20c62ec build(deps-dev): bump io.netty:netty-codec-http from 4.1.119.Final to 4.2.0.F...
  • c0a8a52 build(deps-dev): bump io.netty:netty-codec-http
  • 35b7a16 docs: sync the supported Maven version with the one stated in the system requ...
  • 511710f build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 (#7571)
  • b231423 build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (#7568)
  • 1491689 build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 t...
  • 288458c build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 t...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1
26b9f81 
Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.1.0 to 12.1.1.
- [Release notes](https://github.com/dependency-check/DependencyCheck/releases)
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.1.0...v12.1.1)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 7, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants