Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore(deps): bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0 #1235

Merged
merged 1 commit into from
Jan 14, 2025
Merged

chore(deps): bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0 #1235

merged 1 commit into from
Jan 14, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2025

Bumps org.owasp:dependency-check-maven from 11.1.1 to 12.0.0.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.0.0 (2025-01-11)

  • feat: report on CVSS v4 (#7204)
  • feat: show from which dependency the CVE comes in failure report (#7224)
  • feat: Use Maven settings decryption API for decrypting secrets from settings.xml (#7284)
  • feat: Extend authentication to support Bearer token for many resources (#7277)
  • feat: Add a flag to fail when one or more suppression rules are not used (#7244)
  • fix: add product evidence as vendor to reduce FN (#7295)
  • fix: Make the HTTP-Client use pre-emptive authentication (#7255)
  • fix: Add the missing proxy credentials for suppressionFileUser/Password authentication scenario
  • fix: increase max retry count (#7252)
  • fix: Make the HTTP-Client use pre-emptive authentication for configured server credentials and extend HTTPClient usage to Nexus search
  • fix: Tranform into UTC the last modified date from database (#7222)

See the full listing of changes.

Commits
  • 48d567d build: prepare release v12.0.0
  • 69453c8 chore: prepare release
  • 0fd289a chore: Remove code-paths for Java versions <=8 (#7297)
  • b51921f fix: add product evidence as vendor to reduce FN (#7295)
  • ae8c06a chore: fixup JQuery LICENSE.txt file which was a full github html page dump (...
  • 5a47091 build(deps): Sanitize dependencies based on dependency:analyze-report results...
  • 57db1ca build(deps): bump commons-beanutils:commons-beanutils from 1.9.4 to 1.10.0 (#...
  • 361fe48 build(deps): bump commons-beanutils:commons-beanutils
  • 09c4c71 build(deps): bump commons-codec:commons-codec from 1.17.1 to 1.17.2 (#7287)
  • 505ddff feat: Use Maven settings decryption API for decrypting secrets from settings....
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0
7785e35 
Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 11.1.1 to 12.0.0.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v11.1.1...v12.0.0)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 13, 2025
@deki deki merged commit 2340f3c into main Jan 14, 2025
8 checks passed
@dependabot dependabot bot deleted the dependabot/maven/org.owasp-dependency-check-maven-12.0.0 branch January 14, 2025 05:28
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@deki