Bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 #150

dependabot · 2024-04-01T22:54:45Z

Bumps org.owasp:dependency-check-maven from 9.0.9 to 9.1.0.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 9.1.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 9.0.10

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 9.1.0 (2024-03-31)

feat: Add v2 support for maven_install.json (#6528)

build(deps): bump open-vulnerability-client (#6554)

resolves update issues due to CVSS Metrics 4.0

build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353)

build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362)

build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506)

See the full listing of changes.

Version 9.0.10 (2024-03-15)

fix: #4321 Suppress redis server CVEs for client libraries (#4321) (#6489)

fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 (#6492)

feat: Allow to pass NVD API key via environment variable (#6454)

fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block (#6501)

docs: document the default data directory (#6484)

fix: prevent NPE in bundler audit (#6462)

fix: #6441 Improve suppression rule to not restrict to a single version (#6442)

See the full listing of changes.

Commits

e0b9397 build: prepare release v9.1.0
3f1b558 docs: prepare release 9.1.0
c364269 build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353)
d2c04b5 build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362)
e8c4ca3 build(deps): bump open-vulnerability-client (#6554)
2e6a231 build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506)
0e183da build(deps): bump actions/setup-java from 3 to 4 (#6172)
42adde4 fix: typo (#6526)
f60c867 feat: Add v2 support for maven_install.json (#6528)
a6a8f21 Merge pull request #1 from nutshelllabs/ef/add-maven-install-v2-support
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 9.0.9 to 9.1.0. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v9.0.9...v9.1.0) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-04-03T06:50:10Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot requested a review from heubeck as a code owner April 1, 2024 22:54

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 1, 2024

dependabot bot mentioned this pull request Apr 1, 2024

Bump org.owasp:dependency-check-maven from 9.0.9 to 9.0.10 #146

Closed

heubeck closed this Apr 3, 2024

dependabot bot deleted the dependabot/maven/org.owasp-dependency-check-maven-9.1.0 branch April 3, 2024 06:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 #150

Bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 #150

dependabot bot commented on behalf of github Apr 1, 2024

dependabot bot commented on behalf of github Apr 3, 2024

Bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 #150

Bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 #150

Conversation

dependabot bot commented on behalf of github Apr 1, 2024

Version 9.1.0

Version 9.0.10

Version 9.1.0 (2024-03-31)

Version 9.0.10 (2024-03-15)

dependabot bot commented on behalf of github Apr 3, 2024