Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the maven-dependencies group with 5 updates #45

Closed
wants to merge 1 commit into from
Closed

Bump the maven-dependencies group with 5 updates #45

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 27, 2023

Bumps the maven-dependencies group with 5 updates:

Package From To
org.apache.commons:commons-lang3 3.13.0 3.14.0
org.junit.jupiter:junit-jupiter 5.10.0 5.10.1
org.apache.maven.plugins:maven-surefire-plugin 3.2.1 3.2.2
org.apache.maven.plugins:maven-javadoc-plugin 3.6.0 3.6.2
org.owasp:dependency-check-maven 8.4.2 9.0.1

Updates org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0

Updates org.junit.jupiter:junit-jupiter from 5.10.0 to 5.10.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.10.1 = Platform 1.10.1 + Jupiter 5.10.1 + Vintage 5.10.1

See Release Notes.

Full Changelog: junit-team/junit5@r5.10.0...r5.10.1

Commits
  • e5f50d8 Release 5.10.1
  • ac86d18 Fix typo in AfterAll documentation
  • 388c5be Harmonize application of method and field filters in search algorithms
  • f82dd1e Apply field predicate before searching type hierarchy
  • 1d1eb85 Polishing
  • 5ce280e Update picocli to 4.7.5 and enable help width computation
  • fea05c3 Fix ConsoleLauncherTests and StandaloneTests
  • c556735 Use same expected files for all JDK versions
  • 808493a Run StandaloneTests for Java 8 under Java 8
  • 9ec5766 Unify messages about exit codes in StandaloneTests
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.1 to 3.2.2

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.2.2

🐛 Bug Fixes

📦 Dependency updates

🔧 Build

Commits
  • 2d76753 [maven-release-plugin] prepare release surefire-3.2.2
  • dd640bf [SUREFIRE-2208] Bump org.codehaus.plexus:plexus-java from 1.1.2 to 1.2.0 (#682)
  • dd2fcfd [SUREFIRE-2205] Use maven-plugin-report-plugin only in plugins modules
  • 03c71d1 [SUREFIRE-2206] Downgrade plexus-xml to 3.0.0
  • c3c3c84 Use Maven 3.x.x and 3.6.3 on Jenkins
  • a540ef4 [SUREFIRE-2205] Mojo documentation links are broken
  • 3a58f29 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.2

🐛 Bug Fixes

📦 Dependency updates

Commits
  • 28a89f1 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.2
  • 16ca43f [maven-release-plugin] prepare for next development iteration
  • 88bc4a5 Align IT after MJAVADOC-716
  • 4b881e8 Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0
  • 45a8d29 [MJAVADOC-716] Fix stale files detection failing because of the added newline...
  • afb2dee [MJAVADOC-713] Skipping Javadoc reportset leaves empty Javadoc link in site
  • 4bad23f [MJAVADOC-730] Deprecate parameter "old"
  • 8364883 [MJAVADOC-777] Bump org.codehaus.plexus:plexus-java from 1.1.2 to 1.2.0 (#245)
  • 6fa9c86 [MJAVADOC-762] don't share state between tests (#218)
  • 05b12e8 [MJAVADOC-726] exclude velocity (#243)
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 8.4.2 to 9.0.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 9.0.1

  • fix: check java 8 update version; minimum JRE is 8 update 251 (#6118)
  • fix: add retry for failed NVD API requests (#6136)
  • docs: add default values to documentation for the NVD API Delay (#6135)
  • chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (#6131)
    • this is a breaking change for anyone that successfully created the H2 database with 9.0.0.
  • fix: mute jcs logging (#6130)
  • docs: update NVD notice (#6110)
  • fix: Use the correct key for NVD API-Key from Maven Settings serverId (#6109)

See the full listing of changes.

Version 9.0.0

breaking changes: See the upgrade notice

  • feat: Utilize NVD API (#5978)
  • feat: gitlab dependency scanner report format #5919 (#5920)
  • fix: Use ASCII apostrophe for console message (#6076)

See the full listing of changes.

Version 8.4.3

  • fix: bump jcs3 (#6047)
  • docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 9.0.1 (2023-11-26)

breaking changes: See the upgrade notice

  • fix: check java 8 update version; minimum JRE is 8 update 251 (#6118)
  • fix: add retry for failed NVD API requests (#6136)
  • docs: add default values to documentation for the NVD API Delay (#6135)
  • chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (#6131)
    • this is a breaking change for anyone that successfully created the H2 database with 9.0.0.
  • fix: mute jcs logging (#6130)
  • docs: update NVD notice (#6110)
  • fix: Use the correct key for NVD API-Key from Maven Settings serverId (#6109)

See the full listing of changes.

Version 9.0.0 (2023-11-22)

breaking changes: See the upgrade notice

  • feat: Utilize NVD API (#5978)
  • feat: gitlab dependency scanner report format #5919 (#5920)
  • fix: Use ASCII apostrophe for console message (#6076)

See the full listing of changes.

Version 8.4.3 (2023-11-15)

  • fix: bump jcs3 (#6047)
  • docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

Commits
  • ff31186 build: prepare release v9.0.1
  • e55fe59 docs: prepare release
  • bf51025 fix: check java 8 update version (#6118)
  • 5601e55 fix: add retry for failed NVD API requests (#6136)
  • daf8c98 docs: add default values to documentation for the NVD API Delay (#6135)
  • d0adc75 build(deps): bump org.apache.commons:commons-compress from 1.24.0 to 1.25.0 (...
  • b89273c chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (...
  • 5a3cef7 fix: mute jcs logging (#6130)
  • 8706c3e fix: use fake nvd data feed for IT (#6113)
  • 0b86bca fix: Configure nvd.api.delay default (#6112)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the maven-dependencies group with 5 updates
8fe3a21 
Bumps the maven-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| org.apache.commons:commons-lang3 | `3.13.0` | `3.14.0` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) | `5.10.0` | `5.10.1` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.2.1` | `3.2.2` |
| [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.6.0` | `3.6.2` |
| [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `8.4.2` | `9.0.1` |


Updates `org.apache.commons:commons-lang3` from 3.13.0 to 3.14.0

Updates `org.junit.jupiter:junit-jupiter` from 5.10.0 to 5.10.1
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.10.0...r5.10.1)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.2.1...surefire-3.2.2)

Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.6.0 to 3.6.2
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.6.0...maven-javadoc-plugin-3.6.2)

Updates `org.owasp:dependency-check-maven` from 8.4.2 to 9.0.1
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v8.4.2...v9.0.1)

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-lang3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: maven-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 27, 2023
@dependabot dependabot bot mentioned this pull request Nov 27, 2023
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 28, 2023

The group that created this PR has been removed from your configuration.

@dependabot dependabot bot closed this Nov 28, 2023
@dependabot dependabot bot deleted the dependabot/maven/maven-dependencies-dc7430a1b8 branch November 28, 2023 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants