Skip to content

Update dependency org.owasp:dependency-check-maven from v11.1.1 to v12 #275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency org.owasp:dependency-check-maven from v11.1.1 to v12 #275

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 11.1.1 -> 12.1.1 age adoption passing confidence

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.1.1

Compare Source

  • fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
    • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#​7577)
  • fix: update links for repository move from jeremylong to the dependency-check organization (#​7373)
  • fix: resolve NPE when processing CVE-2025-2682 (#​7558)
  • fix: prevent rogue base suppression files (#​7544)
  • fix: #​6819 handle invalid toml file (#​7548)
  • fix: Use unscored severity only in absence of any CVSS baseScore (#​7530)
  • fix: protect against exotic version number of yarn (#​7525)
  • fix: Ignore require-bundle MANIFEST.MF entry for evidence (#​7523)
  • fix: avoid error on yarn berry audit when no vulnerability found (#​7501)
  • fix: improve null checks in Downloader (#​7493)
  • fix: improve null checks resolves https://github.com/dependency-check/dependency-check-gradle/issues/441
  • fix: Avoid FPs when Composer product name has php (#​7486)
  • fix: cli not honoring window paths correctly (#​7470)
  • fix: Also apply muteNoisyLoggers to UpdateMojo (#​7469)
  • fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#​7437)
  • docs: sync the supported Maven version with the one stated in the system requirement section (#​7570)
  • docs: update proxy config documentation (#​7550)
  • docs: Remove copyright as requested by the Apache foundation
  • docs: drop redundant text in the Internet Access Required section (#​7521)
  • docs: correct gradle documentation (#​7511)

See the full listing of changes

v12.1.0

Compare Source

  • build(deps): bump open-vulnerability-client to 7.2.2 (#​7407)
    • resolves issue with downloading data from the NVD (#​7406)
  • fix: Improve thread safety issue #​7338 alternative (#​7367)
  • feat: Implement Yarn Berry Analyser (#​7319)

See the full listing of changes

v12.0.2

Compare Source

  • fix: correct JSON report error (#​7350)
  • fix: some compatability issues in the gitlab report (#​7349)
  • fix: ArtifactoryAnalyzer updated to use the HTTPClient5-based Downloader and skip unusable results (#​7293)
  • chore: allow messages via EngineVersionCheck (#​7353)
  • chore: switch from javax.json to jakarta.json (#​7326)

See the full listing of changes.

v12.0.1

Compare Source

  • docs: Fix OSS Index Maven config documentation (#​7322)
  • Fix OSS Index Maven config documentation
  • chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule (#​7307)
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax (#​7305)
  • fix: improve error message on improperly configured serverId credentials in settings.xml (#​7313)
  • fix: Lower Basic serverId when Bearer was expected to a warning
  • fix: improve error message on improperly configured serverId credentials
  • fix: Correct nonProxyHosts support when no sys properties set (#​7306)
  • core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration
  • core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support
  • fix: Correct nonProxyHosts support when no sys properties set
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax

See the full listing of changes.

v12.0.0

Compare Source

  • BREAKING CHANGE: report on CVSS v4 (#​7204)
    • the schema has been updated to include CVSS v4 for JSON and XML reports
  • feat: show from which dependency the CVE comes in failure report (#​7224)
  • feat: Use Maven settings decryption API for decrypting secrets from settings.xml (#​7284)
  • feat: Extend authentication to support Bearer token for many resources (#​7277)
  • feat: Add a flag to fail when one or more suppression rules are not used (#​7244)
  • fix: add product evidence as vendor to reduce FN (#​7295)
  • fix: Make the HTTP-Client use pre-emptive authentication (#​7255)
  • fix: Add the missing proxy credentials for suppressionFileUser/Password authentication scenario
  • fix: increase max retry count (#​7252)
  • fix: Make the HTTP-Client use pre-emptive authentication for configured server credentials and extend HTTPClient usage to Nexus search
  • fix: Tranform into UTC the last modified date from database (#​7222)

See the full listing of changes.

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch 4 times, most recently from 4b5fba4 to 56d72c2 Compare January 19, 2025 14:18
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from 56d72c2 to aed49c8 Compare January 30, 2025 16:36
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from aed49c8 to 4b5043f Compare February 16, 2025 16:27
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch 4 times, most recently from 513b66a to 07ad996 Compare March 28, 2025 10:02
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch 3 times, most recently from b16dc51 to 624dadf Compare April 9, 2025 11:27
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch 3 times, most recently from 3ad4dfa to 17c1260 Compare April 14, 2025 10:21
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven from v11.1.0 to v12 Update dependency org.owasp:dependency-check-maven from v11.1.1 to v12 Apr 14, 2025
@renovate renovate bot force-pushed the renovate/major-dependency-check-maven.version branch from 17c1260 to 0ea0233 Compare April 14, 2025 10:27
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants