maven(deps): bump owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta #4988

dependabot · 2025-04-01T18:51:43Z

Bumps owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta.
Updates org.owasp:csrfguard from 4.2.1 to 4.5.0-jakarta

Release notes

Sourced from org.owasp:csrfguard's releases.

4.5.0-jakarta

The same as 4.5.0, but for Jakarta.

4.5.0

What's Changed

Add automation to minify and transpile the JS code by @forgedhallpass in #31

Fix none match multi domain validation by @dgriffon in OWASP/www-project-csrfguard#305

ci: Snyk check improvement by @forgedhallpass in OWASP/www-project-csrfguard#308

Handle protocol (http, https) in URL normalisation. by @jayblanc in OWASP/www-project-csrfguard#330

Improve JavaScriptServlet client side caching strategy by @jayblanc in OWASP/www-project-csrfguard#327

Version bumps

build(deps): bump org.slf4j:slf4j-api from 2.0.13 to 2.0.16 by @dependabot in OWASP/www-project-csrfguard#289

build(deps): bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 by @dependabot in OWASP/www-project-csrfguard#297

build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.7 by @dependabot in OWASP/www-project-csrfguard#303

build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.5.2 by @dependabot in OWASP/www-project-csrfguard#315

build(deps-dev): bump junit.version from 5.10.3 to 5.11.4 by @dependabot in OWASP/www-project-csrfguard#319

build(deps): bump org.owasp:dependency-check-maven from 10.0.3 to 12.1.0 by @dependabot in OWASP/www-project-csrfguard#328

build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.11.2 by @dependabot in OWASP/www-project-csrfguard#318

build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to 3.1.3 by @dependabot in OWASP/www-project-csrfguard#293

build(deps): bump commons-io:commons-io from 2.16.1 to 2.18.0 by @dependabot in OWASP/www-project-csrfguard#316

build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.5.0 by @dependabot in OWASP/www-project-csrfguard#312

build(deps): bump org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.4.1 by @dependabot in OWASP/www-project-csrfguard#329

build(deps): bump com.google.code.gson:gson from 2.11.0 to 2.12.1 by @dependabot in OWASP/www-project-csrfguard#325

New Contributors

@dgriffon made their first contribution in OWASP/www-project-csrfguard#305

@jayblanc made their first contribution in OWASP/www-project-csrfguard#330

Full Changelog: OWASP/www-project-csrfguard@4.4.0...4.5.0

4.4.0-jakarta

This is the same as the 4.4.0 release, but for Jakarta.

4.4.0

What's Changed

Request through a proxyPass problem by @stefano-1973 in OWASP/www-project-csrfguard#254

TLD file location by @rameshkt in OWASP/www-project-csrfguard#277

Updated documentation by @swetak20 and @forgedhallpass in OWASP/www-project-csrfguard#272

JSP with CSRF Guard form tag having an action with query parameters fails validation by @Frank-St #287

Version changes

Bump maven-war-plugin from 3.3.2 to 3.4.0 by @dependabot in OWASP/www-project-csrfguard#210

Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 by @dependabot in OWASP/www-project-csrfguard#227

Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 by @dependabot in OWASP/www-project-csrfguard#260

Bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in OWASP/www-project-csrfguard#261

Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in OWASP/www-project-csrfguard#252

build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.3 to 3.2.4 by @dependabot in OWASP/www-project-csrfguard#267

build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 by @dependabot in OWASP/www-project-csrfguard#269

build(deps): bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 by @dependabot in OWASP/www-project-csrfguard#264

... (truncated)

Commits

69145a9 [maven-release-plugin] prepare release 4.5.0-jakarta
f31d592 Merge branch 'master' into jakarta
3da2a3c [maven-release-plugin] prepare for next development iteration
3de9d10 [maven-release-plugin] prepare release 4.5.0
e24ced5 build(deps): bump org.owasp:dependency-check-maven from 11.1.0 to 12.1.0
5ea2558 build(deps): bump com.google.code.gson:gson from 2.11.0 to 2.12.1
899fbc9 build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin
d8ba257 build(deps-dev): bump junit.version from 5.11.2 to 5.11.4
6084c24 build(deps): bump org.apache.maven.plugins:maven-clean-plugin
5d603cb Merge pull request #327 from jayblanc/Improve-JavaScriptServlet-client-cache-...
Additional commits viewable in compare view

Updates org.owasp:csrfguard-extension-session from 4.2.1 to 4.5.0-jakarta

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `owaspCsrfGuardVersion` from 4.2.1 to 4.5.0-jakarta. Updates `org.owasp:csrfguard` from 4.2.1 to 4.5.0-jakarta - [Release notes](https://github.com/OWASP/www-project-csrfguard/releases) - [Commits](OWASP/www-project-csrfguard@4.2.1...4.5.0-jakarta) Updates `org.owasp:csrfguard-extension-session` from 4.2.1 to 4.5.0-jakarta --- updated-dependencies: - dependency-name: org.owasp:csrfguard dependency-version: 4.5.0-jakarta dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.owasp:csrfguard-extension-session dependency-version: 4.5.0-jakarta dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested review from a team April 1, 2025 18:51

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

maven(deps): bump owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta #4988

maven(deps): bump owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta #4988

dependabot bot commented on behalf of github Apr 1, 2025

maven(deps): bump owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta #4988

Are you sure you want to change the base?

maven(deps): bump owaspCsrfGuardVersion from 4.2.1 to 4.5.0-jakarta #4988

Conversation

dependabot bot commented on behalf of github Apr 1, 2025

4.5.0-jakarta

4.5.0

What's Changed

Version bumps

New Contributors

4.4.0-jakarta

4.4.0

What's Changed

Version changes