Bump dependency-check-maven from 6.2.2 to 7.4.0 #75

Closed

dependabot[bot] wants to merge 1 commit from dependabot/maven/org.owasp-dependency-check-maven-7.4.0 into main

pull from: dependabot/maven/org.owasp-dependency-check-maven-7.4.0

merge into: simcop2387:main

simcop2387:main

simcop2387:snyk-fix-87f091d6d28902b2564bf345520cc345

simcop2387:snyk-fix-f1d4070edb81844bd44f2d7bdb6f1e31

simcop2387:snyk-fix-e9c98c5cad147ebd0406bdbfe233d4bf

simcop2387:snyk-fix-bbd87b1a7d93ef6934554e4a37ea593b

simcop2387:snyk-fix-de5656b94e5d7eca4a4fbc50a43f2bb4

simcop2387:snyk-fix-b77cdca57f7a9866400bd1c684b97eda

simcop2387:snyk-fix-c80917a09f194f0fdc83449f67347e58

simcop2387:snyk-fix-807326fe63ab7370d6a0713d2b73f623

simcop2387:snyk-fix-35a8fb07d74b1d0945646878ab9e93b0

simcop2387:snyk-fix-5251145197c42b2244a4dbf344cd4ea3

simcop2387:snyk-fix-f339fd2028a515424472226e8e8d3953

simcop2387:snyk-fix-4b6bfd4255d874cd405fd60d3621b71f

simcop2387:snyk-fix-b9798efdb4ce2bb8187b486ab5bb5f04

simcop2387:snyk-fix-b829a195e6ab247261f357fc17a6b422

simcop2387:snyk-fix-1d6a068171001f967c1ca6c36732c30d

simcop2387:snyk-fix-4f45246ada375846f4b3c7d72bcd237c

simcop2387:snyk-fix-9fb28f421405f19535c9c59b3cdcd487

simcop2387:snyk-fix-047c6ebdfce43006056131d793a122b1

simcop2387:snyk-fix-8b89ff88241ed1f1d9e8f14eab2b2fe0

simcop2387:snyk-fix-f675580a3c91a981cf7918a6fcf1c2fd

simcop2387:snyk-fix-aab8605bd8a134a41ec14f4be29bbb65

simcop2387:snyk-fix-47676ea32c27b68b9745b9eba88a5ed2

simcop2387:snyk-fix-5bca119f765ec6fd95e844cdf14c21a4

simcop2387:snyk-fix-d2891f636cafa094616fe45ba5bdb8f5

simcop2387:snyk-fix-194bcbaabf1672744afdca9fc7705378

simcop2387:snyk-fix-6cb0665335b0ed347f87cf0d7e3657fd

simcop2387:snyk-fix-e3642b84208caa9395afa5d9d86f5c17

simcop2387:snyk-fix-47496cac6e9eb93c0b9925669e9fe3ab

simcop2387:snyk-fix-3ae0991c68eca96e784f8c9327d66ef9

simcop2387:snyk-fix-a491ae1cbb0f4e78a4566bb3677251cb

simcop2387:snyk-fix-62d8269d12fd870973fe9c91f7dd980e

simcop2387:snyk-fix-11d30bbf609cb6385b88ffa0ef193ba3

simcop2387:snyk-fix-4e4a28957007e6ba5e001b550c6c8cd5

simcop2387:snyk-fix-958407a741f2461f83e0cf7da64f33d9

simcop2387:snyk-fix-50a1d5e8da43b4f799afa0fc88c4e2ea

simcop2387:snyk-fix-58f7638d9c42041b158777146d88f8ec

simcop2387:snyk-fix-7e25fdc9ac0490889f4174355d3b9e5b

simcop2387:snyk-fix-53546034d3f8eccc262e89854748e6b6

simcop2387:snyk-fix-d9b3662fb51a0be6e1fc28bb06ae2121

simcop2387:snyk-fix-31d84c356650e25f4b840f99a72ef6f7

simcop2387:dependabot/maven/org.owasp-dependency-check-maven-8.0.1

simcop2387:dependabot/maven/org.codehaus.plexus-plexus-archiver-4.6.1

simcop2387:dependabot/maven/com.puppycrawl.tools-checkstyle-10.6.0

simcop2387:snyk-fix-1784829284bb7a4c38aaf61cbbf29728

simcop2387:dependabot/maven/keycloak.version-16.1.1

simcop2387:snyk-fix-a07df67a730ba01b787d651d96b2db74

simcop2387:snyk-fix-0be362a409edc416ebc37616505430eb

simcop2387:snyk-fix-e85d2d8fa778fab006ffd5cfbdcb9e01

simcop2387:snyk-fix-afe1713e31439068648574f59959ae10

simcop2387:dependabot/maven/org.codehaus.mojo-extra-enforcer-rules-1.6.1

simcop2387:snyk-fix-6447e8907aba6d7c6de38d9e0b93f54d

simcop2387:snyk-fix-e49f286a7d6348e83c1c5ba2a6576d2a

simcop2387:snyk-fix-a69ce7007fa0e924e385e613b61f2930

simcop2387:snyk-fix-aef3db04521bd1633056970197363ce8

simcop2387:snyk-fix-3883f8440a69027f4b30250b06aabd03

simcop2387:snyk-fix-9c569fe1de069d203b18a3c5b480e794

simcop2387:snyk-fix-2e879a9eb587a9c0ea31f5bcaae3f709

simcop2387:snyk-fix-3eb73edd04c76a081ce1b050f13e3169

simcop2387:snyk-fix-ba01f58f385afe2850ab55d427d38bc1

simcop2387:snyk-fix-c2b8b7af53ee1397c4fe5a5000cbc325

simcop2387:dependabot/maven/org.codehaus.mojo-buildnumber-maven-plugin-3.0.0

Conversation 1 Commits 1 Files changed 1 +1 -1

dependabot[bot] commented 2022-12-05 13:05:20 -05:00 (Migrated from github.com)

Copy link

Bumps dependency-check-maven from 6.2.2 to 7.4.0.

Release notes

Sourced from dependency-check-maven's releases.

Version 7.4.0

Added

• Add support for npm package lock v2 and v3 (#5078)
• Added experimental support for Python Poetry (#5025)
• Added a vanilla HTML report for use in Jenkins (#5053)

Changed

• Renamed RELEASE_NOTES.md to CHANGELOG.md to be more conventional
• Optimized checksum calculation to improve performance (#5112)
• Added support for scanning .NET assemblies when only the dotnet runtime is installed (#5087)
• Bumped several dependencies

Fixed

• Fixed bug when setting the proxy port (#5076)
• Resolved several FP and FN

See the full listing of changes.

Version 7.3.2

Changes

• Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
• Resolved several false positives and false negatives.
• Use Jackson Afterburner if still on Java 8 (#4966).
• Exclude node_modules from the Maven plugin's scan path (#4974).
• See the full listing of changes.

Version 7.3.0

Changes

• Fixed issue with the Maven plugin that caused concurrent modification exceptions (#4935).
• Migrated from Jackson Afterburner to Blackbird (#4905).
• Added an experimental Dart analyzer (#4869).
• See the full listing of changes.

Version 7.2.1

Changes

• Fixed logging issue (#4846).
• See the full listing of changes.

Version 7.2.0

Changes

• Add support for Bazel's pinned maven_install.json (#4772).
• Fixed bug preventing the use of custom report templates (#4800).
• Updated several dependencies including upgrades for dependencies with CVEs.
• Several bug fixes made and suppression rules were added.
• See the full listing of changes.

Version 7.1.2

... (truncated)

Changelog

Sourced from dependency-check-maven's changelog.

Version 7.4.0 (2022-12-04)

Added

• Add support for npm package lock v2 and v3 (#5078)
• Added experimental support for Python Poetry (#5025)
• Added a vanilla HTML report for use in Jenkins (#5053)

Changed

• Renamed RELEASE_NOTES.md to CHANGELOG.md to be more conventional
• Optimized checksum calculation to improve performance (#5112)
• Added support for scanning .NET assemblies when only the dotnet runtime is installed (#5087)
• Bumped several dependencies

Fixed

• Fixed bug when setting the proxy port (#5076)
• Resolved several FP and FN

See the full listing of changes.

Version 7.3.2 (2022-11-18)

Changed

• Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
• Resolved several false positives and false negatives.
• Use Jackson Afterburner if still on Java 8 (#4966).
• Exclude node_modules from the Maven plugin's scan path (#4974).

See the full listing of changes.

Version 7.3.1 (2022-11-16)

Changed

• Resolved several false positives and false negatives.
• Use Jackson Afterburner if still on Java 8 (#4966).
• Exclude node_modules from the Maven plugin's scan path (#4974).

See the full listing of changes.

Version 7.3.0 (2022-10-19)

Added

• Added an experimental Dart analyzer (#4869).

Changed

... (truncated)

Commits

• 49e0afc build:prepare release v7.4.0
• a4ce937 build: bump patch version
• b9d1862 fix(doc): update release notes
• afb09b3 fix: Optimize file checksums calculation (#5112)
• 823f739 Merge pull request #5113 from jeremylong/badge
• a43572c fix: update build badge
• bad66cd build(deps): bump maven-dependency-plugin from 3.3.0 to 3.4.0 (#5110)
• 45887cd fix(FP): Suppress improper CPE assignment for liferay subcomponents that are ...
• 2b96890 build(deps): bump postgresql from 42.5.0 to 42.5.1 (#5088)
• bb8dae6 fix: Change dotnet invocation for 'detection on system path' to --info to sup...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 6.2.2 to 7.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jeremylong/DependencyCheck/releases">dependency-check-maven's releases</a>.</em></p> <blockquote> <h2>Version 7.4.0</h2> <h3>Added</h3> <ul> <li>Add support for npm package lock v2 and v3 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5078">#5078</a>)</li> <li>Added experimental support for Python Poetry (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5025">#5025</a>)</li> <li>Added a vanilla HTML report for use in Jenkins (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5053">#5053</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Renamed <code>RELEASE_NOTES.md</code> to <code>CHANGELOG.md</code> to be more conventional</li> <li>Optimized checksum calculation to improve performance (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5112">#5112</a>)</li> <li>Added support for scanning .NET assemblies when only the dotnet runtime is installed (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5087">#5087</a>)</li> <li>Bumped several dependencies</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed bug when setting the proxy port (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5076">#5076</a>)</li> <li>Resolved several FP and FN</li> </ul> <p>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/52?closed=1">changes</a>.</p> <h2>Version 7.3.2</h2> <h3>Changes</h3> <ul> <li>Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.</li> <li>Resolved several false positives and false negatives.</li> <li>Use Jackson Afterburner if still on Java 8 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4966">#4966</a>).</li> <li>Exclude <code>node_modules</code> from the Maven plugin's scan path (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4974">#4974</a>).</li> <li>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/51?closed=1">changes</a>.</li> </ul> <h2>Version 7.3.0</h2> <h3>Changes</h3> <ul> <li>Fixed issue with the Maven plugin that caused concurrent modification exceptions (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4935">#4935</a>).</li> <li>Migrated from Jackson Afterburner to Blackbird (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4905">#4905</a>).</li> <li>Added an experimental Dart analyzer (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4869">#4869</a>).</li> <li>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/50?closed=1">changes</a>.</li> </ul> <h2>Version 7.2.1</h2> <h3>Changes</h3> <ul> <li>Fixed logging issue (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4846">#4846</a>).</li> <li>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/49?closed=1">changes</a>.</li> </ul> <h2>Version 7.2.0</h2> <h3>Changes</h3> <ul> <li>Add support for Bazel's pinned <code>maven_install.json</code> (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4772">#4772</a>).</li> <li>Fixed bug preventing the use of custom report templates (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4800">#4800</a>).</li> <li>Updated several dependencies including upgrades for dependencies with CVEs.</li> <li>Several bug fixes made and suppression rules were added.</li> <li>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/48?closed=1">changes</a>.</li> </ul> <h2>Version 7.1.2</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md">dependency-check-maven's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/jeremylong/DependencyCheck/releases/tag/v7.4.0">Version 7.4.0</a> (2022-12-04)</h2> <h3>Added</h3> <ul> <li>Add support for npm package lock v2 and v3 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5078">#5078</a>)</li> <li>Added experimental support for Python Poetry (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5025">#5025</a>)</li> <li>Added a vanilla HTML report for use in Jenkins (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5053">#5053</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Renamed <code>RELEASE_NOTES.md</code> to <code>CHANGELOG.md</code> to be more conventional</li> <li>Optimized checksum calculation to improve performance (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5112">#5112</a>)</li> <li>Added support for scanning .NET assemblies when only the dotnet runtime is installed (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5087">#5087</a>)</li> <li>Bumped several dependencies</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed bug when setting the proxy port (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5076">#5076</a>)</li> <li>Resolved several FP and FN</li> </ul> <p>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/52?closed=1">changes</a>.</p> <h2><a href="https://github.com/jeremylong/DependencyCheck/releases/tag/v7.3.2">Version 7.3.2</a> (2022-11-18)</h2> <h3>Changed</h3> <ul> <li>Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.</li> <li>Resolved several false positives and false negatives.</li> <li>Use Jackson Afterburner if still on Java 8 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4966">#4966</a>).</li> <li>Exclude <code>node_modules</code> from the Maven plugin's scan path (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4974">#4974</a>).</li> </ul> <p>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/51?closed=1">changes</a>.</p> <h2><a href="https://github.com/jeremylong/DependencyCheck/releases/tag/v7.3.1">Version 7.3.1</a> (2022-11-16)</h2> <h3>Changed</h3> <ul> <li>Resolved several false positives and false negatives.</li> <li>Use Jackson Afterburner if still on Java 8 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4966">#4966</a>).</li> <li>Exclude <code>node_modules</code> from the Maven plugin's scan path (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4974">#4974</a>).</li> </ul> <p>See the full listing of <a href="https://github.com/jeremylong/DependencyCheck/milestone/51?closed=1">changes</a>.</p> <h2><a href="https://github.com/jeremylong/DependencyCheck/releases/tag/v7.3.0">Version 7.3.0</a> (2022-10-19)</h2> <h3>Added</h3> <ul> <li>Added an experimental Dart analyzer (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/4869">#4869</a>).</li> </ul> <h3>Changed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/49e0afcef33ea30ca6829876d0e88dfcead6537f"><code>49e0afc</code></a> build:prepare release v7.4.0</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/a4ce9375cdfaa61455a2359bcb5f0c5b441a5486"><code>a4ce937</code></a> build: bump patch version</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/b9d1862143abc8cb05e7df5042ffa881347c65f4"><code>b9d1862</code></a> fix(doc): update release notes</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/afb09b3cd8213a3bfed345bf8d63c68152357f7d"><code>afb09b3</code></a> fix: Optimize file checksums calculation (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5112">#5112</a>)</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/823f739b2ca16ce8d41afafeadd9672878112a2e"><code>823f739</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5113">#5113</a> from jeremylong/badge</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/a43572cafa5897e62919163c63aab3a9dd963031"><code>a43572c</code></a> fix: update build badge</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/bad66cda91035dc442e7daf4c3228bd1656ac2db"><code>bad66cd</code></a> build(deps): bump maven-dependency-plugin from 3.3.0 to 3.4.0 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5110">#5110</a>)</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/45887cd4192b4b54ef30861054b81369af02e371"><code>45887cd</code></a> fix(FP): Suppress improper CPE assignment for liferay subcomponents that are ...</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/2b968906ea55af419c6e6d13a5103d33a1862e33"><code>2b96890</code></a> build(deps): bump postgresql from 42.5.0 to 42.5.1 (<a href="https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/5088">#5088</a>)</li> <li><a href="https://github.com/jeremylong/DependencyCheck/commit/bb8dae6361e711d25ab232da221848849af657fa"><code>bb8dae6</code></a> fix: Change dotnet invocation for 'detection on system path' to --info to sup...</li> <li>Additional commits viewable in <a href="https://github.com/jeremylong/DependencyCheck/compare/v6.2.2...v7.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

dependabot[bot] commented 2022-12-09 13:03:45 -05:00 (Migrated from github.com)

Copy link

Superseded by #76.

Superseded by #76.

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

simcop2387/keycloak-regex-mapper!75

No description provided.