chore(ci): bump org.owasp:dependency-check-maven from 12.2.0 to 12.2.1 by dependabot[bot] · Pull Request #1143 · openrewrite/rewrite-maven-plugin (original) (raw)

Bumps org.owasp:dependency-check-maven from 12.2.0 to 12.2.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

-

• build: improve GHA workflow experience for forks (#8285) -
• build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292) -
• chore: avoid use of parent pom and maven properties where unnecessary (#8322) -
• chore: bump java development to 25.0 (#8365) -
• chore: fix Charset warnings; preferring typed charsets (#8326) -
• chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265) -
• chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381) -
• chore: remove unused properties and schemas (#8378) -
• docs: define schema locations in XML examples (#8254) -
• docs: document external data sources and hostnames (#8219) -
• docs: ensure OSS Index URL override is consistently documented (#8338) -
• docs: fix minor typo in README (#8246) -
• fix(core): correct xml schema validation handling without needing external access (#8272) -
• fix(deps): upgrade slf4j and logback (#8306) -
• fix(test): disable pnpm analyzer during test (#8305) -
• fix: Correct published/hosted suppressions namespace header and indent (#8258) -
• fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248) -
• fix: #8140 AssemblyAnalyzer version resolution issue (#8352) -
• fix: #8140 fix version resolution -
• fix: #8140 hint azure_identity_library_for_.net -
• fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358) -
• fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377) -
• fix: evidence source in Retire JS analyzer (#8303) -
• fix: exclude deprecations from Yarn Berry audit results (#8380) -
• fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245) -
• fix: improve configuration consistency (casing) (#8355) -
• fix: improve logging of unexpected Java Errors during processing of NVD (#8250) -
• fix: raw type warning in ProcessReader (#8324) -
• fix: suppress false positives for zabbix-utils #8087 (#8218) -
• fix: update docs (#8405) -
• fix: warn if deprecated configs are used (#8366) -
• test: Make tests locale independent (#8328) -
• test: #8140 reproduce current behavior -
• test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Commits

• bda36b8 build: prepare release v12.2.1
• ef83e7b docs: prepare release 12.2.1 -
• 09af10d fix: update docs (#8405) -
• 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
• 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
• ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ... -
• 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401) -
• 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377) -
• 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394) -
• 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)