chore(ci): bump org.owasp:dependency-check-maven from 9.0.9 to 9.1.0 by dependabot[bot] · Pull Request #765 · openrewrite/rewrite-maven-plugin (original) (raw)
Bumps org.owasp:dependency-check-maven from 9.0.9 to 9.1.0.
Release notes
Sourced from org.owasp:dependency-check-maven's releases.
Version 9.1.0
Refer to the CHANGELOG.md for information about improvements and upgrade notes.
Version 9.0.10
Refer to the CHANGELOG.md for information about improvements and upgrade notes.
Changelog
Sourced from org.owasp:dependency-check-maven's changelog.
Version 9.1.0 (2024-03-31)
- feat: Add v2 support for maven_install.json (#6528)
- build(deps): bump open-vulnerability-client (#6554)
- resolves update issues due to CVSS Metrics 4.0
- build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353)
- build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362)
- build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506)
See the full listing of changes.
Version 9.0.10 (2024-03-15)
- fix: #4321 Suppress redis server CVEs for client libraries (#4321) (#6489)
- fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 (#6492)
- feat: Allow to pass NVD API key via environment variable (#6454)
- fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block (#6501)
- docs: document the default data directory (#6484)
- fix: prevent NPE in bundler audit (#6462)
- fix: #6441 Improve suppression rule to not restrict to a single version (#6442)
See the full listing of changes.
Commits
- e0b9397 build: prepare release v9.1.0
- 3f1b558 docs: prepare release 9.1.0
- c364269 build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353)
- d2c04b5 build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362)
- e8c4ca3 build(deps): bump open-vulnerability-client (#6554)
- 2e6a231 build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506)
- 0e183da build(deps): bump actions/setup-java from 3 to 4 (#6172)
- 42adde4 fix: typo (#6526)
- f60c867 feat: Add v2 support for maven_install.json (#6528)
- a6a8f21 Merge pull request #1 from nutshelllabs/ef/add-maven-install-v2-support
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)