Update dependency org.owasp:dependency-check-maven to v12.2.0 #62

renovate · 2025-11-11T14:01:41+01:00

renovate commented

2025-11-11 14:01:41 +01:00

This PR contains the following updates:

Package	Type	Update	Change
org.owasp:dependency-check-maven (source)	build	minor	`12.1.8` → `12.2.0`

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

`v12.2.0`

Compare Source

feat: package and utilize generated suppression file (#8116)
feat: override pnpm audit registry parameter (#8158)
feat: support multiple cvssBelow thresholds per version (#2563) (#8024)
feat: usage telemetry via scarf (#8066)
feat: add new suppression xsd allowing grouping of suppressions (#7957)
fix(ant): resolve relative paths against basedir (#8202)
fix: add hint for Elastic APM Java agent CPE mapping (#8200)
fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#8205)
fix(ant): resolve paths relative to basedir for suppression and output
fix: correct XML/JSON report CVSS field & HTML report URL mappings (#8156)
fix: log GrokAssembly output when dotnet invocation fails (#8141)
fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#8117)
docs: Update & correct README (#8166)
docs: update suppression schema version (#8136)
docs: fix typos in some files (#8135)
chore: remove duplicate suppression rules from base that are in the generated branch (#8138)
chore: remove suppression rules that were deleted from the generatedSuppression branch (#8119)
build: transition dependency to org.eclipse.parsson groupId (#8128)
See the full listing of changes

`v12.1.9`

Compare Source

fix: correct bundle audit gem in Dockerfile (#8121)
fix: normalization during comparisons (#8046)
docs: document multiple configurations for gradle (#8111)
docs: fix typos in some files (#8106)
docs: Update SBT plugin link; fix dead report link (#8086)
chore: Replace deprecated lucene methods (#8079)
docs: fix #8076 - Error in documentation "Suppressing False Positives" (#8077)
fix(fp): Improve false positive suppression for matches against golang web_project (#8059)
fix(fp): Consolidate/update icu4j suppressions for false positives (#8062)
fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#8063)
fix(fp): Suppress false positive CPEs for protobuf-java per #7854 (#8064)

See the full listing of changes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck.git) ([source](https://github.com/dependency-check/DependencyCheck/tree/HEAD/maven)) | build | minor | `12.1.8` → `12.2.0` | --- ### Release Notes <details> <summary>dependency-check/DependencyCheck (org.owasp:dependency-check-maven)</summary> ### [`v12.2.0`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1220-2026-01-09) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) - feat: package and utilize generated suppression file ([#8116](https://github.com/dependency-check/DependencyCheck/pull/8116)) - feat: override pnpm audit registry parameter ([#8158](https://github.com/dependency-check/DependencyCheck/pull/8158)) - feat: support multiple cvssBelow thresholds per version ([#2563](https://github.com/dependency-check/DependencyCheck/pull/2563)) ([#8024](https://github.com/dependency-check/DependencyCheck/pull/8024)) - feat: usage telemetry via scarf ([#8066](https://github.com/dependency-check/DependencyCheck/pull/8066)) - feat: add new suppression xsd allowing grouping of suppressions ([#7957](https://github.com/dependency-check/DependencyCheck/pull/7957)) - fix(ant): resolve relative paths against basedir ([#8202](https://github.com/dependency-check/DependencyCheck/pull/8202)) - fix: add hint for Elastic APM Java agent CPE mapping ([#8200](https://github.com/dependency-check/DependencyCheck/pull/8200)) - fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors ([#8205](https://github.com/dependency-check/DependencyCheck/pull/8205)) - fix(ant): resolve paths relative to basedir for suppression and output - fix: correct XML/JSON report CVSS field & HTML report URL mappings ([#8156](https://github.com/dependency-check/DependencyCheck/pull/8156)) - fix: log GrokAssembly output when dotnet invocation fails ([#8141](https://github.com/dependency-check/DependencyCheck/pull/8141)) - fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic ([#8117](https://github.com/dependency-check/DependencyCheck/pull/8117)) - docs: Update & correct README ([#8166](https://github.com/dependency-check/DependencyCheck/pull/8166)) - docs: update suppression schema version ([#8136](https://github.com/dependency-check/DependencyCheck/pull/8136)) - docs: fix typos in some files ([#8135](https://github.com/dependency-check/DependencyCheck/pull/8135)) - chore: remove duplicate suppression rules from base that are in the generated branch ([#8138](https://github.com/dependency-check/DependencyCheck/pull/8138)) - chore: remove suppression rules that were deleted from the generatedSuppression branch ([#8119](https://github.com/dependency-check/DependencyCheck/pull/8119)) - build: transition dependency to `org.eclipse.parsson` groupId ([#8128](https://github.com/dependency-check/DependencyCheck/pull/8128)) - See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/103?closed=1) ### [`v12.1.9`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1219-2025-11-11) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.8...v12.1.9) - fix: correct bundle audit gem in Dockerfile ([#8121](https://github.com/dependency-check/DependencyCheck/pull/8121)) - fix: normalization during comparisons ([#8046](https://github.com/dependency-check/DependencyCheck/pull/8046)) - docs: document multiple configurations for gradle ([#8111](https://github.com/dependency-check/DependencyCheck/pull/8111)) - docs: fix typos in some files ([#8106](https://github.com/dependency-check/DependencyCheck/pull/8106)) - docs: Update SBT plugin link; fix dead report link ([#8086](https://github.com/dependency-check/DependencyCheck/pull/8086)) - chore: Replace deprecated lucene methods ([#8079](https://github.com/dependency-check/DependencyCheck/pull/8079)) - docs: fix [#8076](https://github.com/dependency-check/DependencyCheck/pull/8076) - Error in documentation "Suppressing False Positives" ([#8077](https://github.com/dependency-check/DependencyCheck/pull/8077)) - fix(fp): Improve false positive suppression for matches against golang web\_project ([#8059](https://github.com/dependency-check/DependencyCheck/pull/8059)) - fix(fp): Consolidate/update icu4j suppressions for false positives ([#8062](https://github.com/dependency-check/DependencyCheck/pull/8062)) - fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives ([#8063](https://github.com/dependency-check/DependencyCheck/pull/8063)) - fix(fp): Suppress false positive CPEs for protobuf-java per [#7854](https://github.com/dependency-check/DependencyCheck/pull/7854) ([#8064](https://github.com/dependency-check/DependencyCheck/pull/8064)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/102?closed=1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate added 1 commit 2025-11-11 14:01:42 +01:00

Update dependency org.owasp:dependency-check-maven to v12.1.9

continuous-integration/drone/pr Build is passing

Details

8146c59d38

renovate force-pushed renovate/org.owasp-dependency-check-maven-12.x from 8146c59d38 to 15fcd4593d

2026-01-09 15:01:31 +01:00

Compare

renovate changed title from ~~Update dependency org.owasp:dependency-check-maven to v12.1.9~~ to Update dependency org.owasp:dependency-check-maven to v12.2.0

2026-01-09 15:01:33 +01:00

continuous-integration/drone/pr Build is passing

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/org.owasp-dependency-check-maven-12.x:renovate/org.owasp-dependency-check-maven-12.x

git checkout renovate/org.owasp-dependency-check-maven-12.x

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bea/HidekoBot#62