Update dependency org.owasp:dependency-check-maven to v12.2.0 #24

Merged

judas merged 3 commits from renovate/org.owasp-dependency-check-maven-12.x into main 2026-03-12 00:44:30 +01:00

Conversation 3 Commits 3 Files Changed 1 +1 -1

renovate commented 2025-11-11 14:02:57 +01:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Type	Update	Change
org.owasp:dependency-check-maven (source)	build	minor	12.1.8 → 12.2.0

---

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.2.0

Compare Source

• feat: package and utilize generated suppression file (#​8116)

• feat: override pnpm audit registry parameter (#​8158)

• feat: support multiple cvssBelow thresholds per version (#​2563) (#​8024)

• feat: usage telemetry via scarf (#​8066)

• feat: add new suppression xsd allowing grouping of suppressions (#​7957)

• fix(ant): resolve relative paths against basedir (#​8202)

• fix: add hint for Elastic APM Java agent CPE mapping (#​8200)

• fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#​8205)

• fix(ant): resolve paths relative to basedir for suppression and output

• fix: correct XML/JSON report CVSS field & HTML report URL mappings (#​8156)

• fix: log GrokAssembly output when dotnet invocation fails (#​8141)

• fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#​8117)

• docs: Update & correct README (#​8166)

• docs: update suppression schema version (#​8136)

• docs: fix typos in some files (#​8135)

• chore: remove duplicate suppression rules from base that are in the generated branch (#​8138)

• chore: remove suppression rules that were deleted from the generatedSuppression branch (#​8119)

• build: transition dependency to org.eclipse.parsson groupId (#​8128)

• See the full listing of changes

v12.1.9

Compare Source

• fix: correct bundle audit gem in Dockerfile (#​8121)
• fix: normalization during comparisons (#​8046)
• docs: document multiple configurations for gradle (#​8111)
• docs: fix typos in some files (#​8106)
• docs: Update SBT plugin link; fix dead report link (#​8086)
• chore: Replace deprecated lucene methods (#​8079)
• docs: fix #​8076 - Error in documentation "Suppressing False Positives" (#​8077)
• fix(fp): Improve false positive suppression for matches against golang web_project (#​8059)
• fix(fp): Consolidate/update icu4j suppressions for false positives (#​8062)
• fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#​8063)
• fix(fp): Suppress false positive CPEs for protobuf-java per #​7854 (#​8064)

See the full listing of changes

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck.git) ([source](https://github.com/dependency-check/DependencyCheck/tree/HEAD/maven)) | build | minor | `12.1.8` → `12.2.0` | --- ### Release Notes <details> <summary>dependency-check/DependencyCheck (org.owasp:dependency-check-maven)</summary> ### [`v12.2.0`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1220-2026-01-09) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) - feat: package and utilize generated suppression file ([#&#8203;8116](https://github.com/dependency-check/DependencyCheck/pull/8116)) - feat: override pnpm audit registry parameter ([#&#8203;8158](https://github.com/dependency-check/DependencyCheck/pull/8158)) - feat: support multiple cvssBelow thresholds per version ([#&#8203;2563](https://github.com/dependency-check/DependencyCheck/pull/2563)) ([#&#8203;8024](https://github.com/dependency-check/DependencyCheck/pull/8024)) - feat: usage telemetry via scarf ([#&#8203;8066](https://github.com/dependency-check/DependencyCheck/pull/8066)) - feat: add new suppression xsd allowing grouping of suppressions ([#&#8203;7957](https://github.com/dependency-check/DependencyCheck/pull/7957)) - fix(ant): resolve relative paths against basedir ([#&#8203;8202](https://github.com/dependency-check/DependencyCheck/pull/8202)) - fix: add hint for Elastic APM Java agent CPE mapping ([#&#8203;8200](https://github.com/dependency-check/DependencyCheck/pull/8200)) - fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors ([#&#8203;8205](https://github.com/dependency-check/DependencyCheck/pull/8205)) - fix(ant): resolve paths relative to basedir for suppression and output - fix: correct XML/JSON report CVSS field & HTML report URL mappings ([#&#8203;8156](https://github.com/dependency-check/DependencyCheck/pull/8156)) - fix: log GrokAssembly output when dotnet invocation fails ([#&#8203;8141](https://github.com/dependency-check/DependencyCheck/pull/8141)) - fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic ([#&#8203;8117](https://github.com/dependency-check/DependencyCheck/pull/8117)) - docs: Update & correct README ([#&#8203;8166](https://github.com/dependency-check/DependencyCheck/pull/8166)) - docs: update suppression schema version ([#&#8203;8136](https://github.com/dependency-check/DependencyCheck/pull/8136)) - docs: fix typos in some files ([#&#8203;8135](https://github.com/dependency-check/DependencyCheck/pull/8135)) - chore: remove duplicate suppression rules from base that are in the generated branch ([#&#8203;8138](https://github.com/dependency-check/DependencyCheck/pull/8138)) - chore: remove suppression rules that were deleted from the generatedSuppression branch ([#&#8203;8119](https://github.com/dependency-check/DependencyCheck/pull/8119)) - build: transition dependency to `org.eclipse.parsson` groupId ([#&#8203;8128](https://github.com/dependency-check/DependencyCheck/pull/8128)) - See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/103?closed=1) ### [`v12.1.9`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1219-2025-11-11) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.8...v12.1.9) - fix: correct bundle audit gem in Dockerfile ([#&#8203;8121](https://github.com/dependency-check/DependencyCheck/pull/8121)) - fix: normalization during comparisons ([#&#8203;8046](https://github.com/dependency-check/DependencyCheck/pull/8046)) - docs: document multiple configurations for gradle ([#&#8203;8111](https://github.com/dependency-check/DependencyCheck/pull/8111)) - docs: fix typos in some files ([#&#8203;8106](https://github.com/dependency-check/DependencyCheck/pull/8106)) - docs: Update SBT plugin link; fix dead report link ([#&#8203;8086](https://github.com/dependency-check/DependencyCheck/pull/8086)) - chore: Replace deprecated lucene methods ([#&#8203;8079](https://github.com/dependency-check/DependencyCheck/pull/8079)) - docs: fix [#&#8203;8076](https://github.com/dependency-check/DependencyCheck/pull/8076) - Error in documentation "Suppressing False Positives" ([#&#8203;8077](https://github.com/dependency-check/DependencyCheck/pull/8077)) - fix(fp): Improve false positive suppression for matches against golang web\_project ([#&#8203;8059](https://github.com/dependency-check/DependencyCheck/pull/8059)) - fix(fp): Consolidate/update icu4j suppressions for false positives ([#&#8203;8062](https://github.com/dependency-check/DependencyCheck/pull/8062)) - fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives ([#&#8203;8063](https://github.com/dependency-check/DependencyCheck/pull/8063)) - fix(fp): Suppress false positive CPEs for protobuf-java per [#&#8203;7854](https://github.com/dependency-check/DependencyCheck/pull/7854) ([#&#8203;8064](https://github.com/dependency-check/DependencyCheck/pull/8064)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/102?closed=1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0Mi43Ni4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate added 1 commit 2025-11-11 14:02:59 +01:00

Update dependency org.owasp:dependency-check-maven to v12.1.9 dcd656606f

renovate changed title from Update dependency org.owasp:dependency-check-maven to v12.1.9 to Update dependency org.owasp:dependency-check-maven to v12.2.0 2026-01-09 15:02:23 +01:00

renovate force-pushed renovate/org.owasp-dependency-check-maven-12.x from dcd656606f to 2f8ea9a8a6 2026-01-09 15:02:24 +01:00 Compare

judas commented 2026-03-11 15:30:30 +01:00

Collaborator

Copy Link

🤖 judas CI Report

Result: ⛔ Not merged — CI failing

Check	Status
continuous-integration/drone/push	❌ failure
continuous-integration/drone/pr	❌ failure

Both CI checks are failing. Cannot merge until CI is fully green.

## 🤖 judas CI Report **Result: ⛔ Not merged — CI failing** | Check | Status | |---|---| | `continuous-integration/drone/push` | ❌ failure | | `continuous-integration/drone/pr` | ❌ failure | Both CI checks are failing. Cannot merge until CI is fully green.

judas added 1 commit 2026-03-11 15:33:01 +01:00

Merge branch 'main' into renovate/org.owasp-dependency-check-maven-12.x df5f23d029

judas added 1 commit 2026-03-11 15:36:49 +01:00

Merge branch 'main' into renovate/org.owasp-dependency-check-maven-12.x 246a8c322f

renovate commented 2026-03-11 23:06:34 +01:00

Author

Collaborator

Copy Link

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

### Edited/Blocked Notification Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠️ **Warning**: custom changes will be lost.

judas merged commit 658f98289d into main 2026-03-12 00:44:30 +01:00

judas deleted branch renovate/org.owasp-dependency-check-maven-12.x 2026-03-12 00:44:30 +01:00

judas referenced this issue from a commit 2026-03-12 00:44:32 +01:00

Merge pull request 'Update dependency org.owasp:dependency-check-maven to v12.2.0' (#24) from renovate/org.owasp-dependency-check-maven-12.x into main

judas commented 2026-03-12 00:44:35 +01:00

Collaborator

Copy Link

✅ Merged & branch deleted by @judas — CI was passing. (build)

✅ **Merged & branch deleted** by @judas — CI was passing. ([build](https://drone.beatrice.wtf/bea/release-hive/117))

judas referenced this pull request 2026-03-12 00:44:58 +01:00

PR-Check #34

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

judas renovate bea

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: bea/release-hive#24