bea/release-hive
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update dependency org.owasp:dependency-check-maven to v12.1.8 #17

Merged
bea merged 1 commits from renovate/org.owasp-dependency-check-maven-12.x into main 2025-11-06 19:04:31 +01:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2025-06-07 14:01:06 +02:00
Collaborator
Copy Link

This PR contains the following updates:

Package Type Update Change
org.owasp:dependency-check-maven (source) build patch 12.1.1 -> 12.1.8

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.1.8

Compare Source

  • fix: improve VulnerableSoftware comparison (#​8031)
  • build: fix flaky central test (#​8039)
  • docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#​8036)
  • docs: add note about central analyzer for gradle (#​8038)

See the full listing of changes

v12.1.7

Compare Source

  • fix: disable central analyzer after failures (#​7993)
  • fix: Suppress JVM warnings from Lucene within CLI (#​8003)
  • fix: Clean up Apache Lucene logging via SLF4j redirect (#​7979)
  • fix: Correct Archive Analyzer behaviour on certain tgz archives (#​7986)
  • fix: Update NVD CPE search URLs in generated reports to match new search interface (#​7970)
  • fix: improve OSS Index Error Reporting (#​7977)
  • fix(fp): Consolidate false positive suppression for false positives on Redis client libs (#​8017)
  • fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#​7994)
  • docs: improve slack notification documentation (#​8026)
  • docs: Documentation artifactory settings fix (#​7999)
  • docs: Clarify Nexus Analyzer requirements and usage (#​8000)
  • build: Build amd64 and arm64 multi-platform Docker image (#​7952)

See the full listing of changes

v12.1.6

Compare Source

  • fix: Disable OSS Index if its credentials are missing (#​7963)
  • fix: Correct CVSSv4 parsing for low precision OSSIndex values (#​7935)
  • fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#​7942)
  • docs: Fix legacy GitHub links within docs and CHANGELOG (#​7944)
  • chore: fix version typo in security policy (#​7936)

See the full listing of changes

v12.1.5

Compare Source

  • fix: Update to support OSS Index Authentication Requirements (#​7920)
  • fix: add CVSSv4 to suppressed entries in JSON report (#​7900)
  • fix: correctly utilize CVSSv4 from ossindex (#​7899)
  • fix: npe when processing cve with empty configuration (#​7888)
  • fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod (#​7848)
  • fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod
  • fix: class loading problem with fat jars (#​7786) (#​7787)
  • fix: Improve Artifactory handler log message (#​7838)
  • fix: classloading problem with fat jars (#​7786)
  • fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. (#​7784)
  • fix(fp): resolves several false positives related to CVE-2021-41033 (#​7736)
  • docs: Clarify format of exclude patterns (#​7879)
  • docs: Document poetry-based analysis behaviour in Python analyzer (#​7855)
  • docs: request FP reporters use the latest version of ODC. (#​7820)
  • docs: update development pre-reqs (#​7792)
  • docs: fix minor typos in false positive issue template (#​7763)

See the full listing of changes

v12.1.4

Compare Source

v12.1.3

Compare Source

  • fix: correct regex matches introduced in 12.1.2 (#​7726)
  • build(deps): bump org.semver4j:semver4j from 5.7.0 to 5.7.1 (#​7718)
  • build(deps): bump junit.version from 5.13.0 to 5.13.1 (#​7719)

See the full listing of changes

v12.1.2

Compare Source

  • fix: Allow configuring OSS Index user/pw directly (#​7640)
  • fix: remove vulnerable transitive dependency - beanutils (#​7705)
  • fix: Simplify PHP framework suppression for Composer (#​7693)
  • fix: update CPE pattern to remove FP (#​7684)
  • fix(cli): Patch generated Windows shell script for JAVACMD installs with spaces (#​7653)
  • fix: Resolve various WCAG accessibility / css issues in the HTML report (#​7629)
  • fix: #​7510 Display a dedicated message when receiving an HTTP 403 (#​7575)
  • docs: Make Vulnerability Sources in Related Work clearer (#​7691)
  • docs: #​7610 add a reference to NVD mirroring in getting started documentation (#​7611)

See the full listing of changes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck.git) ([source](https://github.com/dependency-check/DependencyCheck/tree/HEAD/maven)) | build | patch | `12.1.1` -> `12.1.8` | --- ### Release Notes <details> <summary>dependency-check/DependencyCheck (org.owasp:dependency-check-maven)</summary> ### [`v12.1.8`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1218-2025-10-13) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.7...v12.1.8) - fix: improve VulnerableSoftware comparison ([#&#8203;8031](https://github.com/dependency-check/DependencyCheck/pull/8031)) - build: fix flaky central test ([#&#8203;8039](https://github.com/dependency-check/DependencyCheck/pull/8039)) - docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration ([#&#8203;8036](https://github.com/dependency-check/DependencyCheck/pull/8036)) - docs: add note about central analyzer for gradle ([#&#8203;8038](https://github.com/dependency-check/DependencyCheck/pull/8038)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/101?closed=1) ### [`v12.1.7`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1217-2025-10-12) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.6...v12.1.7) - fix: disable central analyzer after failures ([#&#8203;7993](https://github.com/dependency-check/DependencyCheck/pull/7993)) - fix: Suppress JVM warnings from Lucene within CLI ([#&#8203;8003](https://github.com/dependency-check/DependencyCheck/pull/8003)) - fix: Clean up Apache Lucene logging via SLF4j redirect ([#&#8203;7979](https://github.com/dependency-check/DependencyCheck/pull/7979)) - fix: Correct Archive Analyzer behaviour on certain tgz archives ([#&#8203;7986](https://github.com/dependency-check/DependencyCheck/pull/7986)) - fix: Update NVD CPE search URLs in generated reports to match new search interface ([#&#8203;7970](https://github.com/dependency-check/DependencyCheck/pull/7970)) - fix: improve OSS Index Error Reporting ([#&#8203;7977](https://github.com/dependency-check/DependencyCheck/pull/7977)) - fix(fp): Consolidate false positive suppression for false positives on Redis client libs ([#&#8203;8017](https://github.com/dependency-check/DependencyCheck/pull/8017)) - fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names ([#&#8203;7994](https://github.com/dependency-check/DependencyCheck/pull/7994)) - docs: improve slack notification documentation ([#&#8203;8026](https://github.com/dependency-check/DependencyCheck/pull/8026)) - docs: Documentation artifactory settings fix ([#&#8203;7999](https://github.com/dependency-check/DependencyCheck/pull/7999)) - docs: Clarify Nexus Analyzer requirements and usage ([#&#8203;8000](https://github.com/dependency-check/DependencyCheck/pull/8000)) - build: Build amd64 and arm64 multi-platform Docker image ([#&#8203;7952](https://github.com/dependency-check/DependencyCheck/pull/7952)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/100?closed=1) ### [`v12.1.6`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1216-2025-09-24) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.5...v12.1.6) - fix: Disable OSS Index if its credentials are missing ([#&#8203;7963](https://github.com/dependency-check/DependencyCheck/pull/7963)) - fix: Correct CVSSv4 parsing for low precision OSSIndex values ([#&#8203;7935](https://github.com/dependency-check/DependencyCheck/pull/7935)) - fix(fp): Fix false positives for Redis Server against NPM/JS client libs ([#&#8203;7942](https://github.com/dependency-check/DependencyCheck/pull/7942)) - docs: Fix legacy GitHub links within docs and CHANGELOG ([#&#8203;7944](https://github.com/dependency-check/DependencyCheck/pull/7944)) - chore: fix version typo in security policy ([#&#8203;7936](https://github.com/dependency-check/DependencyCheck/pull/7936)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/99?closed=1) ### [`v12.1.5`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1215-2025-09-20) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.4...v12.1.5) - **fix**: Update to support OSS Index Authentication Requirements ([#&#8203;7920](https://github.com/dependency-check/DependencyCheck/pull/7920)) - Note: OSS Index will require authentication starting 9/22/2025. Users must configure a free account to continue using the OSS Index Analyzer. See <https://ossindex.sonatype.org/doc/auth-required>. - fix: add CVSSv4 to suppressed entries in JSON report ([#&#8203;7900](https://github.com/dependency-check/DependencyCheck/pull/7900)) - fix: correctly utilize CVSSv4 from ossindex ([#&#8203;7899](https://github.com/dependency-check/DependencyCheck/pull/7899)) - fix: npe when processing cve with empty configuration ([#&#8203;7888](https://github.com/dependency-check/DependencyCheck/pull/7888)) - fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod ([#&#8203;7848](https://github.com/dependency-check/DependencyCheck/pull/7848)) - fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod - fix: class loading problem with fat jars ([#&#8203;7786](https://github.com/dependency-check/DependencyCheck/pull/7786)) ([#&#8203;7787](https://github.com/dependency-check/DependencyCheck/pull/7787)) - fix: Improve Artifactory handler log message ([#&#8203;7838](https://github.com/dependency-check/DependencyCheck/pull/7838)) - fix: classloading problem with fat jars ([#&#8203;7786](https://github.com/dependency-check/DependencyCheck/pull/7786)) - fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. ([#&#8203;7784](https://github.com/dependency-check/DependencyCheck/pull/7784)) - fix(fp): resolves several false positives related to CVE-2021-41033 ([#&#8203;7736](https://github.com/dependency-check/DependencyCheck/pull/7736)) - docs: Clarify format of exclude patterns ([#&#8203;7879](https://github.com/dependency-check/DependencyCheck/pull/7879)) - docs: Document poetry-based analysis behaviour in Python analyzer ([#&#8203;7855](https://github.com/dependency-check/DependencyCheck/pull/7855)) - docs: request FP reporters use the latest version of ODC. ([#&#8203;7820](https://github.com/dependency-check/DependencyCheck/pull/7820)) - docs: update development pre-reqs ([#&#8203;7792](https://github.com/dependency-check/DependencyCheck/pull/7792)) - docs: fix minor typos in false positive issue template ([#&#8203;7763](https://github.com/dependency-check/DependencyCheck/pull/7763)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/98?closed=1) ### [`v12.1.4`](https://github.com/dependency-check/DependencyCheck/compare/v12.1.3...v12.1.4) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.3...v12.1.4) ### [`v12.1.3`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1213-2025-06-10) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.2...v12.1.3) - fix: correct regex matches introduced in 12.1.2 ([#&#8203;7726](https://github.com/dependency-check/DependencyCheck/pull/7726)) - build(deps): bump org.semver4j:semver4j from 5.7.0 to 5.7.1 ([#&#8203;7718](https://github.com/dependency-check/DependencyCheck/pull/7718)) - build(deps): bump junit.version from 5.13.0 to 5.13.1 ([#&#8203;7719](https://github.com/dependency-check/DependencyCheck/pull/7719)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/97?closed=1) ### [`v12.1.2`](https://github.com/dependency-check/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1212-2025-06-07) [Compare Source](https://github.com/dependency-check/DependencyCheck/compare/v12.1.1...v12.1.2) - fix: Allow configuring OSS Index user/pw directly ([#&#8203;7640](https://github.com/dependency-check/DependencyCheck/pull/7640)) - fix: remove vulnerable transitive dependency - beanutils ([#&#8203;7705](https://github.com/dependency-check/DependencyCheck/pull/7705)) - fix: Simplify PHP framework suppression for Composer ([#&#8203;7693](https://github.com/dependency-check/DependencyCheck/pull/7693)) - fix: update CPE pattern to remove FP ([#&#8203;7684](https://github.com/dependency-check/DependencyCheck/pull/7684)) - fix(cli): Patch generated Windows shell script for JAVACMD installs with spaces ([#&#8203;7653](https://github.com/dependency-check/DependencyCheck/pull/7653)) - fix: Resolve various WCAG accessibility / css issues in the HTML report ([#&#8203;7629](https://github.com/dependency-check/DependencyCheck/pull/7629)) - fix: [#&#8203;7510](https://github.com/dependency-check/DependencyCheck/pull/7510) Display a dedicated message when receiving an HTTP 403 ([#&#8203;7575](https://github.com/dependency-check/DependencyCheck/pull/7575)) - docs: Make `Vulnerability Sources` in `Related Work` clearer ([#&#8203;7691](https://github.com/dependency-check/DependencyCheck/pull/7691)) - docs: [#&#8203;7610](https://github.com/dependency-check/DependencyCheck/pull/7610) add a reference to NVD mirroring in getting started documentation ([#&#8203;7611](https://github.com/dependency-check/DependencyCheck/pull/7611)) See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/96?closed=1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTEuNCIsInVwZGF0ZWRJblZlciI6IjQyLjAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate added 1 commit 2025-06-07 14:01:07 +02:00
Update dependency org.owasp:dependency-check-maven to v12.1.2
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
06e849ff63
renovate changed title from Update dependency org.owasp:dependency-check-maven to v12.1.2 to Update dependency org.owasp:dependency-check-maven to v12.1.3 2025-06-10 15:01:18 +02:00
renovate force-pushed renovate/org.owasp-dependency-check-maven-12.x from 06e849ff63 to ef1d478e1c 2025-06-10 15:01:18 +02:00 Compare
renovate changed title from Update dependency org.owasp:dependency-check-maven to v12.1.3 to Update dependency org.owasp:dependency-check-maven to v12.1.8 2025-11-06 14:45:04 +01:00
renovate force-pushed renovate/org.owasp-dependency-check-maven-12.x from ef1d478e1c to 18ca42a056 2025-11-06 14:45:05 +01:00 Compare
bea merged commit 2c3246660e into main 2025-11-06 19:04:31 +01:00
bea deleted branch renovate/org.owasp-dependency-check-maven-12.x 2025-11-06 19:04:31 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate bea
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bea/release-hive#17
Delete Branch "renovate/org.owasp-dependency-check-maven-12.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?