Bump io.jenkins.tools.bom:bom-2.414.x from 2805.v4398b_43dfc18 to 2950.va_633b_f42f759

dependabot[bot] commented 8 months ago

Bumps io.jenkins.tools.bom:bom-2.414.x from 2805.v4398b_43dfc18 to 2950.va_633b_f42f759.

Release notes

Sourced from io.jenkins.tools.bom:bom-2.414.x's releases.

2950.va_633b_f42f759

🚀 New features and improvements

Add database-sqlite to the managed set (#3057) @basil

🐛 Bug fixes

Work around jenkins-infra/helpdesk#4021 on Artifact Caching Proxy (ACP) (#3079) @basil

Revert "Bump org.jenkins-ci.plugins:ssh-credentials from 322.v124df57ed808 to 326.v7fcb_a_ef6194b_ in /bom-weekly" (#3054) @basil

👷 Changes for plugin developers

Update dependency org.jenkins-ci.main:jenkins-war to v2.451 (#3060) @renovate

📦 Dependency updates

Bump org.jenkins-ci.plugins:pipeline-milestone-step from 111.v449306f708b_7 to 119.vdfdc43fc3b_9a_ in /bom-weekly (#3076) @dependabot

Bump org.jenkins-ci.plugins:pipeline-stage-step from 305.ve96d0205c1c6 to 312.v8cd10304c27a_ in /bom-weekly (#3075) @dependabot

Bump org.jenkins-ci.plugins:mapdb-api from 1.0.9-28.vf251ce40855d to 1.0.9-40.v58107308b_7a_7 in /bom-weekly (#3073) @dependabot

Bump io.jenkins.plugins:jjwt-api from 0.11.5-77.v646c772fddb_0 to 0.11.5-112.ve82dfb_224b_a_d in /bom-weekly (#3074) @dependabot

Bump org.jenkins-ci.plugins.workflow:workflow-support from 881.v7663695646cf to 896.v175a_a_9c5b_78f in /bom-weekly (#3072) @dependabot

Bump org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source from 880.vcf4056c5a_71f to 883.v041fa_695e9c2 in /bom-weekly (#3069) @dependabot

Bump org.jenkins-ci.plugins:aws-credentials from 218.v1b_e9466ec5da_ to 231.v08a_59f17d742 in /bom-weekly (#3068) @dependabot

Bump mina-sshd-api.version from 2.12.0-99.vdb_f07841c2db_ to 2.12.1-101.v85b_e08b_780dd in /bom-weekly (#3067) @dependabot

Bump io.jenkins.plugins:data-tables-api from 1.13.8-4 to 2.0.2-1 in /bom-weekly (#3031) @dependabot

Bump org.jenkins-ci.plugins:ssh-credentials from 326.v7fcb_a_ef6194b_ to 334.v7732563deee1 in /bom-weekly (#3065) @dependabot

Bump org.jenkins-ci.plugins:github-branch-source from 1781.va_153cda_09d1b_ to 1785.v99802b_69816c in /bom-weekly (#3064) @dependabot

Update dependency org.jenkins-ci.main:jenkins-war to v2.451 (#3060) @renovate

Bump org.jenkins-ci.plugins:junit-realtime-test-reporter from 146.v82b_01a_5d2b_3a_ to 149.v05a_d403e2f48 in /bom-weekly (#3063) @dependabot

Bump org.jenkins-ci.plugins:junit from 1259.v65ffcef24a_88 to 1265.v65b_14fa_f12f0 in /bom-weekly (#3062) @dependabot

Bump mina-sshd-api.version from 2.12.0-90.v9f7fb_9fa_3d3b_ to 2.12.0-99.vdb_f07841c2db_ in /bom-weekly (#3061) @dependabot

Bump org.jenkins-ci.plugins:subversion from 2.17.3 to 1256.vee91953217b_6 in /bom-weekly (#3058) @dependabot

Bump org.jenkins-ci.plugins.workflow:workflow-cps from 3883.vb_3ff2a_e3eea_f to 3889.v937e0b_3412d3 in /bom-weekly (#3051) @dependabot

Bump io.jenkins.plugins:jersey2-api from 2.41-133.va_03323b_a_1396 to 2.42-147.va_28a_44603b_d5 in /bom-weekly (#3053) @dependabot

Bump org.jenkins-ci.plugins:ssh-credentials from 322.v124df57ed808 to 326.v7fcb_a_ef6194b_ in /bom-weekly (#3052) @dependabot

2928.ved44ea_84e034

🚀 New features and improvements

Add new AWS Java SDK modules and use 1.12.671-445.ve02f9b_558f2e (#3047) @Vlatombe

📦 Dependency updates

Bump pipeline-maven-plugin.version from 1390.v66456b_ea_3467 to 1396.veb_f07b_2fc1d8 in /bom-weekly (#3048) @dependabot

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

performance-testing-bot[bot] commented 8 months ago

Unable to locate .performanceTestingBot config file

cr-gpt[bot] commented 8 months ago

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

codesyncapp[bot] commented 8 months ago

Check out the playback for this Pull Request here.

git-greetings[bot] commented 8 months ago

Thanks @dependabot[bot] for opening this PR!

For COLLABORATOR only :

To add labels, comment on the issue /label add label1,label2,label3
To remove labels, comment on the issue /label remove label1,label2,label3

code-companion-ai[bot] commented 8 months ago

Processing PR updates...

secure-code-warrior-for-github[bot] commented 8 months ago

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "sqli"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.

coderabbitai[bot] commented 8 months ago

[!IMPORTANT]

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with CodeRabbit: - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - The JSON schema for the configuration file is available [here](https://coderabbit.ai/integrations/coderabbit-overrides.v2.json). - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json` ### CodeRabbit Discord Community Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.

git-greetings[bot] commented 8 months ago

PR Details of @dependabot[bot] in jenkinsci-secone-security-plugin :	OPEN	CLOSED	TOTAL
2	9	11

dependabot[bot] commented 7 months ago

Superseded by #16.

2lambda123 / jenkinsci-secone-security-plugin