Mandatory Upgrade - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 11 updates in the / directory:
3.14.0
3.16.0
2.17.1
2.17.2
2.17.1
2.17.2
2.17.1
2.17.2
2.17.1
2.17.2
2.0.13
2.0.16
1.5.6
1.5.7
3.1.0
3.1.1
10.0.1
10.0.3
3.7.0
3.10.0
3.2.4
3.2.5
Updates
org.apache.commons:commons-lang3
from 3.14.0 to 3.16.0Updates
com.fasterxml.jackson.core:jackson-databind
from 2.17.1 to 2.17.2Commits
Updates
com.fasterxml.jackson.core:jackson-annotations
from 2.17.1 to 2.17.2Commits
Updates
com.fasterxml.jackson.core:jackson-core
from 2.17.1 to 2.17.2Commits
a6f49ca
[maven-release-plugin] prepare release jackson-core-2.17.23d41b1c
Prepare for 2.17.2 release55261be
Fix #1308: allow trailing dot for "Stringified numbers" (#1309)449ed86
Update javadoc to clarify buffering of JsonParser.getText(Writer) wrt #128827edeb7
Back to snapshot deps948e63d
[maven-release-plugin] prepare for next development iterationUpdates
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
from 2.17.1 to 2.17.2Updates
com.fasterxml.jackson.core:jackson-core
from 2.17.1 to 2.17.2Commits
a6f49ca
[maven-release-plugin] prepare release jackson-core-2.17.23d41b1c
Prepare for 2.17.2 release55261be
Fix #1308: allow trailing dot for "Stringified numbers" (#1309)449ed86
Update javadoc to clarify buffering of JsonParser.getText(Writer) wrt #128827edeb7
Back to snapshot deps948e63d
[maven-release-plugin] prepare for next development iterationUpdates
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
from 2.17.1 to 2.17.2Updates
org.slf4j:slf4j-api
from 2.0.13 to 2.0.16Updates
ch.qos.logback:logback-classic
from 1.5.6 to 1.5.7Commits
5e9f47f
prepare release 1.5.73f57247
only one shutdown hooks allowed, locks during LoggerContext.stop operation, f...1b7fe94
add STRICT shortcut for ISO8601 date pattern, fixes LOGBACK-26294b67db
MadeAsyncAppenderBase.isQueueBelowDiscardingThreshold
public to facilitate...85bed93
fix race condition reported in LOGBACK-1362c8c46e3
move levelChangePropagator related tests to logback-classic-blackboxf7d5cf8
extract constants for property keysc1f21e9
add test in relation to variable subsitions for levels, report substitions, L...7c29474
add support for finding the console's charset, LOGBACK-164244fbe63
MaskedKeyValuePairConverter test issues/828, NPE in AppeanderAttachableImpl ...Updates
org.apache.maven.plugins:maven-release-plugin
from 3.1.0 to 3.1.1Commits
4f350d4
[maven-release-plugin] prepare release maven-release-3.1.106f6de4
[MRELEASE-1153] Revert parts of MRELEASE-1109 (8dfcb47996320af5e6f0b2d50eac20...985d0bc
[MRELEASE-1149] Current release of the plugin has configuration docs missing47e94b4
[maven-release-plugin] prepare for next development iterationUpdates
org.owasp:dependency-check-maven
from 10.0.1 to 10.0.3Release notes
Sourced from org.owasp:dependency-check-maven's releases.
Changelog
Sourced from org.owasp:dependency-check-maven's changelog.
Commits
c888dcc
build: prepare release v10.0.3762c2df
docs: release 10.0.35f6270c
build(deps): bump open-vulnerability-clients from 6.1.6 to 6.1.7 (#6848)72ce4a0
build(deps): bump JamesIves/github-pages-deploy-action from 4.6.1 to 4.6.3 (#...ffbc6d8
feat: Enable configuration of a lower resultsPerPage on NVD API (#6843)ed0e8cb
build(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17...b44770a
build(deps): bump open-vulnerability-client (#6830)708ea51
docs: fix typob96ca71
build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1...77f1acb
build(deps): bump golang from 1.22.4-alpine to 1.22.5-alpine (#6805)Updates
org.apache.maven.plugins:maven-javadoc-plugin
from 3.7.0 to 3.10.0Commits
487e479
[maven-release-plugin] prepare release maven-javadoc-plugin-3.10.09638a6a
[MJAVADOC-785] Align plugin implementation with AbstractMavenReport (maven-re...9d33925
[MJAVADOC-784] Upgrade to Doxia 2.0.0 Milestone Stacka11b921
[MJAVADOC-809] Align Mojo class names7c4b467
Bump org.apache.maven.plugins:maven-plugins from 42 to 43636442b
Improve ITsdbca15a
Bump org.hamcrest:hamcrest-core from 2.2 to 3.0d02bb88
Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.00a850a1
[MJAVADOC-807] Simplify IT for MJAVADOC-49843e901f
Improve URL handlingUpdates
org.apache.maven.plugins:maven-gpg-plugin
from 3.2.4 to 3.2.5Release notes
Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.
Commits
737d4ee
[maven-release-plugin] prepare release maven-gpg-plugin-3.2.57747063
[MGPG-134] Update maven-invoker (#110)3df5f83
[MGPG-133] Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to ...58a2069
[MGPG-132] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2...e911b43
[MGPG-131] Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108)d2b60d3
[MGPG-130] Update sigstore extension for exclusion (#109)091f388
Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0899f410
[MGPG-128] Parent POM 42, prerequisite 3.6.3 (#100)f0be6f3
[MGPG-127] Bump bouncycastleVersion from 1.78 to 1.78.1 (#98)7dd5166
[maven-release-plugin] prepare for next development iterationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show