Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

• [ ] Select this checkbox to let Renovate create an automated Config Migration PR.

Repository problems

These problems occurred while renovating this repository. View logs.

• WARN: Package lookup failures

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• [ ] Update dependency org.jacoco:jacoco-maven-plugin to v0.8.12
• [ ] Update eclipse-temurin Docker tag to v17.0.13_11-jdk-focal
• [ ] Update actions/checkout action to v2.7.0
• [ ] Update actions/first-interaction action to v1.3.0
• [ ] Update dependency io.github.bonigarcia:webdrivermanager to v4.4.3
• [ ] Update dependency io.jsonwebtoken:jjwt to v0.12.6
• [ ] Update dependency maven to v3.9.9
• [ ] Update dependency org.apache.commons:commons-lang3 to v3.17.0
• [ ] Update dependency org.apache.maven.plugins:maven-antrun-plugin to v3.1.0
• [ ] Update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0
• [ ] Update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.5.0
• [ ] Update dependency org.apache.maven.plugins:maven-pmd-plugin to v3.26.0
• [ ] Update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.2
• [ ] Update dependency org.jsoup:jsoup to v1.18.1
• [ ] Update dependency org.springframework.security:spring-security-test to v5.8.16
• [ ] Update dependency org.webjars:bootstrap to v3.4.1
• [ ] Update dependency org.webjars:jquery to v3.7.1
• [ ] Update docker/build-push-action action to v2.10.0
• [ ] Update docker/login-action action to v1.14.1
• [ ] Update docker/setup-qemu-action action to v1.2.0
• [ ] Update actions/cache action to v4
• [ ] Update actions/checkout action to v4
• [ ] Update actions/setup-java action to v4
• [ ] Update dependency cglib:cglib-nodep to v3
• [ ] Update dependency com.github.tomakehurst:wiremock to v3
• [ ] Update dependency com.google.guava:guava to v33
• [ ] Update dependency io.github.bonigarcia:webdrivermanager to v5
• [ ] Update dependency maven-wrapper to v3
• [ ] Update dependency org.asciidoctor:asciidoctorj to v3
• [ ] Update dependency org.owasp:dependency-check-maven to v11
• [ ] Update dependency org.springframework.boot:spring-boot-starter-parent to v3
• [ ] Update dependency org.springframework.security:spring-security-test to v6
• [ ] Update dependency org.webjars:bootstrap to v5
• [ ] Update dependency ubuntu to v24
• [ ] Update docker/build-push-action action to v6
• [ ] Update docker/login-action action to v3
• [ ] Update docker/setup-buildx-action action to v3
• [ ] Update docker/setup-qemu-action action to v3
• [ ] Update softprops/action-gh-release action to v2
• [ ] 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• [ ] Update dependency cglib:cglib-nodep to v2.2.2
• [ ] Update dependency com.google.guava:guava to v30.1.1-jre
• [ ] Update dependency org.owasp:dependency-check-maven to v6.5.3
• [ ] Update openjdk Docker tag to v11.0.3-jre-slim-stretch
• [ ] Update dependency com.nulab-inc:zxcvbn to v1.9.0
• [ ] Update dependency org.apache.commons:commons-exec to v1.4.0

---

[!WARNING] Renovate failed to look up the following dependencies: Failed to look up maven package org.owasp.webgoat.lesson:webgoat-lessons-parent.

Files affected: webgoat-lessons/auth-bypass/pom.xml, webgoat-lessons/bypass-restrictions/pom.xml, webgoat-lessons/challenge/pom.xml, webgoat-lessons/chrome-dev-tools/pom.xml, webgoat-lessons/cia/pom.xml, webgoat-lessons/client-side-filtering/pom.xml, webgoat-lessons/cross-site-scripting/pom.xml, webgoat-lessons/crypto/pom.xml, webgoat-lessons/csrf/pom.xml, webgoat-lessons/hijack-session/pom.xml, webgoat-lessons/html-tampering/pom.xml, webgoat-lessons/http-basics/pom.xml, webgoat-lessons/http-proxies/pom.xml, webgoat-lessons/idor/pom.xml, webgoat-lessons/insecure-deserialization/pom.xml, webgoat-lessons/insecure-login/pom.xml, webgoat-lessons/jwt/pom.xml, webgoat-lessons/logging/pom.xml, webgoat-lessons/missing-function-ac/pom.xml, webgoat-lessons/password-reset/pom.xml, webgoat-lessons/path-traversal/pom.xml, webgoat-lessons/secure-passwords/pom.xml, webgoat-lessons/spoof-cookie/pom.xml, webgoat-lessons/sql-injection/pom.xml, webgoat-lessons/ssrf/pom.xml, webgoat-lessons/vulnerable-components/pom.xml, webgoat-lessons/webgoat-introduction/pom.xml, webgoat-lessons/webgoat-lesson-template/pom.xml, webgoat-lessons/webwolf-introduction/pom.xml, webgoat-lessons/xxe/pom.xml

---

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] Update actions/cache action to v2.1.8
• [ ] Update dependency com.thoughtworks.xstream:xstream to v1.4.21
• [ ] Update dependency org.asciidoctor:asciidoctorj to v2.5.13
• [ ] Update dependency commons-io:commons-io to v2.18.0
• [ ] Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.13.0
• [ ] Update dependency org.bitbucket.b_c:jose4j to v0.9.6
• [ ] Update dependency org.codehaus.mojo:flatten-maven-plugin to v1.6.0
• [ ] Update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.18
• [ ] Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

docker/Dockerfile

- `eclipse-temurin 17_35-jdk-focal`

webgoat-server/Dockerfile

- `openjdk 11.0.1-jre-slim-stretch`

webwolf/Dockerfile

- `openjdk 11.0.1-jre-slim-stretch`

github-actions

.github/workflows/branch_build.yml

- `actions/checkout v2` - `actions/setup-java v2` - `actions/cache v2.1.7` - `actions/checkout v2` - `actions/setup-java v2` - `actions/cache v2.1.7`

.github/workflows/pr_build.yml

- `actions/checkout v2` - `actions/setup-java v2` - `actions/cache v2.1.7`

.github/workflows/release.yml

- `actions/checkout v2.4.0` - `dawidd6/action-get-tag v1` - `actions/setup-java v2` - `actions/cache v2.1.7` - `softprops/action-gh-release v1` - `docker/setup-qemu-action v1.1.0` - `docker/setup-buildx-action v1` - `docker/login-action v1.12.0` - `docker/build-push-action v2.7.0` - `actions/checkout v2.4.0` - `actions/setup-java v2`

.github/workflows/semgrep.yml

- `actions/checkout v3` - `ubuntu 20.04`

.github/workflows/welcome.yml

- `actions/first-interaction v1.1.0`

maven

docker/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT` - `org.apache.maven.plugins:maven-antrun-plugin 3.0.0`

pom.xml

- `org.springframework.boot:spring-boot-starter-parent 2.6.2` - `org.apache.commons:commons-exec 1.2` - `org.codehaus.mojo:flatten-maven-plugin 1.2.5` - `org.apache.maven.plugins:maven-compiler-plugin 3.8.0` - `org.apache.maven.plugins:maven-checkstyle-plugin 3.1.2` - `org.apache.maven.plugins:maven-pmd-plugin 3.15.0` - `org.apache.maven.plugins:maven-enforcer-plugin 3.0.0` - `org.owasp:dependency-check-maven 6.5.1` - `org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M5` - `org.asciidoctor:asciidoctorj 2.5.2` - `org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M5` - `org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M5` - `org.apache.commons:commons-lang3 3.12.0` - `com.github.tomakehurst:wiremock 2.27.2` - `com.google.guava:guava 30.1-jre` - `commons-io:commons-io 2.6`

webgoat-container/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT`

webgoat-integration-tests/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT` - `io.github.bonigarcia:webdrivermanager 4.3.1`

webgoat-lessons/auth-bypass/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/bypass-restrictions/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/challenge/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `io.jsonwebtoken:jjwt 0.9.1`

webgoat-lessons/chrome-dev-tools/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/cia/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/client-side-filtering/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/cross-site-scripting/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `org.jsoup:jsoup 1.14.2`

webgoat-lessons/crypto/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/csrf/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/hijack-session/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `org.jacoco:jacoco-maven-plugin 0.8.7`

webgoat-lessons/html-tampering/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/http-basics/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/http-proxies/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/idor/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/insecure-deserialization/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/insecure-login/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/jwt/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `io.jsonwebtoken:jjwt 0.9.1` - `org.springframework.security:spring-security-test 5.4.5`

webgoat-lessons/logging/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/missing-function-ac/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/password-reset/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/path-traversal/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT`

webgoat-lessons/secure-passwords/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `com.nulab-inc:zxcvbn 1.4.0`

webgoat-lessons/spoof-cookie/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `org.jacoco:jacoco-maven-plugin 0.8.7`

webgoat-lessons/sql-injection/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/ssrf/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/vulnerable-components/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT` - `com.thoughtworks.xstream:xstream 1.4.5` - `cglib:cglib-nodep 2.2` - `ant:ant-launcher 1.6.5` - `ant:ant 1.6.5` - `xml-resolver:xml-resolver 1.2`

webgoat-lessons/webgoat-introduction/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/webgoat-lesson-template/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/webwolf-introduction/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-lessons/xxe/pom.xml

- `org.owasp.webgoat.lesson:webgoat-lessons-parent 8.2.3-SNAPSHOT`

webgoat-server/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT`

webwolf/pom.xml

- `org.owasp.webgoat:webgoat-parent 8.2.3-SNAPSHOT` - `org.bitbucket.b_c:jose4j 0.7.6` - `org.webjars:bootstrap 3.3.7` - `org.webjars:jquery 3.5.1`

maven-wrapper

.mvn/wrapper/maven-wrapper.properties

- `maven 3.8.1` - `maven-wrapper 0.5.6`

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository