Closed dependabot[bot] closed 2 months ago
Checkmarx One – Scan Summary & Details – 79d9434e-f261-404b-a4f9-5ec688809d23
Policy Name | Rule(s) | Break Build |
---|---|---|
[SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector |
Severity | Issue | Source File / Package |
---|---|---|
Unpinned Actions Full Length Commit SHA | /ci.yml: 40 | |
Unpinned Actions Full Length Commit SHA | /manual-tag.yml: 23 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 42 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 53 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 24 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 17 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 55 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 34 |
Bumps org.jenkins-ci.plugins:plugin from 4.78 to 4.85.
Release notes
Sourced from org.jenkins-ci.plugins:plugin's releases.
... (truncated)
Commits
82f1f14
[maven-release-plugin] prepare release plugin-4.85aa6c960
Downgrademaven-release-plugin
to last working version (#966)1d79a56
[maven-release-plugin] prepare for next development iteration0f99861
[maven-release-plugin] prepare release plugin-4.84bee3b30
Upgrade HtmlUnit from 4.2.0 to 4.3.0 (#965)c7b62b5
Bump org.junit:junit-bom from 5.10.2 to 5.10.3 (#962)26e9088
Bump org.apache.maven.plugins:maven-project-info-reports-plugin (#960)fc178b1
Bump org.apache.maven.plugins:maven-dependency-plugin (#958)209f304
Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.2 to 3.4.0 (#956)14652fc
Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#957)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show