jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.47k stars 1.29k forks source link

build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.5 to 4.8.6.6 #7153

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.5 to 4.8.6.6.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.8.6.6

  • Cleanup groovy code
  • Cleanup character encoding
  • Update deprecated maven calls
  • Groovy moved to 4.0.24

Compatibility remains with 4.8.6 of spotbugs

Commits
  • 9895d2e [maven-release-plugin] prepare release spotbugs-maven-plugin-4.8.6.6
  • 028a1a3 Merge pull request #924 from hazendaz/next-up
  • 1b6f4bf [ci] Gstring to string
  • cf9ebd1 [ci] Run eclipse formatter against the code
  • 62ddea0 Merge pull request #923 from hazendaz/charset
  • 559b0ca [logging] Use correct quoting in log line
  • f2baf85 [maven] Update deprecated code from current project call for reports plugin
  • e5fd7e7 [groovy] Use less gstrings when not needed and sort parameter attributes
  • 260a4da Merge pull request #922 from hazendaz/charset
  • 192e8f2 Revert "[github] Bump to maven 4.0.0-beta-5"
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)