Update spri

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/cache	action	patch	v2.1.5 -> v2.1.7
actions/checkout	action	minor	v2.3.4 -> v2.4.0
cirrus-actions/rebase	action	minor	1.4 -> 1.5
docker/build-push-action	action	minor	v2.4.0 -> v2.10.0
docker/login-action	action	minor	v1.9.0 -> v1.14.1
docker/setup-qemu-action	action	minor	v1.1.0 -> v1.2.0
openjdk	final	patch	11.0.1-jre-slim-stretch -> 11.0.3-jre-slim-stretch
org.owasp:dependency-check-maven	build	minor	6.1.3 -> 6.5.3
org.apache.maven.plugins:maven-pmd-plugin	build	minor	3.14.0 -> 3.16.0
org.codehaus.mojo:flatten-maven-plugin	build	patch	1.2.5 -> 1.2.7
org.webjars:jquery (source)	compile	minor	3.5.1 -> 3.6.0
org.webjars:bootstrap (source)	compile	patch	3.4.0 -> 3.4.1
org.asciidoctor:asciidoctorj	compile	minor	2.4.3 -> 2.5.3
org.bitbucket.b_c:jose4j (source)	compile	patch	0.7.6 -> 0.7.11
org.asciidoctor:asciidoctor-maven-plugin	build	minor	1.5.3 -> 1.6.0
cglib:cglib-nodep	compile	patch	2.2 -> 2.2.2
org.glassfish.jaxb:jaxb-runtime (source)	compile	patch	2.3.0 -> 2.3.6
io.github.bonigarcia:webdrivermanager (source)	test	minor	4.3.1 -> 4.4.3
org.jsoup:jsoup (source)	compile	patch	1.14.2 -> 1.14.3
com.thoughtworks.xstream:xstream (source)	compile	patch	1.4.5 -> 1.4.19
com.nulab-inc:zxcvbn	compile	minor	1.4.0 -> 1.6.0

---

Release Notes

actions/cache

v2.1.7

Compare Source

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

Compare Source

• Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (https://github.com/actions/cache/pull/596)

actions/checkout

v2.4.0

Compare Source

• Convert SSH URLs like org-<ORG_ID>@&#8203;github.com: to https://github.com/ - pr

v2.3.5

Compare Source

Update dependencies

cirrus-actions/rebase

v1.5

Compare Source

• Allow PR_NUMBER to be set externally (#​76)
• Retry if the PR is unrebaseable (#​75)

Plus some fixes

docker/build-push-action

v2.10.0

Compare Source

• Add imageid output and use metadata to set digest output (#​569)
• Add build-contexts input (#​563)
• Enhance outputs display (#​559)

v2.9.0

Compare Source

• add-hosts input (#​553 #​555)
• Fix git context subdir example and improve README (#​552)
• Add e2e tests for ACR (#​548)
• Add description on github-token option to README (#​544)
• Bump node-fetch from 2.6.1 to 2.6.7 (#​549)

v2.8.0

Compare Source

• Allow specifying subdirectory with default git context (#​531)
• Add cgroup-parent, shm-size, ulimit inputs (#​501)
• Don't set outputs if empty or nil (#​470)
• docs: example to sanitize tags with metadata-action (#​476)
• docs: wrong syntax to sanitize repo slug (#​475)
• docs: test before pushing your image (#​455)
• readme: remove v1 section (#​500)
• ci: virtual env file system info (#​510)
• dev: update workflow (#​499)
• Bump @​actions/core from 1.5.0 to 1.6.0 (#​160)
• Bump ansi-regex from 5.0.0 to 5.0.1 (#​469)
• Bump tmpl from 1.0.4 to 1.0.5 (#​465)
• Bump csv-parse from 4.16.0 to 4.16.3 (#​451 #​459)

v2.7.0

Compare Source

• Add metadata output (#​412)
• Bump @​actions/core from 1.4.0 to 1.5.0 (#​439)
• Add note to sanitize tags (#​426)
• Cache backend API docs (#​406)
• Git context now supports subdir (#​407)
• Bump codecov/codecov-action from 1 to 2 (#​415)

v2.6.1

Compare Source

• Small typo and ensure trimmed output (#​400)

v2.6.0

Compare Source

• Handle git sha version of buildx (#​399)
• Update dev deps (#​393)
• Use built-in getExecOutput (#​392)
• Use core.getBooleanInput (#​391)
• Bump csv-parse from 4.15.4 to 4.16.0 (#​385)
• Bump @​actions/exec from 1.0.4 to 1.1.0 (#​382)
• Bump @​actions/core from 1.3.0 to 1.4.0 (#​383)
• Bump ws from 7.3.1 to 7.4.6 (#​375)

v2.5.0

Compare Source

• Fix ref spec for default Git context (#​347)
• Preserve quotes inside unquoted field (#​369)
• Doc: Copy between registries (#​362)
• Doc: Share built image between jobs (#​368)
• Bump @​actions/github from 4.0.0 to 5.0.0 (#​364)
• Bump hosted-git-info from 2.8.8 to 2.8.9 (#​356)
• Bump lodash from 4.17.20 to 4.17.21 (#​355)
• Update examples with docker/metadata-action (#​354)
• Remove os limitation (#​349)
• Fix ref spec for default Git context (#​347)
• Bump csv-parse from 4.15.3 to 4.15.4 (#​345)
• Bump @​actions/core from 1.2.6 to 1.3.0 (#​344 #​370)

docker/login-action

v1.14.1

Compare Source

• Revert to Node 12 as default runtime to fix issue for GHE users (#​160)

v1.14.0

Compare Source

• Update to node 16 (#​158)
• Bump @​aws-sdk/client-ecr from 3.45.0 to 3.53.0 (#​157)
• Bump @​aws-sdk/client-ecr-public from 3.45.0 to 3.53.0 (#​156)

v1.13.0

Compare Source

• Handle proxy settings for aws-sdk (#​152)
• Workload identity based authentication docs for GCR and GAR (#​112)
• Test login against ACR (#​49)
• Bump @​aws-sdk/client-ecr from 3.44.0 to 3.45.0 (#​132)
• Bump @​aws-sdk/client-ecr-public from 3.43.0 to 3.45.0 (#​131)

v1.12.0

Compare Source

• ECR: only set credentials if username and password are specified (#​128)
• Refactor to use aws-sdk v3 (#​128)

v1.11.0

Compare Source

• ECR: switch implementation to use the AWS SDK (#​126)
• ecr input to specify whether the given registry is ECR (#​123)
• Test against Windows runner (#​126)
• Update instructions for Google registry (#​127)
• Update dev workflow (#​111)
• Small changes for GHCR doc (#​86)
• Update dev dependencies (#​85)
• Bump ansi-regex from 5.0.0 to 5.0.1 (#​101)
• Bump tmpl from 1.0.4 to 1.0.5 (#​100)
• Bump @​actions/core from 1.4.0 to 1.6.0 (#​94 #​103)
• Bump codecov/codecov-action from 1 to 2 (#​88)
• Bump hosted-git-info from 2.8.8 to 2.8.9 (#​83)
• Bump node-notifier from 8.0.0 to 8.0.2 (#​82)
• Bump ws from 7.3.1 to 7.5.0 (#​81)
• Bump lodash from 4.17.20 to 4.17.21 (#​80)
• Bump y18n from 4.0.0 to 4.0.3 (#​79)

v1.10.0

Compare Source

• GitHub Packages Docker Registry deprecated (#​78)
• Use built-in getExecOutput (#​77)
• Switch to core.getBooleanInput (#​76)
• Bump @​actions/exec from 1.0.4 to 1.1.0 (#​73)
• Bump @​actions/core from 1.2.6 to 1.4.0 (#​70 #​74)
• Bump @​actions/io from 1.0.2 to 1.1.1 (#​71 #​75)
• Bump semver from 7.3.2 to 7.3.5 (#​69)
• Update dependabot config (#​68)

docker/setup-qemu-action

v1.2.0

Compare Source

• Display image information (#​36)
• Bump @​actions/core from 1.2.7 to 1.3.0 (#​35)

jeremylong/DependencyCheck

v6.5.3

Compare Source

Changes

• Performance improvements for some Maven projects (see #​3923 and #​3931).
• Fixed bug in npm version handling introduced in 6.5.2 (see #​3956).
• Improved the node package analyzer to correctly report the origin of a dependency (see #​3970).
• General code maintenance and false positive reductions.
• See the full listing of changes.

v6.5.2

Compare Source

Changes

• Fixed false positives around log4j-api and Log4j-web (#​3910 & #​3937).
• Bug fix when processing NPM lock files (#​3893).
• Added missing pnpm argmument to the CLI (#​3916).
• General code maintenance and false positive reductions.
• See the full listing of changes.

v6.5.1

Compare Source

Changes

• Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#​3787).
• Improved the analysis of Swift package manager (package.resolved - see #​3813).
• General code maintenance and false positive reductions.
• See the full listing of changes.

v6.5.0

Compare Source

Changes

• Updated build configuration to create reproducible builds.
• Updated automated release process to work with branch protection.
• Resolved several false positives in the Java ecosystem.
• Enabled the Swift Resolved analyzer per #​3735
• Improved iOS support per #​3168 and #​3765
• Added the a new pnpm Analyzer
• Fixed issue with some npm and yarn analysis failing due to large audit output
• See the full listing of changes.

v6.4.1

Compare Source

Changes

• Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #​3725).
• See the full listing of changes.

v6.4.0

Compare Source

Changes

• Increased timeout between downloads from the NVD to prevent rate limiting issues (see #​3722).
  • cveStartYear is now configurable and can be set to any year from 2002 to present.
  • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #​3690).
  • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
• Fixed NPE in the ODC maven plugin (see #​3702.
• See the full listing of changes.

v6.3.2

Compare Source

Changes

• Reduced chance of rate limiting when download files from NVD (see #​2670).
• Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #​3627).
• See the full listing of changes.

v6.3.1

Compare Source

Changes

• Fixed ConcurrentModificationException
• See the full listing of changes.

v6.3.0

Compare Source

Changes

• Many updates were made to improve performance on large scans, reduce false positives, and other bug fixes.
• Increased the width of four columns in the database; if you use a an external database you should also update the width (see upgrade_5.1.sql).
• See the full listing of changes.

v6.2.2

Compare Source

Changes

• Resolved issue with database connections introduced in 6.2.0 (see #3408 reusing the same connection before returning it to the pool jeremylong/DependencyCheck#3432).
• See the full listing of changes.

v6.2.1

Compare Source

Changes

• Resolved issue with database connections introduced in 6.2.0 (see org.owasp:dependency-check-maven:6.2.0 DatabaseException: Unable to connect to the database jeremylong/DependencyCheck#3416).
• See the full listing of changes.

v6.2.0

Compare Source

Changes

• Added an experimental Perl CPAN analyzer #​3378
  • Note that the full DSL of the CPAN is not yet supported so any required dependency is analyzed (i.e. there is no way to exclude development requirements)
• Improved database performance #​3206
• The archive analyzer now extracts files from RPM archives #​3226
• Ensure ordered output in reports #​3243
• Several minor bug fixes and updates to reduce false positives
• See the full listing of changes.

v6.1.6

Compare Source

Changes

• Resolved issue with Sarif report (#​3243)
• Resolved issue with Ruby Bundle Audit (#​3256)
• Several minor bug fixes and updates to reduce false positives
• See the full listing of changes.

v6.1.5

Compare Source

Changes

• Fixed a second NPE introduced in 6.1.3 (see #​3246)
• See the full listing of changes.

v6.1.4

Compare Source

Changes

• Fixed an NPE introduced in 6.1.3 (see #​3212)
• See the full listing of changes.

asciidoctor/asciidoctorj

v2.5.3

Compare Source

This release brings the latest version of Asciidoctor, 2.0.17, Asciidoctor PDF, 1.6.2.

Improvement

• Upgrade to asciidoctorj 2.0.17 (#​1074)
• Upgrade to asciidoctorj-pdf 1.6.2 (#​1073)
• Upgrade to asciidoctorj-diagram 2.2.1 (#​1066) (@​abelsromero) (#​1065)
• Upgrade to jruby 9.2.20.1 (#​1074)
• Upgrade to rouge 3.27.0 (#​1073)
• Upgrade CLI to use JCommander 1.81 (@​abelsromero) (#​1067)

Build Improvement

• Add Java17 to CI pipelines (@​abelsromero) (#​1055)
• Improve pipelines to better display Asciidoctor test upstream (@​abelsromero) (#​1057)

Documentation

• Clarify execution order for extensions (@​rockyallen) (#​1068)
• Added docs for attributes and positional attributes in extensions (#​1072)
• Added docs for how to log from extensions (#​1071)

Release Meta

Released on: 2022-01-12
Released by: @​robertpanzer
Release Beer: Dogfish 90 Minute Imperial IPA

v2.5.2

Compare Source

This release brings the latest version of Asciidoctor, 2.0.16 and Asciidoctor PDF, 1.6.0.

Improvement:

• Upgrade to asciidoctorj 2.0.16 (#​1052)
• Upgrade to asciidoctorj-pdf 1.6.0 (#​1040)

Bug Fixes:

• Avoid using of deprecated attributes toc2 and toc-placement.
  Deprecated Attributes.setTableOfContents2().
  Added new constants Placement.PREAMBLE and Placement.MACRO as parameters for Attributes.setTableOfConstants(). (@​abelsromero) (#​1037)

Build Improvement:

• Use JavaCompile options.release instead of sourceCompatibility and targetCompatibility to target Java 8 (#​1042)
• Upgrade nexus publishing and staging to new gradle-nexus.publish-plugin (#​1043)
• Upgrade remaining dependency on junit 4.12 to 4.13.2 (#​1044)

Release Meta

Released on: 2021-08-08
Released by: @​robertpanzer

v2.5.1

Compare Source

This release brings the latest version of Asciidoctor, 2.0.15 and Asciidoctor Epub3, 1.5.1.

Improvement

• Upgrade to asciidoctor 2.0.15 (#​1026)
• Upgrade to asciidoctor-epub 1.5.1 (#​1030)

Bug Fixes

• Fix performance regression in v2.5.0 with asciidoctorj-pdf and concurrent-ruby (@​kedar-joshi) (#​1032)

Build Improvement

• Upgrade to sdkman vendor plugin 2.0.0
• Remove builds on appveyor (#​1027)

Build / Infrastructure

• Upgrade test dependencies on Arquillian and Spock (#​1031)

Release Meta

Released on: 2021-05-04
Released by: @​robertpanzer

v2.5.0

Compare Source

This release upgrades the version of Asciidoctor core to 2.0.14.
Also a lot of effort has gone into modernising the build for Gradle 7.0 and Java 16.
Finally, an effort has started to better document and clean up the API.
Please take notice of the deprecations in the Asciidoctor interface, as the next major version will remove these methods.

Improvement

• Allow defining @Name as a meta annotation on Block and Inline Macros (@​uniqueck) (#​898)
• Upgrade to jruby 9.2.17.0 (#​1004)
• Upgrade to asciidoctorj-diagram 2.1.2 (#​1004)
• Add getRevisionInfo method to Document. Make DocumentHeader class and readDocumentHeader methods as deprecated (@​abelsromero) (#​1008)
• Add getAuthors method to Document (@​abelsromero) (#​1007)
• Upgrade to asciidoctor 2.0.14 (#​1016)
• Deprecated methods Asciidoctor, Options and Attributes API scheduled for future removal (@​abelsromero)(#​1015)
• Add pushInclude to PreprocessorReaderImpl and deprecate push_include (@​abelsromero) (#​1020)

Build Improvements

• Fix wildfly integration test on Java 16 (@​abelsromero) (#​1002)
• Upgrade Gradle to 7.0.0 (#​1001)
• Fix URL for distribution in sdkman (#​990)
• Update gradle plugin biz.aQute.bnd to 5.3.0 (#​1001)
• Run Github actions for main branch (#​1017)

Documentation

• Add Spring Boot integration test and usage guide (@​abelsromero) (#​994, #​995)

Release Meta

Released on: 2021-04-17
Released by: @​robertpanzer

bonigarcia/webdrivermanager

v4.4.3

Added

• Support for ARM64 (Aarch64) architecture (issue #​634)
• Include method arm64() in WDM API to specify ARM64 architecture

Fixed

• Fix execution of registry query commands to detect browser version (for Windows)

v4.4.2

• Due to a problem in the release procedure, version 4.4.2 is identical to 4.4.1

v4.4.1

Fixed

• Fix browser version detection in Mac (issue #​632)

v4.4.0

Added

• Automatic module name in MANIFEST.MF for JDK 9+ support (PR #​615)
• Include config key wdm.browserVersionDetectionRegex, equivalent to API method browserVersionDetectionRegex()
• Expose method .exportParameter() in WebDriverManager API
• Include config key wdm.useChromiumDriverSnap to use Chromium snap package (false by default)
• Support local URLs (file://) for versions and commands properties
• Include new API methods: useLocalCommandsPropertiesFirst(), versionsPropertiesUrl(URL), and commandsPropertiesUrl(URL)

Changed

• Extract commands database as a properties file (commands.properties)

Removed

• Remove method browserPath() in WebDriverManager API (changed by browserVersionDetectionCommand())

nulab/zxcvbn4j

v1.6.0

Compare Source

• Change the position of the defining signing (#​121) #​123 (vvatanabe)
• use configurations.archives in signing (#​121) #​122 (vvatanabe)
• Make Scoring.factorial(int) return long #​116 (InkerBot)
• Added Italian translation #​113 (gdonisi)
• Correct strength.score definition #​117 (AChep)
• Fixes #​110 - correct encoding for French and German. #​111 (40rn05lyv)
• Add module-info.java #​104 (overheadhunter)
• temporarily remove test with JDK 17 (#​119) #​120 (vvatanabe)
• Migrated to GitHub Actions #​112 (overheadhunter)
• Update README.md #​108 (eltociear)

v1.5.2

Compare Source

• fix recent years #​100 #​102 (kxn4t)

v1.5.1

Compare Source

• Bump junit 4.11 to 4.13.2 #​101 (yasuyuki-baba)
• Add Automatic-Module-Name to manifest #​99 (overheadhunter)

v1.5.0

Compare Source

• Improved to be able to replace the message arbitrarily #​92 (kxn4t)
• Fix typo in German translation #​96 (bleeding182)

v1.4.1

Compare Source

• Fix message from full-width to half-width #​91 (kxn4t)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.