Skip to content

build(deps): bump dependency-check-maven from 6.5.1 to 7.0.4#340

Closed
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/org.owasp-dependency-check-maven-7.0.4
Closed

build(deps): bump dependency-check-maven from 6.5.1 to 7.0.4#340
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/org.owasp-dependency-check-maven-7.0.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2022
edited
Loading

Bumps dependency-check-maven from 6.5.1 to 7.0.4.

Release notes

Sourced from dependency-check-maven's releases.

Version 7.0.4

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.3

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.2

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.

Version 7.0.1

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 7.0.0

Breaking Changes

  • The H2 database version has been upgraded.
    • if you use the dataDirectory option you will need to run a purge after upgrading.
  • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

Changes

  • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
  • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
  • When analyzing Java projects ODC now includes data from the developers section.
    • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 6.5.3

Changes in this Release

  • Performance improvements for some Maven projects (see #3923 and #3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

Version 6.5.2

Changes in this Release

  • Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
  • Bug fix when processing NPM lock files (#3893).
  • Added missing pnpm argmument to the CLI (#3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.
Changelog

Sourced from dependency-check-maven's changelog.

Version 7.0.4 (2022-03-30)

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.3 (2022-03-29)

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.2 (2022-03-28)

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.

Version 7.0.1 (2022-03-23)

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 7.0.0 (2022-02-28)

Breaking Changes

  • The H2 database version has been upgraded.
    • if you use the dataDirectory option you will need to run a purge after upgrading.
  • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

Changes

  • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
  • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
  • When analyzing Java projects ODC now includes data from the developers section.
    • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 6.5.3 (2022-01-12)

Changes

  • Performance improvements for some Maven projects (see #3923 and #3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

... (truncated)

Commits
  • d200397 [maven-release-plugin] prepare release v7.0.4
  • ebb6679 prepare release
  • 138bb2a prepare release
  • c32dbbf Merge pull request #4288 from jeremylong/dependabot/maven/com.fasterxml.jacks...
  • 9098a80 Bump jackson-bom from 2.13.2.20220324 to 2.13.2.20220328
  • 89f165c Merge pull request #4286 from jeremylong/release-7.0.3
  • 4cc3501 [maven-release-plugin] prepare for next development iteration
  • d881157 [maven-release-plugin] prepare release v7.0.3
  • ebfba7b prepare release
  • e6a2156 Merge pull request #4285 from jeremylong/jacksonFix
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 1, 2022
@sruehl
Copy link
Copy Markdown
Contributor

sruehl commented Apr 7, 2022

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/maven/org.owasp-dependency-check-maven-7.0.4 branch from 6fc52ca to 08022f9 Compare April 7, 2022 11:00
@sruehl
Copy link
Copy Markdown
Contributor

sruehl commented Apr 12, 2022

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/maven/org.owasp-dependency-check-maven-7.0.4 branch from 08022f9 to 77be613 Compare April 12, 2022 16:04
@sruehl
Copy link
Copy Markdown
Contributor

sruehl commented Apr 13, 2022

@dependabot rebase

@dependabot
build(deps): bump dependency-check-maven from 6.5.1 to 7.0.4
c75f2b1 
Bumps [dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 6.5.1 to 7.0.4.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/RELEASE_NOTES.md)
- [Commits](jeremylong/DependencyCheck@v6.5.1...v7.0.4)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/org.owasp-dependency-check-maven-7.0.4 branch from 77be613 to c75f2b1 Compare April 13, 2022 11:56
@chrisdutz
Copy link
Copy Markdown
Contributor

chrisdutz commented Apr 20, 2022

https://github.com/dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 20, 2022

Looks like org.owasp:dependency-check-maven is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Apr 20, 2022
@dependabot dependabot bot deleted the dependabot/maven/org.owasp-dependency-check-maven-7.0.4 branch April 20, 2022 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sruehl @chrisdutz