chore(deps): bump spring-boot 3.1.10 to 3.2.4, camunda 7.20 to 7.21, polyflow 4.1.5 to 4.1.6

[dependabot]

You can trigger a rebase of this PR by commenting @dependabot rebase.

• Changes verified
• Hazelcast Änderungen einbauen
• Wiremock Änderung
• Upgrade Camunda Engine and Optimize chore(deps): bump camunda.version from 7.20.0 to 7.21.0 #1550
• Upgrade Polyflow Bump polyflow.version from 4.1.5 to 4.1.6 #1764
  - [ ] Use JDK 21 Optimize supports JDK 21 initially with 3.14 (planned for 2024-10-08)

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[darenegade]

Das Thema hier ist etwas größer und muss über Sprint-Planung laufen

[simonhir]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ❌ 1 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

digiwf-gateway/pom.xml

Package	Version	License	Issue Type
com.hazelcast:hazelcast-spring	5.3.6	Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND CDDL-1.0 AND EPL-2.0 AND GPL-2.0-only AND JSON AND LGPL-2.0-only AND MIT AND NOASSERTION	Invalid SPDX License

digiwf-libs/digiwf-optimize-plugins/pom.xml

Package	Version	License	Issue Type
org.camunda.optimize:plugin	3.13.0	Null	Unknown License

Denied Licenses: GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
maven/org.camunda.bpm:camunda-bom	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-bom	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/com.hazelcast:hazelcast-spring	5.3.6	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool detected: CodeQL Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/commons-codec:commons-codec	1.16.1	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 14 out of 14 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 Found 0/16 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 82 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/com.hazelcast:hazelcast-all	4.2.8	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected SAST 🟢 10 SAST tool detected: CodeQL Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/org.springframework.boot:spring-boot-dependencies	3.2.4	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.springframework.boot:spring-boot-maven-plugin	3.2.4	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.springframework.boot:spring-boot-dependencies	3.1.11	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.springframework.boot:spring-boot-maven-plugin	3.1.11	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-external-task-client	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-bom	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-external-task-client	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-external-task-client-spring	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-external-task-client	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-bom	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-external-task-client	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-external-task-client-spring	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.optimize:plugin	3.13.0	Unknown	Unknown
maven/org.camunda.optimize:plugin	3.12.0	Unknown	Unknown
maven/org.springframework.boot:spring-boot-dependencies	3.2.4	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.springframework.cloud:spring-cloud-dependencies	2023.0.1	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 11 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 9 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected
maven/org.springframework.boot:spring-boot-dependencies	3.1.11	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.springframework.cloud:spring-cloud-dependencies	2022.0.4	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 11 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 9 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected
maven/org.camunda.bpm:camunda-bom	7.21.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected
maven/org.camunda.bpm:camunda-bom	7.20.0	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 20/22 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 47 existing vulnerabilities detected

Scanned Manifest Files

digiwf-connector/pom.xml

• org.camunda.bpm:camunda-bom@7.21.0
• org.camunda.bpm:camunda-bom@7.20.0

digiwf-gateway/pom.xml

• com.hazelcast:hazelcast-spring@5.3.6
• commons-codec:commons-codec@1.16.1
• com.hazelcast:hazelcast-all@4.2.8

digiwf-integrations/digiwf-integration-parent/pom.xml

• org.springframework.boot:spring-boot-dependencies@3.2.4
• org.springframework.boot:spring-boot-maven-plugin@3.2.4
• org.springframework.boot:spring-boot-dependencies@3.1.11
• org.springframework.boot:spring-boot-maven-plugin@3.1.11

digiwf-libs/digiwf-camunda-prometheus/pom.xml

• org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-external-task-client@7.21.0
• org.camunda.bpm:camunda-bom@7.21.0
• org.camunda.bpm:camunda-external-task-client@7.21.0
• org.camunda.bpm:camunda-external-task-client-spring@7.21.0
• org.camunda.bpm.springboot:camunda-bpm-spring-boot-starter-external-task-client@7.20.0
• org.camunda.bpm:camunda-bom@7.20.0
• org.camunda.bpm:camunda-external-task-client@7.20.0
• org.camunda.bpm:camunda-external-task-client-spring@7.20.0

digiwf-libs/digiwf-optimize-plugins/pom.xml

• org.camunda.optimize:plugin@3.13.0
• org.camunda.optimize:plugin@3.12.0

digiwf-parent/pom.xml

• org.springframework.boot:spring-boot-dependencies@3.2.4
• org.springframework.cloud:spring-cloud-dependencies@2023.0.1
• org.springframework.boot:spring-boot-dependencies@3.1.11
• org.springframework.cloud:spring-cloud-dependencies@2022.0.4

digiwf-task/pom.xml

• org.camunda.bpm:camunda-bom@7.21.0
• org.camunda.bpm:camunda-bom@7.20.0

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 44.61%. Comparing base (c7e3a3c) to head (d2b0d4f).

Additional details and impacted files

@@            Coverage Diff            @@
##                dev    #1536   +/-   ##
=========================================
  Coverage     44.61%   44.61%           
  Complexity     1711     1711           
=========================================
  Files           659      659           
  Lines          9639     9638    -1     
  Branches        484      484           
=========================================
  Hits           4300     4300           
+ Misses         5154     5153    -1     
  Partials        185      185           

Flag	Coverage Δ
unittests	44.61% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[darenegade]

Schaut gut aus und Build läuft durch