Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #1257

dependabot · 2024-12-04T16:21:57Z

Bumps org.owasp:dependency-check-maven from 11.1.0 to 11.1.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 11.1.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 11.1.1 (2024-12-04)

fix: re-enable issue locking (#7220)

fix: add username/password properties to be able to authenticate for central.content.url and analyzer.central.url again (#7169)

fix: rework replaceOrAddVulnerability (#7177)

fix: do not log loading of JDBC driver (#7155)

fix: expose flag to disable version check (#7147)

fix: Gracefully handle CVEs with bad configuration nodes missing CPE match expressions (#7125)

chore: cleanup base suppression (#7138)

docs: update gradle configuration documentation (#7176)

docs: update documentation for Gradle plugin (#7143)

docs: improve false positive issue templat (#7130)

See the full listing of changes.

Commits

30acb30 build: prepare release v11.1.1
0a4f570 docs: update changelog for release 11.1.1
cf08e94 fix: re-enable issue locking (#7220)
09f3fb9 build(deps): bump JamesIves/github-pages-deploy-action from 4.7.1 to 4.7.2 (#...
a65720f fix: reenable issue locking (#7208)
20e344c fix: 7093 add username/password properties to be able to authenticate for cen...
6a13d58 build(deps): bump org.jsoup:jsoup from 1.18.2 to 1.18.3 (#7205)
4655cc7 build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 (#7170)
f85b726 build(deps): bump jackson.version from 2.18.1 to 2.18.2 (#7200)
a3cfa4f build(deps): bump org.jsoup:jsoup from 1.18.1 to 1.18.2 (#7194)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 11.1.0 to 11.1.1. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v11.1.0...v11.1.1) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-12-04T16:59:42Z

☀️ Quality Monitor

   🚦 Tests: 98% successful (✔️ 103 passed, 🙈 2 skipped)
   〰️ Line Coverage: 91% (62 missed lines)
   ➰ Branch Coverage: 91% (19 missed branches)
   Mutation Coverage: 80% (80 survived mutations)
   💪 Test Strength: 85% (58 survived mutations in tested code)
   CheckStyle: No warnings
   PMD: No warnings
   SpotBugs: No bugs
   🐛 Error Prone: No bugs
   OWASP Dependency Check: No vulnerabilities
   🌀 Cyclomatic Complexity: 377 (total)
   💭 Cognitive Complexity: 173 (total)
   📏 Lines of Code: 4053 (total)
   📝 Non Commenting Source Statements: 1258 (total)
   🔭 Access to foreign data: 88 (total)
   🔗 Class cohesion: 71.43% (maximum)
   📤 Fan out: 278 (total)
   📲 Number of accessors: 14 (total)
   ⚖️ Weight of a class: 100.00% (maximum)
   📐 Weighted method count: 376 (total)
   ➿ N-Path Complexity: 456 (total)

Created by Quality Monitor v1.14.0 (#f3859fd). More details are shown in the GitHub Checks Result.

dependabot bot added dependencies Update of dependencies java Pull requests that update Maven Java dependencies labels Dec 4, 2024

github-actions bot assigned uhafner Dec 4, 2024

uhafner merged commit 3af5b6f into main Dec 7, 2024
15 checks passed

uhafner deleted the dependabot/maven/org.owasp-dependency-check-maven-11.1.1 branch December 7, 2024 10:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #1257

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #1257

dependabot bot commented on behalf of github Dec 4, 2024

github-actions bot commented Dec 4, 2024

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #1257

Bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 #1257

Conversation

dependabot bot commented on behalf of github Dec 4, 2024

Version 11.1.1

Version 11.1.1 (2024-12-04)

github-actions bot commented Dec 4, 2024

☀️ Quality Monitor