Bump the dependencies group across 1 directory with 3 updates #294

dependabot · 2024-07-02T17:06:13Z

Bumps the dependencies group with 3 updates in the / directory: io.jsonwebtoken:jjwt, org.apache.maven.plugins:maven-release-plugin and org.owasp:dependency-check-maven.

Updates io.jsonwebtoken:jjwt from 0.12.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt's releases.

0.12.6

This patch release:

Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.

Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.

Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941

Usees Acsiidoc as README format by @bdemers in jwtk/jjwt#777

Allows using GenericSecret for HmacSHA* algorithms by @mnylen in jwtk/jjwt#935

Enables JWE arbitrary content compression by @mnylen in jwtk/jjwt#937

New Contributors

@mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

Changelog

Sourced from io.jsonwebtoken:jjwt's changelog.

0.12.6

This patch release:

Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.

Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.

Upgrades BouncyCastle to 1.78 via PR 941.

Commits

0df9756 [maven-release-plugin] prepare release 0.12.6
aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
0c2d96c Fixes #949 (#950)
a7de554 Fixes #947 (#948)
7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
3489fdb JWE arbitrary content compression (#937)
23d9a33 Allow using GenericSecret for HmacSHA* (#935)
c673b76 Update SECURITY.md
2694861 Use Acsiidoc as README format (#777)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.1.0

🚀 New features and improvements

[MRELEASE-1145] - Upgrade to Maven 3.6.3 (#217) @michael-o

[MRELEASE-1139] - Improve logging of sources for used credentials (#209) @kwin

[MRELEASE-1134] - Pass interactive flag to SCM provider (#197) @kwin

🐛 Bug Fixes

[MRELEASE-1064] - [REGRESSION] release:branch uses @releaseLabel instea… (#221) @michael-o

[MRELEASE-1147] - @junitVersion@ never replaced in UTs (make explicit) (#220) @michael-o

[MRELEASE-1148] - Release Manage pulls in transitive dependencies (#219) @michael-o

[MRELEASE-1146] - maven-release-plugin tests do not properly check for … (#218) @michael-o

[MRELEASE-1109] - patch JDomModel (#201) @mkolesnikov

[MRELEASE-1109] - Support CI friendly versions (#198) @kwin

📦 Dependency updates

Bump scmVersion from 2.0.1 to 2.1.0 (#213) @dependabot

Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0 (#215) @dependabot

Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3 (#210) @dependabot

Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#206) @dependabot

Bump org.xmlunit:xmlunit-core from 2.9.1 to 2.10.0 (#214) @dependabot

[MRELEASE-1144] - Upgrade to Parent 42 (#216) @michael-o

Bump apache/maven-gh-actions-shared from 3 to 4 (#212) @dependabot

Bump org.codehaus.plexus:plexus-interactivity-api from 1.1 to 1.2 (#207) @dependabot

Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0 (#200) @dependabot

Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.0 (#204) @dependabot

Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 (#205) @dependabot

[MRELEASE-1128] - update maven-scm to 2.0.1 (#192) @elharo

👻 Maintenance

Bump release-drafter/release-drafter from 5 to 6 (#211) @dependabot

[MRELEASE-1136] - Upgrade parent pom to 41 (#208) @slachiewicz

fixup hamcrest dependencies (#194) @elharo

prefer JDK String replace methods to Plexus ones (#193) @elharo

Commits

f2f9f4e [maven-release-plugin] prepare release maven-release-3.1.0
e109d3b Bump scmVersion from 2.0.1 to 2.1.0
5f794a1 Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
28201bb Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3
8547606 Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27
adf6aaf Bump org.xmlunit:xmlunit-core from 2.9.1 to 2.10.0
f3bbb77 [MRELEASE-1064] [REGRESSION] release:branch uses @releaseLabel instead of @br...
fa6c3db [MRELEASE-1145] Upgrade to Maven 3.6.3
167db81 [MRELEASE-1147] @junitVersion@ never replaced in UTs (make explicit)
7249d1f [MRELEASE-1148] Release Manager pulls in transitive dependencies
Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 9.2.0 to 10.0.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 10.0.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 10.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 10.0.1 (2024-07-02)

build(deps): bump open-vulnerability-client (#6772)

fix: remove debug logging (#6770)

fix: postgresql column count error (#6773)

fix: mssql column name and version (#6761)

docs: update supported versions (#6771)

See the full listing of changes.

Version 10.0.0 (2024-07-01)

breaking change: upgrade to dotnet 8.0 (#6580)

Users of the AssemblyAnalyzer must upgrade/utilize dotnet 8 to analyze assemblies

feat: fix the NVD API related errors by adding cvssV4 support (#6756)

breaking changes: anyone utilizing a centralized database will need to upgrade the schema; see changes in [PR #6756](jeremylong/DependencyCheck#6756)

fix: avoid escaping unnecessary chars in HTML report suppression regexes (#6749)

fix: #6688 Trim version number when parsin POM (#6705)

fix: change request if lockfile is file v3 (#6690)

fix: skip pyproject.toml unless it contains tool.poetry before ensuring lockfiles (#6681)

See the full listing of changes.

Commits

4d47fb9 build: prepare release v10.0.1
934a307 docs: release 10.0.1
763fe31 fix: postgresql error (#6773)
cab586e build(deps): bump open-vulnerability-client (#6772)
a8128a4 docs: update supported versions (#6771)
8c731cd fix: remove debug logging (#6770)
214bdd9 fix: Fix column name and version (#6761)
c0da58e Update initialize_mssql.sql
1d6bd7a build: Release 10.0.0 (#6759)
e31d456 Update CHANGELOG.md
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 3 updates in the / directory: [io.jsonwebtoken:jjwt](https://github.com/jwtk/jjwt), [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) and [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck). Updates `io.jsonwebtoken:jjwt` from 0.12.5 to 0.12.6 - [Release notes](https://github.com/jwtk/jjwt/releases) - [Changelog](https://github.com/jwtk/jjwt/blob/master/CHANGELOG.md) - [Commits](jwtk/jjwt@0.12.5...0.12.6) Updates `org.apache.maven.plugins:maven-release-plugin` from 3.0.1 to 3.1.0 - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](apache/maven-release@maven-release-3.0.1...maven-release-3.1.0) Updates `org.owasp:dependency-check-maven` from 9.2.0 to 10.0.1 - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v9.2.0...v10.0.1) --- updated-dependencies: - dependency-name: io.jsonwebtoken:jjwt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-07-03T17:23:18Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 2, 2024

dependabot bot mentioned this pull request Jul 2, 2024

Bump the dependencies group across 1 directory with 3 updates #293

Closed

dependabot bot closed this Jul 3, 2024

dependabot bot deleted the dependabot/maven/dependencies-99328064fc branch July 3, 2024 17:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group across 1 directory with 3 updates #294

Bump the dependencies group across 1 directory with 3 updates #294

dependabot bot commented on behalf of github Jul 2, 2024 •

edited

Loading

dependabot bot commented on behalf of github Jul 3, 2024

Bump the dependencies group across 1 directory with 3 updates #294

Bump the dependencies group across 1 directory with 3 updates #294

Conversation

dependabot bot commented on behalf of github Jul 2, 2024 • edited Loading

0.12.6

New Contributors

0.12.6

3.1.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

Version 10.0.1

Version 10.0.0

Version 10.0.1 (2024-07-02)

Version 10.0.0 (2024-07-01)

dependabot bot commented on behalf of github Jul 3, 2024

dependabot bot commented on behalf of github Jul 2, 2024 •

edited

Loading