Skip to content

fix(deps): update all non-major dependencies (patch)#363

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/patch-all-minor-patch
Open

fix(deps): update all non-major dependencies (patch)#363
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/patch-all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 19, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.owasp:dependency-check-maven (source) 12.2.012.2.2 age confidence
org.apache.maven.plugins:maven-enforcer-plugin (source) 3.6.23.6.3 age confidence
org.apache.maven.plugins:maven-surefire-plugin (source) 3.5.53.5.6 age confidence
ch.qos.logback:logback-classic (source, changelog) 1.5.321.5.33 age confidence
org.slf4j:slf4j-api (source, changelog) 2.0.172.0.18 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.2.2

Compare Source

NOTE: The database schema was updated to fix #​8466 - if using an external database the update scripts must be run!

  • feat: improve Sonatype Guide / OSS Index cache handling and insufficient credits error reporting (#​8451)
  • feat: support and prefer githubID vuln identifiers from RetireJS (#​8419)
  • fix(db): widen reference URL column to handle long Mozilla CVE URLs (#​8467)
  • fix: add corepack to docker image (#​8386)
  • fix: bump open-vulnerability-clients to resolve NVD timestamp parsing errors (#​8427)
  • fix: de-duplicate and sort both includedBy and projectReferences in reports (#​8440)
  • fix: migrate default OSS Index API URL to Sonatype Guide; supporting optional username (#​8404)
  • docs: correct missing documentation for Gradle plugin (#​8431)
  • docs: tweak docs site structure; documenting missing analyzers (#​8462)
  • chore: remove spurious bundle-audit log line when there are no errors (#​8454)
  • chore: tidy CHANGELOG formatting (#​8414)
  • chore(fp): remove duplicate log4j FP suppressions (#​8468)
  • build(deps): bump apache.ant.version from 1.10.16 to 1.10.17 (#​8416)
  • build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 (#​8465)
  • build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#​8420)
  • build(deps): bump com.mysql:mysql-connector-j from 9.6.0 to 9.7.0 (#​8445)
  • build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#​8453)
  • build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 (#​8448)
  • build(deps): bump httpcomponents.client.version from 5.6 to 5.6.1 (#​8432)
  • build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 (#​8464)
  • build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 (#​8452)
  • build(deps): bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#​8437)
  • build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 (#​8463)
  • build(deps): bump the actions-deps group with 8 updates (#​8472)

See the full listing of changes

v12.2.1

Compare Source

  • fix(core): correct xml schema validation handling without needing external access (#​8272)
  • fix(deps): upgrade slf4j and logback (#​8306)
  • fix(test): disable pnpm analyzer during test (#​8305)
  • fix: Correct published/hosted suppressions namespace header and indent (#​8258)
  • fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#​8248)
  • fix: #​8140 AssemblyAnalyzer version resolution issue (#​8352)
  • fix: #​8140 fix version resolution
  • fix: #​8140 hint azure_identity_library_for_.net
  • fix: #​8356 narrow down VersionFilterAnalyzer scope to JAR files (#​8358)
  • fix: correct parsing for CVSSv4 strings with Provider Urgency (#​8377)
  • fix: evidence source in Retire JS analyzer (#​8303)
  • fix: exclude deprecations from Yarn Berry audit results (#​8380)
  • fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#​8245)
  • fix: improve configuration consistency (casing) (#​8355)
  • fix: improve logging of unexpected Java Errors during processing of NVD (#​8250)
  • fix: raw type warning in ProcessReader (#​8324)
  • fix: suppress false positives for zabbix-utils #​8087 (#​8218)
  • fix: update docs (#​8405)
  • fix: warn if deprecated configs are used (#​8366)
  • docs: define schema locations in XML examples (#​8254)
  • docs: document external data sources and hostnames (#​8219)
  • docs: ensure OSS Index URL override is consistently documented (#​8338)
  • docs: fix minor typo in README (#​8246)
  • chore: avoid use of parent pom and maven properties where unnecessary (#​8322)
  • chore: bump java development to 25.0 (#​8365)
  • chore: fix Charset warnings; preferring typed charsets (#​8326)
  • chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#​8265)
  • chore: pin GitHub actions to specific SHAs rather than mutable tags (#​8381)
  • chore: remove unused properties and schemas (#​8378)
  • test: Make tests locale independent (#​8328)
  • test: #​8140 reproduce current behavior
  • test: avoid polluting test classpaths with sample dependencies to be scanned (#​8267)
  • build: improve GHA workflow experience for forks (#​8285)
  • build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#​8292)

See the full listing of changes

Configuration

📅 Schedule: (in timezone Europe/Oslo)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/patch-all-minor-patch branch from bd57d16 to c36053a Compare May 7, 2026 16:09
@renovate renovate Bot changed the title chore(deps): update dependency org.owasp:dependency-check-maven from v12.2.0 to v12.2.1 chore(deps): update dependency org.owasp:dependency-check-maven from v12.2.0 to v12.2.2 May 7, 2026
@renovate renovate Bot force-pushed the renovate/patch-all-minor-patch branch from c36053a to 0686b77 Compare May 16, 2026 22:05
@renovate renovate Bot changed the title chore(deps): update dependency org.owasp:dependency-check-maven from v12.2.0 to v12.2.2 fix(deps): update all non-major dependencies (patch) May 16, 2026
@renovate renovate Bot force-pushed the renovate/patch-all-minor-patch branch from 0686b77 to 5632214 Compare May 19, 2026 12:35
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate Bot force-pushed the renovate/patch-all-minor-patch branch from 5632214 to e42512c Compare May 30, 2026 00:03
@renovate renovate Bot force-pushed the renovate/patch-all-minor-patch branch from e42512c to 444d873 Compare May 31, 2026 22:48
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 31, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants