Update dependency credentials to v1389

[tradeshift-renovate]

This PR contains the following updates:

Package	Update	Change
credentials	major	1.28 -> 1389.vd7a_b_f5fa_50a_2

---

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

jenkinsci/credentials-plugin (credentials)

v1389.vd7a_b_f5fa_50a_2

Compare Source

🐛 Bug fixes

• Adding credentials should not require a check on CredentialsStore#isDomainsModifiable (#​557) @​Dohbedoh

👻 Maintenance

• Require Java 17 or newer; migrate to EE 9 (#​566) @​basil

v1384.vf0a_2ed06f9c6

Compare Source

🚀 New features and improvements

• Update 'Add credentials' dropdown button (#​551) @​janfaracik

✍️ Other changes

• Fix typo in name of internal class registering SecretBytesRedaction (#​562) @​daniel-beck

v1381.v2c3a_12074da_b_

Compare Source

🔒 Security fixes

• Fix SECURITY-3373. This fix requires Jenkins 2.479 or newer, LTS 2.462.3 or newer, to be effective.

v1380.va_435002fa_924

Compare Source

🚀 New features and improvements

• CSP compatibility improvements (#​533) @​zbynek

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.87 to 4.88 (#​560) @​dependabot

v1378.v81ef4269d764

Compare Source

💥 Breaking changes

• In FIPS environment password must be at least 14 characters (#​558) @​olamy

🐛 Bug fixes

• In FIPS environment password must be at least 14 characters (#​558) @​olamy

✍️ Other changes

• Remove hard-coded java-version in Security Scan (#​555) @​strangelookingnerd
• Enable Jenkins Security Scan (#​538) @​strangelookingnerd

📦 Dependency updates

• Bump org.jenkins-ci.plugins:bouncycastle-api from 2.30.1.78.1-246.ve1089fe22055 to 2.30.1.78.1-248.ve27176eb_46cb_ (#​548) @​dependabot
• Bump org.antlr:antlr4-maven-plugin from 4.13.1 to 4.13.2 (#​554) @​dependabot
• Bump io.jenkins.tools.bom:bom-2.426.x from 2961.v1f472390972e to 3208.vb_21177d4b_cd9 (#​552) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.85 to 4.87 (#​556) @​dependabot

v1371.1373.v4eb_fa_b_7161e9

Compare Source

🔒 Security fixes

• Fix SECURITY-3373. This fix requires Jenkins 2.479 or newer, LTS 2.462.3 or newer, to be effective. Backport of 1381.v2c3a_12074da_b_ on top of 1371.vfee6b_095f0a_3.

v1371.vfee6b_095f0a_3

Compare Source

🚀 New features and improvements

• JENKINS-73335 - add support for PEM encoded certificate (and key) (#​543) @​jtnord

v1361.v56f5ca_35d21c

Compare Source

🚀 New features and improvements

• JENKINS-73334 - make plugin FIPS-140 compliant by blocking PKCS#12 certificates when in FIPS mode (#​539) @​jtnord

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.84 to 4.85 (#​546) @​dependabot

v1355.v46f52a_b_98d64

Compare Source

🚨 Removed

• Remove FileOnMasterKeyStroreSource and SECURITY-1322 - migration (#​540) @​jtnord

👻 Maintenance

• Remove FileOnMasterKeyStroreSource and SECURITY-1322 - migration (#​540) @​jtnord

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.83 to 4.84 (#​545) @​dependabot

v1350.v1b_df4d227d1b_

Compare Source

🚨 Removed

• remove deprecated and unused Upload class (#​541) @​jtnord

📦 Dependency updates

• Bump io.jenkins.tools.incrementals:git-changelist-maven-extension from 1.7 to 1.8 (#​524) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.80 to 4.83 (#​535) @​dependabot

v1344.v5a_3f65a_1e173

Compare Source

🔨 Developer

• Add SecretBytes#fromRawBytes to support the SECURITY-2495 fix in Plain Credentials plugin.

📝 Documentation updates

• Removing pdfs profile (#​513) @​jglick

📦 Dependency updates

• Bump org.xmlunit:xmlunit-matchers from 2.9.1 to 2.10.0 (#​526) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.78 to 4.80 (#​518) @​dependabot
• Bump io.jenkins.tools.bom:bom-2.426.x from 2839.v003b_4d9d24fd to 2961.v1f472390972e (#​521) @​dependabot

v1337.v60b_d7b_c7b_c9f

Compare Source

🚀 New features and improvements

• Use new dialog design for adding credentials (#​500) @​zbynek

✍️ Other changes

• JENKINS-72611 - Forbid updating credentials ID for IdCredentials (#​506) @​yaroslavafenkin

📦 Dependency updates

• Bump org.jruby:jruby-complete from 9.4.5.0 to 9.4.6.0 (#​512) @​dependabot
• Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.4 to 3.0.0 (#​510) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.77 to 4.78 (#​508) @​dependabot

v1319.v7eb_51b_3a_c97b_

Compare Source

🐛 Bug fixes

• Revert "JENKINS-72611 - Forbid editing credentials ID" (#​503) @​jtnord

v1317.v0ce519a_92b_3e

Compare Source

🐛 Bug fixes

• JENKINS-72611 - Forbid editing credentials ID (#​502) @​yaroslavafenkin

📦 Dependency updates

• Bump org.jruby:jruby-complete from 9.4.3.0 to 9.4.5.0 (#​494) @​dependabot
• Bump org.asciidoctor:asciidoctorj-pdf from 2.3.9 to 2.3.10 (#​498) @​dependabot
• Bump io.jenkins.tools.bom:bom-2.387.x from 2143.ve4c3c9ec790a to 2483.v3b_22f030990a_ (#​486) @​dependabot
• Bump org.asciidoctor:asciidoctorj from 2.5.10 to 2.5.11 (#​499) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.74 to 4.77 (#​501) @​dependabot

v1311.vcf0a_900b_37c2

Compare Source

🐛 Bug fixes

• JENKINS-72364 - Close provider dialog window when cancel is clicked (#​496) @​MarkEWaite

v1309.v8835d63eb_d8a_

Compare Source

🐛 Bug fixes

• Fix a compatibility error in CredentialsProvider (#​495) @​Vlatombe

v1307.v3757c78f17c3

Compare Source

🐛 Bug fixes

• Compatibility error in CredentialsProvider (#​492) @​jglick

v1305.v04f5ec1f3743

Compare Source

👷 Changes for plugin developers

• JEP-227 - JENKINS-39324 - Replace Acegi Security with Spring Security APIs (#​490) @​Vlatombe

⚠️ Regressions reported, under investigation.

v1304.v5ec13eecef46

Compare Source

👻 Maintenance

• Prepare for prototype removal (#​491) @​rsandell
• Do not use FormApply#applyResponse to execute arbitrary javascript (#​481) @​yaroslavafenkin

📦 Dependency updates

• Bump org.antlr:antlr4-maven-plugin from 4.13.0 to 4.13.1 (#​482) @​dependabot

v1293.vff276f713473

Compare Source

👷 Changes for plugin developers

• Use Descriptor.bindJSON to support complex describable fields in custom credentials (#​488) @​dwnusbaum

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.73 to 4.74 (#​487) @​dependabot

v1290.v2e5b_13eb_b_127

Compare Source

🚀 New features and improvements

• JENKINS-52386 - Add preview for markup of a CredentialParameterDefinition (#​410) @​microscotch

👻 Maintenance

• Switch from XML Pull Parser v3 to Streaming API for XML (StAX) on newer cores (#​484) @​basil
• Test on Java 21 (#​475) @​NotMyFault

📦 Dependency updates

• Bump asciidoctor-maven-plugin from 2.2.3 to 2.2.4 (#​468) @​dependabot
• Bump asciidoctorj from 2.5.8 to 2.5.10 (#​467) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.71 to 4.73 (#​478) @​dependabot
• Bump metainf-services from 1.9 to 1.11 (#​466) @​dependabot

v1271.v54b_1c2c6388a_

Compare Source

👷 Changes for plugin developers

• Remove more usages of Prototype (#​470) @​basil

📦 Dependency updates

• Bump jruby-complete from 9.4.2.0 to 9.4.3.0 (#​455) @​dependabot

v1268.v3f0d043d60e9

Compare Source

🐛 Bug fixes

• Replace Prototype.js with native JavaScript (#​443) @​basil

📦 Dependency updates

• Bump asciidoctorj-pdf from 2.3.4 to 2.3.9 (#​463) @​dependabot
• Bump antlr4-maven-plugin from 4.11.1 to 4.13.0 (#​447) @​dependabot
• Bump git-changelist-maven-extension from 1.4 to 1.7 (#​461) @​dependabot
• Bump plugin from 4.66 to 4.71 (#​464) @​dependabot
• Upgrade HtmlUnit from 2.x to 3.x (#​453) @​timja-bot

v1254.vb_96f366e7b_a_d

Compare Source

👷 Changes for plugin developers

• No longer need ConfidentialStoreRule (#​444) @​jglick

👻 Maintenance

• Replace some deprecated APIs (#​362) @​offa

📦 Dependency updates

• Bump jruby-complete from 9.4.1.0 to 9.4.2.0 (#​421) @​dependabot
• Bump asciidoctor-maven-plugin from 2.2.2 to 2.2.3 (#​437) @​dependabot
• Bump asciidoctorj from 2.5.7 to 2.5.8 (#​435) @​dependabot
• Bump plugin from 4.61 to 4.62 (#​436) @​dependabot

v1236.v31e44e6060c0

Compare Source

🚀 New features and improvements

• Apply upcoming core styling to file upload (#​403) @​timja
• Simplify Manage Jenkins items naming + change icons (#​417) @​janfaracik

👻 Maintenance

• Adapt to https://github.com/jenkinsci/jenkins/pull/7293 (#​385) @​basil

📦 Dependency updates

• Bump plugin from 4.55 to 4.61 (#​433) @​dependabot

v1224.vc23ca_a_9a_2cb_0

Compare Source

🐛 Bug fixes

• JENKINS-69379 - Removed obsolete styling in the Add button (#​422) @​julieheard

📦 Dependency updates

• Bump jruby-complete from 9.3.9.0 to 9.4.1.0 (#​413) @​dependabot
• Bump asciidoctorj-pdf from 2.3.3 to 2.3.4 (#​399) @​dependabot
• Bump xmlunit-matchers from 2.9.0 to 2.9.1 (#​407) @​dependabot
• Bump bom-2.375.x from 1678.vc1feb_6a_3c0f1 to 1836.vfe602c266c05 (#​415) @​dependabot
• Bump plugin from 4.52 to 4.55 (#​416) @​dependabot
• Bump plugin from 4.50 to 4.52 (#​397) @​dependabot

v1214.v1de940103927

Compare Source

🐛 Bug fixes

• JENKINS-68791 - Missing icon for global credential store (#​377) @​ridemountainpig

👻 Maintenance

• JENKINS-69653 - Un-inlining dialog.jelly (#​378) @​Pldi23
• Move app-bar to main panel (#​366) @​timja

✍️ Other changes

• Add Java 17 to test matrix (#​387) @​NotMyFault
• chore: use jenkins infra maven cd reusable workflow (#​325) @​jetersen

📦 Dependency updates

• Bump plugin from 4.49 to 4.50 (#​389) @​dependabot
• Bump asciidoctorj from 2.5.5 to 2.5.7 (#​381) @​dependabot
• Bump jruby-complete from 9.3.4.0 to 9.3.9.0 (#​382) @​dependabot
• Bump asciidoctorj-pdf from 2.3.0 to 2.3.3 (#​380) @​dependabot
• Bump plugin from 4.47 to 4.49 (#​384) @​dependabot

v1189.vf61b_a_5e2f62e

Compare Source

🚀 New features and improvements

• Modernize UI (#​364) @​timja

👻 Maintenance

• Update CD template to recommended version (fixes release) (#​375) @​timja

✍️ Other changes

• Re-align plugin with LTS line (#​360) @​NotMyFault
• Move chinese translation to localization-zh-cn-plugin (#​331) @​yuezhuangshi
• Remove deprecated java.level property (#​363) @​basil
• Prevent type error from loading non element (#​312) @​timja
• Remove deprecated java.level (#​347) @​offa

📦 Dependency updates

• Bump antlr4.version from 4.9.3 to 4.11.1 (#​367) @​dependabot
• Bump jenkins-infra/jenkins-maven-cd-action from 1.3.1 to 1.3.2 (#​371) @​dependabot
• Bump git-changelist-maven-extension from 1.3 to 1.4 (#​368) @​dependabot
• Bump actions/setup-java from 3.4.1 to 3.5.0 (#​372) @​dependabot
• Bump asciidoctorj-pdf from 1.6.2 to 2.3.0 (#​358) @​dependabot
• Bump actions/setup-java from 2 to 3.4.1 (#​341) @​dependabot
• Bump asciidoctorj from 2.5.3 to 2.5.5 (#​349) @​dependabot
• Bump plugin from 4.40 to 4.47 (#​359) @​dependabot
• Bump jenkins-infra/jenkins-maven-cd-action from 1.2.0 to 1.3.1 (#​324) @​dependabot
• Bump jenkins-infra/interesting-category-action from 1.0.0 to 1.2.0 (#​323) @​dependabot
• Bump jenkins-infra/verify-ci-status-action from 1.2.0 to 1.2.1 (#​322) @​dependabot

v1143.vb_e8b_b_ceee347

Compare Source

👻 Maintenance

• Remove folder-store from array (#​346) @​NotMyFault

📦 Dependency updates

• Bump plugin from 4.40 to 4.46 and accompanying changes (#​356) @​Pldi23

v1139.veb_9579fca_33b_

Compare Source

🐛 Bug fixes

• Add snapshot taker for special StandardUsernamePasswordCredentials impls (#​327) @​jamesrobson-secondmind

📝 Documentation updates

• error: annotated nested classes must be static (#​333) @​timja
• Reword sentence (#​332) @​timja

👻 Maintenance

• JENKINS-68674 - Clean up unused icon (#​321) @​twasyl

v1129.vef26f5df883c

Compare Source

🐛 Bug fixes

• JENKINS-68616 - Enable field validation checks (#​316) @​MarkEWaite

v1126.ve05618c41e62

Compare Source

🚀 New features and improvements

• Add CredentialsUseListener to improve tracking of Credentials usage (#​295) @​meiswjn

v1118.v320cd028cb_a_0

Compare Source

🐛 Bug fixes

• Fix button size of "+ Add" (#​296) @​NotMyFault

📦 Dependency updates

• Bump bom-2.332.x from 1210.vcd41f6657f03 to 1246.va_b_50630c1d19 (#​298) @​dependabot
• Bump plugin from 4.38 to 4.40 (#​299) @​dependabot

v1112.vc87b_7a_3597f6

Compare Source

Fix SECURITY-2617

v1111.v35a_307992395

Compare Source

🚀 New features and improvements

• Use new table style (#​251) @​farodin91

v1105.vb_4e24a_c78b_81

Compare Source

🚀 New features and improvements

• Modernise UI (#​287) @​timja
• Update icon SVG (#​283) @​NotMyFault

📦 Dependency updates

• Bump jruby-complete from 9.3.2.0 to 9.3.4.0 (#​292) @​dependabot

v1087.1089.v2f1b_9a_b_040e4

Compare Source

v1087.v16065d268466

Compare Source

🚀 New features and improvements

• Introduce Credentials.forRun to contextualize secrets (#​293) @​jglick

📦 Dependency updates

• Bump jruby-complete from 9.3.2.0 to 9.3.4.0 (#​292) @​dependabot
• Bump asciidoctorj from 2.5.2 to 2.5.3 (#​273) @​dependabot
• Bump xmlunit-matchers from 2.8.4 to 2.9.0 (#​277) @​dependabot
• Bump asciidoctor-maven-plugin from 2.2.1 to 2.2.2 (#​278) @​dependabot
• Bump actions/checkout from 2.4.0 to 3 (#​286) @​dependabot
• Bump metainf-services from 1.8 to 1.9 (#​294) @​dependabot
• Update Jenkins baseline to 2.319.x (#​291) @​jglick

v1074.1076.v39c30cecb_0e2

Compare Source

v1074.v60e6c29b_b_44b_

Compare Source

🚀 New features and improvements

• Refer to icons using classes instead of filenames (#​248) @​zbynek

📦 Dependency updates

• Bump plugin from 4.31 to 4.33 (#​271) @​dependabot
• Bump parent POM (#​272) @​jglick
• Bump asciidoctorj-pdf from 1.6.0 to 1.6.2 (#​268) @​dependabot
• Bump bom-2.303.x from 1083.vb6e5d3561904 to 1090.v0a_33df40457a_ (#​270) @​dependabot
• Bump bom-2.303.x from 1036.v9f5a1aba8fab to 1083.vb6e5d3561904 (#​267) @​dependabot

👻 Maintenance

• Simplify POM (#​269) @​jglick

v1061.vb_1fceb_58fa_18

Compare Source

🐛 Bug fixes

• JENKINS-67132 - Default UsernamePasswordCredentialsImpl.usernameSecret without readResolve (#​266) @​jglick

📦 Dependency updates

• Bump xmlunit-matchers from 2.8.3 to 2.8.4 (#​260) @​dependabot
• Bump actions/checkout from 2.3.4 to 2.4.0 (#​259) @​dependabot
• Bump jenkins-infra/jenkins-maven-cd-action from 1.1.0 to 1.2.0 (#​258) @​dependabot
• Bump git-changelist-maven-extension from 1.2 to 1.3 (#​265) @​dependabot

v1055.v1346ba467ba1

Compare Source

🐛 Bug fixes

• JENKINS-67170 - Complete conversion of Descriptor.class.name to Descriptor.id (#​256) @​jglick

📦 Dependency updates

• Bump antlr4.version from 4.9.2 to 4.9.3 (#​247) @​dependabot
• Bump bom-2.303.x from 966.v3857b7c82032 to 1036.v9f5a1aba8fab (#​253) @​dependabot
• Bump plugin from 4.29 to 4.31 (#​245) @​dependabot
• Bump jruby-complete from 9.3.1.0 to 9.3.2.0 (#​252) @​dependabot

👻 Maintenance

• Forgot to git add .github/workflows/cd.yaml (#​257) @​jglick
• Enable CD (#​254) @​jglick

v2.6.2: 2.6.2

Compare Source

💥 Known issues

Credentials may be unavailable after upgrade under some configurations: JENKINS-67170

🚀 New features and improvements

This release requires Jenkins 2.308, this is required due to icon improvements that happened in that release. Your Jenkins instance will select the last available version automatically if you are running older than 2.308

• Add config as code support for credentials configuration (#​235) @​timja
• JENKINS-66639 - adding explict jcasc symbol on CertificateCredentialImpl and UsernamePasswordCredentialsImpl classes (#​227) @​aHenryJard
• JENKINS-66699 - Exchange default PNGs with SVG icons (#​230) @​NotMyFault

🐛 Bug fixes

• fix: Address post merge comment (Improvement of userpass.svg) (#​236) @​NotMyFault

📦 Dependency updates

• Bump plugin from 4.27 to 4.29 (#​239) @​dependabot
• Bump jruby-complete from 9.3.0.0 to 9.3.1.0 (#​240) @​dependabot
• Bump xmlunit-matchers from 2.8.2 to 2.8.3 (#​241) @​dependabot
• Bump cloudbees-folder from 6.15 to 6.16 (#​233) @​dependabot
• Bump asciidoctorj from 2.5.1 to 2.5.2 (#​234) @​dependabot
• Bump bom-2.222.x from 831.v9814430e6383 to 887.vae9c8ac09ff7 (#​217) @​dependabot
• Bump git-changelist-maven-extension from 1.0-beta-7 to 1.2 (#​218) @​dependabot
• Bump asciidoctor-maven-plugin from 2.1.0 to 2.2.1 (#​222) @​dependabot
• Bump jruby-complete from 9.2.17.0 to 9.3.0.0 (#​231) @​dependabot
• Bump plugin from 4.19 to 4.27 (#​232) @​dependabot

👻 Maintenance

• Code improvements (#​228) @​offa

🚦 Tests

• Enable JDK11 in Jenkinsfile (#​238) @​aneveux

v2.6.1.1

Compare Source

v2.6.1: 2.6.1

Compare Source

Clean version of 2.6 (correct checksum).

v2.5: 2.5

Compare Source

🚀 New features and improvements

• JENKINS-44860 - UsernameCredentials.isUsernameSecret (#​205) @​jglick

📦 Dependency updates

• Bump asciidoctorj-pdf from 1.5.4 to 1.6.0 (#​209) @​dependabot
• Bump bom-2.222.x from 807.v6d348e44c987 to 831.v9814430e6383 (#​211) @​dependabot
• Bump plugin from 4.18 to 4.19 (#​212) @​dependabot

v2.4.1: 2.4.1

Compare Source

• Using BOM version for JCasC dependency

v2.4.0.1

Compare Source

v2.4: 2.4

Compare Source

🐛 Bug fixes

• JENKINS-63761 - Certificate upload correction (#​208) @​Wadeck

📦 Dependency updates

• Bump bom-2.222.x from 29 to 807.v6d348e44c987 (#​204) @​dependabot
• Bump asciidoctorj from 2.5.0 to 2.5.1 (#​202) @​dependabot
• Bump jcasc.version from 1.50 to 1.51 (#​206) @​dependabot
• Bump jcasc.version from 1.48 to 1.50 (#​203) @​dependabot
• Bump jcasc.version from 1.47 to 1.48 (#​200) @​dependabot
• Bump asciidoctorj from 2.4.3 to 2.5.0 (#​199) @​dependabot
• Bump bom-2.222.x from 28 to 29 (#​198) @​dependabot

v2.3.19: 2.3.19

Compare Source

🔒 Security fixes

• SECURITY-2349 - Reflected XSS vulnerability

v2.3.18: 2.3.18

Compare Source

📦 Dependency updates

• Bump bom-2.222.x from 27 to 28 (#​196) @​dependabot
• Bump plugin from 4.17 to 4.18 (#​195) @​dependabot

📝 Documentation updates

• JENKINS-65398 - terminology update (#​197) @​aHenryJard

v2.3.17: 2.3.17

Compare Source

Performance improvements

• JENKINS-65333 - Sort credentials entries only for UI (#​194) @​Vlatombe

📦 Dependency updates

• Bump jruby-complete from 9.2.16.0 to 9.2.17.0 (#​192) @​dependabot
• Bump jruby-complete from 9.2.14.0 to 9.2.16.0 (#​188) @​dependabot
• Bump asciidoctorj from 2.4.2 to 2.4.3 (#​184) @​dependabot
• Bump bom-2.222.x from 23 to 26 (#​189) @​dependabot
• Bump asciidoctorj-pdf from 1.5.3 to 1.5.4 (#​179) @​dependabot
• Bump antlr4.version from 4.9.1 to 4.9.2 (#​190) @​dependabot
• Bump plugin from 4.16 to 4.17 (#​191) @​dependabot
• Bump bom-2.222.x from 26 to 27 (#​193) @​dependabot

v2.3.15.1

Compare Source

v2.3.15: 2.3.15

Compare Source

📦 Dependency updates

• Bump antlr4.version from 4.5 to 4.9.1 (#​174) [@​dependabot](https://redirec

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.