Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.owasp:dependency-check-maven to v8.4.2 #406

Merged
merged 1 commit into from
Oct 29, 2023
Merged

Update dependency org.owasp:dependency-check-maven to v8.4.2 #406

merged 1 commit into from
Oct 29, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 28, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 8.0.1 -> 8.4.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

jeremylong/DependencyCheck (org.owasp:dependency-check-maven)

v8.4.2

Compare Source

  • fix: correct log configuration in cli (#​6002)

See the full listing of changes.

v8.4.1

Compare Source

Fixed
  • fix: upgrade to JCS3 (#​5114)
  • fix: Support ~= version specifier in requirements.txt and pipfile (#​5902)
  • fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#​5901)
  • fix: Do not filter out evidences added by hints (#​5900)
  • fix: fixes FP #​5925 (#​5927)

See the full listing of changes.

v8.4.0

Compare Source

Added
  • feat: Add support for Nexus v3 to NexusAnalyzer (#​5849)
Fixed
  • fix: Hint Analyzer should run before VersionFilter Analyzer (#​5818)
  • chore: switch to sha1-pinning as suggested by Semgrep
  • fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#​5845)
  • fix: use curl with -L to follow github redirect (#​5808)
  • fix: use curl with -L to follow github redirect
  • fix: #​5671 out of memory error (#​5789)
  • fix: #​5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

See the full listing of changes.

v8.3.1

Compare Source

Re-release of 8.3.0 as 8.3.1.

v8.3.0

Compare Source

Added
  • Add LibmanAnalyzer (#​5652)
  • Update HTML report Dependencies header based on display settings (#​5619)
  • Add link to suppressed vulnerabilities header in HTML report (#​5620)
  • Enable local proxy configuration in maven plugin configuration (#​5696)
Fixed
  • Fix npm alias present in requires of dependencies (#​5703)
  • Make Central URL configurable via CLI (#​5667)
  • Ensure support of CVSSv3.1 (#​5602)

See the full listing of changes.

v8.2.1

Compare Source

Fixed
  • NullPointerException in MSBuildAnalyzer (#​5589)
  • SQL Syntax for Oracle (#​5590)
  • Use https:// URLs in report templates (#​5582)

See the full listing of changes.

v8.2.0

Compare Source

Added
  • Support msbuild Directory.build.props (#​5475)
  • better display of NPM audit references
  • Add CVSS V3 results from NPM Audit results
Fixed
  • Fix several issues on NPM Audit reporting (#​5546)
  • Case issue in SQL (#​5557)
  • Fix CWE(s) extraction for NPM Audit advisories
  • Use the stable github_advisory_id instead of the now unstable id in NPM audit results

See the full listing of changes.

v8.1.2

Compare Source

Fixed
  • Fix NullPointerException in the Jar Analyzer introduced in 8.1.1 (#​5512)

See the full listing of changes.

v8.1.1

Compare Source

Fixed
  • allow hosted suppressions file to be disabled (#​5509)
  • Several FPs not suitable for our automation (#​5504)
  • Fix incorrect defaults for nexus and central-analyzer in gradle plugin documentation (#​5503)
  • Erroneous error-log for deprecated CLI flag usage when using properyfile based disablement of Node Audit Analyzer (#​5487)
  • Prefer pom.properties G/A/V over pom.xml G/A/V to resolve GAV interpolation issues (#​5473)
  • Node package dependencies ending up as related dependency of the wrong version of the package (#​5479)
  • do not throw error if pyproject.toml is in node_modules (#​5470)

See the full listing of changes.

v8.1.0

Compare Source

Added
  • Pipefile.lock files are now supported (#​5404).
  • Python projects with only a pyproject.toml but no lock file or requirements will report an error as ODC is unable to analyze the project (#​5409).
Fixed
  • Some maven projects caused false positives due to bad string interpolation (#​5421).
  • Error message from Assembly Analyzer has been updated to emphasize dotnet 6 is required for analysis (#​5408).
  • Correct issue where database defrag occurs even when no updates were performed (#​5441).
  • Fixed several False Positives and one False Negative.
  • Fixed the format configuration more flexible in the gradle plugin (dependency-check-gradle/#​324).

See the full listing of changes.

v8.0.2

Compare Source

Fixed
  • Resolved bug causing an issue with some Maven Extensions (#​5366).
  • ArchiveAnalyzer will now correctly throw an exception if it cannot open an Archive (#​5371).
  • Updated CSV report so that it no longer has a duplicate description column (#​5364).
  • Moved several logging statements to trace which should drastically reduce the log size (#​5350).
  • Fixed bug with RetireJS' --retirejsFilterNonVulnerable and --retirejsFilter when used with the CLI (#​5351).
  • Fixed the sarif report format and added validation (#​5345 and (#​5363)
  • Fixed MalformedPackageException in the gradle plugin (dependency-check-gradle/#​320).
  • Fixed MissingMethodException in the gradle plugin (dependency-check-gradle/#​316).

See the full listing of changes.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@yegor256
Copy link
Member

@rultor please, try to merge

@rultor
Copy link
Contributor

rultor commented Jan 28, 2023

@rultor please, try to merge

@yegor256 OK, I'll try to merge now. You can check the progress of the merge here

@rultor
Copy link
Contributor

rultor commented Jan 28, 2023

@rultor please, try to merge

@renovate[bot] @yegor256 Oops, I failed. You can see the full log here (spent 4min)

    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:566)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.MojoFailureException: There are test failures.

Please refer to /home/r/repo/target/failsafe-reports for the individual test results.
Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream.
    at org.apache.maven.plugin.surefire.SurefireHelper.throwException (SurefireHelper.java:283)
    at org.apache.maven.plugin.surefire.SurefireHelper.reportExecution (SurefireHelper.java:171)
    at org.apache.maven.plugin.failsafe.VerifyMojo.execute (VerifyMojo.java:201)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:566)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[ERROR] 
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
\u001b[0m\u001b[0mcontainer e3ef1790f8c13c1f264b69c67a3eafc050ddb5277119d7eab7e02d120680ce44 is dead
Sat 28 Jan 2023 03:38:01 PM CET

@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.0.2 Update dependency org.owasp:dependency-check-maven to v8.1.0 Feb 13, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from 0ee524d to 5408f52 Compare February 13, 2023 16:59
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.1.0 Update dependency org.owasp:dependency-check-maven to v8.1.1 Feb 27, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch 2 times, most recently from b4ac75d to b4b787a Compare February 28, 2023 13:12
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.1.1 Update dependency org.owasp:dependency-check-maven to v8.1.2 Feb 28, 2023
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.1.2 Update dependency org.owasp:dependency-check-maven to v8.2.0 Mar 22, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from b4b787a to e8d0e7c Compare March 22, 2023 15:55
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.2.0 Update dependency org.owasp:dependency-check-maven to v8.2.1 Apr 3, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from e8d0e7c to d63faba Compare April 3, 2023 16:26
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.2.1 Update dependency org.owasp:dependency-check-maven to v8.3.0 Jun 12, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from d63faba to f44a535 Compare June 12, 2023 11:50
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.3.0 Update dependency org.owasp:dependency-check-maven to v8.3.1 Jun 12, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from f44a535 to 1b22aec Compare June 12, 2023 13:32
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from 1b22aec to 14d3c6b Compare August 19, 2023 16:35
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.3.1 Update dependency org.owasp:dependency-check-maven to v8.4.0 Aug 19, 2023
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.4.0 Update dependency org.owasp:dependency-check-maven to v8.4.1 Oct 21, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from 14d3c6b to 891fa92 Compare October 21, 2023 16:13
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v8.4.1 Update dependency org.owasp:dependency-check-maven to v8.4.2 Oct 22, 2023
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-8.x branch from 891fa92 to 3d77704 Compare October 22, 2023 13:34
@rultor rultor merged commit 2bd702b into master Oct 29, 2023
2 of 9 checks passed
@renovate renovate bot deleted the renovate/org.owasp-dependency-check-maven-8.x branch October 29, 2023 03:40
@0crat
Copy link

0crat commented Oct 29, 2023

Job gh:jcabi/jcabi-http#406 is not assigned, can't get performer

@0crat
Copy link

0crat commented Oct 29, 2023

There is an unrecoverable failure on my side. Please, submit it here:

PID: 2@e1baa93c-2f33-4919-89a7-cf984b40d659, thread: PQ-C3RUBL5H9
com.zerocracy.farm.strict.StrictProject[122] java.lang.IllegalArgumentException: File "blanks/renovate[bot].xml" is not accessible in "PMO"

1.0-SNAPSHOT: CID: 78ea4d92-2054-4d3f-9e79-c932af66c631, Type: "Close job"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yegor256 @rultor @0crat