chore(deps): update dependency org.owasp:dependency-check-maven from v12.1.3 to v12.1.9 #838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

renovate merged 1 commit into rutebanken_develop from renovate/patch-owasp-dependency-check-plugin.version

Nov 21, 2025

renovate bot commented Nov 20, 2025

This PR contains the following updates:

Package	Change	Age	Confidence
org.owasp:dependency-check-maven (source)	`12.1.3` -> `12.1.9`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

`v12.1.9`

fix: correct bundle audit gem in Dockerfile (#8121)
fix: normalization during comparisons (#8046)
docs: document multiple configurations for gradle (#8111)
docs: fix typos in some files (#8106)
docs: Update SBT plugin link; fix dead report link (#8086)
chore: Replace deprecated lucene methods (#8079)
docs: fix #8076 - Error in documentation "Suppressing False Positives" (#8077)
fix(fp): Improve false positive suppression for matches against golang web_project (#8059)
fix(fp): Consolidate/update icu4j suppressions for false positives (#8062)
fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#8063)
fix(fp): Suppress false positive CPEs for protobuf-java per #7854 (#8064)

See the full listing of changes

`v12.1.8`

fix: improve VulnerableSoftware comparison (#8031)
build: fix flaky central test (#8039)
docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#8036)
docs: add note about central analyzer for gradle (#8038)

See the full listing of changes

`v12.1.7`

fix: disable central analyzer after failures (#7993)
fix: Suppress JVM warnings from Lucene within CLI (#8003)
fix: Clean up Apache Lucene logging via SLF4j redirect (#7979)
fix: Correct Archive Analyzer behaviour on certain tgz archives (#7986)
fix: Update NVD CPE search URLs in generated reports to match new search interface (#7970)
fix: improve OSS Index Error Reporting (#7977)
fix(fp): Consolidate false positive suppression for false positives on Redis client libs (#8017)
fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#7994)
docs: improve slack notification documentation (#8026)
docs: Documentation artifactory settings fix (#7999)
docs: Clarify Nexus Analyzer requirements and usage (#8000)
build: Build amd64 and arm64 multi-platform Docker image (#7952)

See the full listing of changes

`v12.1.6`

fix: Disable OSS Index if its credentials are missing (#7963)
fix: Correct CVSSv4 parsing for low precision OSSIndex values (#7935)
fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#7942)
docs: Fix legacy GitHub links within docs and CHANGELOG (#7944)
chore: fix version typo in security policy (#7936)

See the full listing of changes

`v12.1.5`

fix: Update to support OSS Index Authentication Requirements (#7920)
- Note: OSS Index will require authentication starting 9/22/2025. Users must configure a free account to continue using the OSS Index Analyzer. See https://ossindex.sonatype.org/doc/auth-required.
fix: add CVSSv4 to suppressed entries in JSON report (#7900)
fix: correctly utilize CVSSv4 from ossindex (#7899)
fix: npe when processing cve with empty configuration (#7888)
fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod (#7848)
fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod
fix: class loading problem with fat jars (#7786) (#7787)
fix: Improve Artifactory handler log message (#7838)
fix: classloading problem with fat jars (#7786)
fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. (#7784)
fix(fp): resolves several false positives related to CVE-2021-41033 (#7736)
docs: Clarify format of exclude patterns (#7879)
docs: Document poetry-based analysis behaviour in Python analyzer (#7855)
docs: request FP reporters use the latest version of ODC. (#7820)
docs: update development pre-reqs (#7792)
docs: fix minor typos in false positive issue template (#7763)

See the full listing of changes

`v12.1.4`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          chore(deps): update dependency org.owasp:dependency-check-maven from …

d3a75f7

…v12.1.3 to v12.1.9

sonarqubecloud bot commented Nov 20, 2025

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

renovate bot merged commit efe73ed into rutebanken_develop

5 checks passed

renovate bot deleted the renovate/patch-owasp-dependency-check-plugin.version branch

November 21, 2025 02:48

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet