Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51 #235

dependabot · 2023-11-06T22:57:11Z

Bumps org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51.

Release notes

Sourced from org.jenkins-ci.tools:maven-hpi-plugin's releases.

3.51

📦 Dependency updates

Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.17 to 10.0.18 (#552) @dependabot

Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#550) @dependabot

Bump org.jenkins-ci:jenkins from 1.106 to 1.107 (#551) @dependabot

3.50

🐛 Bug fixes

JENKINS-52665 - Treat *-SNAPSHOT mismatches as nonfatal in hpi:validate-hpi (#522) @jglick

👻 Maintenance

Test on Java 21 (#527) @NotMyFault

🚦 Tests

Upgrade plugin parent POM in test suite (#539) @basil

Rename integration test from camel case to kebab case (#536) @basil

Support Ubuntu version of OpenJDK in tests (#535) @basil

📦 Dependency updates

Bump maven-plugin-tools.version from 3.9.0 to 3.10.1 (#549) @dependabot

Bump org.kohsuke.stapler:stapler-groovy from 1814.vdc9dd5217ee2 to 1819.v4a_093e9c82f9 (#548) @dependabot

Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.16 to 10.0.17 (#547) @dependabot

Bump org.jenkins-ci:jenkins from 1.105 to 1.106 (#546) @dependabot

Bump org.ow2.asm:asm-bom from 9.5 to 9.6 (#545) @dependabot

Bump commons-io:commons-io from 2.13.0 to 2.14.0 (#544) @dependabot

Bump org.kohsuke.stapler:stapler-groovy from 1802.1804.va_8d30483a_7f7 to 1814.vdc9dd5217ee2 (#542) @dependabot

Bump org.kohsuke.stapler:stapler-groovy from 1802.v9e2750160d01 to 1802.1804.va_8d30483a_7f7 (#540) @dependabot

Bump org.jenkins-ci:jenkins from 1.104 to 1.105 (#529) @dependabot

3.49

📦 Dependency updates

Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.15 to 10.0.16 (#530) @dependabot

Bump org.apache.ant:ant from 1.10.13 to 1.10.14 (#528) @dependabot

Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.9 (#531) @dependabot

Bump actions/checkout from 3 to 4 (#533) @dependabot

Bump org.jenkins-ci:jenkins from 1.103 to 1.104 (#526) @dependabot

Update dependency org.apache.maven.skins:maven-fluido-skin to v1.12.0 (#525) @renovate

3.48

🐛 Bug fixes

... (truncated)

Commits

b2a4cb2 [maven-release-plugin] prepare release maven-hpi-plugin-3.51
851ea4d Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.17 to 10.0.18 (#552)
d5de4e5 Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#550)
815df83 Bump org.jenkins-ci:jenkins from 1.106 to 1.107 (#551)
254cd8d [maven-release-plugin] prepare for next development iteration
c9bcf9d [maven-release-plugin] prepare release maven-hpi-plugin-3.50
4017b51 Merge pull request #522 from jglick/nonfatal-snapshot-comparisons-JENKINS-52665
19a091a Bump maven-plugin-tools.version from 3.9.0 to 3.10.1 (#549)
911055c Bump org.kohsuke.stapler:stapler-groovy (#548)
ed3c35a Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.16 to 10.0.17 (#547)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [org.jenkins-ci.tools:maven-hpi-plugin](https://github.com/jenkinsci/maven-hpi-plugin) from 3.35 to 3.51. - [Release notes](https://github.com/jenkinsci/maven-hpi-plugin/releases) - [Commits](jenkinsci/maven-hpi-plugin@maven-hpi-plugin-3.35...maven-hpi-plugin-3.51) --- updated-dependencies: - dependency-name: org.jenkins-ci.tools:maven-hpi-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…hpi-plugin-3.51

github-actions · 2024-02-06T14:40:52Z

Checkmarx One – Scan Summary & Details – 8b0ef9fe-793c-436b-9ce9-2d741d6dd95f

New Issues

Issue	Source File / Package	Checkmarx Insight
Unpinned Actions Full Length Commit SHA	/dependabot-auto-merge.yml: 23	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/ast-scan.yml: 12	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/delete-dev-releases.yml: 28	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 109	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/dependabot-auto-merge.yml: 14	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 93	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 54	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 46	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 85	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
Unpinned Actions Full Length Commit SHA	/cd.yml: 64	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2014-0114	Maven-commons-beanutils:commons-beanutils-1.9.3
	CVE-2014-0225	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2016-1000027	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2016-1000027	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2016-9878	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2018-1272	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2019-10086	Maven-commons-beanutils:commons-beanutils-1.9.3
	CVE-2019-17571	Maven-log4j:log4j-1.2.17
	CVE-2021-35515	Maven-org.apache.commons:commons-compress-1.19
	CVE-2021-35516	Maven-org.apache.commons:commons-compress-1.19
	CVE-2021-35517	Maven-org.apache.commons:commons-compress-1.19
	CVE-2021-36090	Maven-org.apache.commons:commons-compress-1.19
	CVE-2021-4104	Maven-log4j:log4j-1.2.17
	CVE-2022-22965	Maven-org.springframework:spring-beans-2.5.6.SEC03
	CVE-2022-23302	Maven-log4j:log4j-1.2.17
	CVE-2022-23305	Maven-log4j:log4j-1.2.17
	CVE-2022-23307	Maven-log4j:log4j-1.2.17
	CVE-2022-42003	Maven-com.fasterxml.jackson.core:jackson-databind-2.13.4
	Cx78f40514-81ff	Maven-commons-collections:commons-collections-3.2.2
	CVE-2010-3700	Maven-org.acegisecurity:acegi-security-1.0.7
	CVE-2011-2894	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2011-2894	Maven-org.springframework:spring-context-2.5.6.SEC03
	CVE-2013-2160	Maven-org.codehaus.woodstox:wstx-asl-3.2.9
	CVE-2013-6429	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2013-6430	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2013-7315	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2014-0054	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2014-1904	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2014-3578	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2014-3625	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2018-10237	Maven-com.google.guava:guava-11.0.1
	CVE-2018-11039	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2018-11040	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2018-11040	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2018-1271	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2020-17521	Maven-org.codehaus.groovy:groovy-all-2.4.12
	CVE-2020-5397	Maven-org.springframework:spring-webmvc-2.5.6.SEC03
	CVE-2020-5397	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2020-5421	Maven-org.springframework:spring-web-2.5.6.SEC03
	CVE-2021-22060	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2021-22096	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2021-36373	Maven-org.apache.ant:ant-1.10.9
	CVE-2021-36374	Maven-org.apache.ant:ant-1.10.9
	CVE-2022-22950	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2022-22968	Maven-org.springframework:spring-context-2.5.6.SEC03
	CVE-2022-22970	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2022-22970	Maven-org.springframework:spring-beans-2.5.6.SEC03
	CVE-2022-22971	Maven-org.springframework:spring-core-2.5.6.SEC03
	CVE-2020-8908	Maven-com.google.guava:guava-11.0.1

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 6, 2023

dependabot bot requested a review from diogopcx November 6, 2023 22:57

dependabot bot mentioned this pull request Nov 6, 2023

Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.50 #234

Closed

github-actions bot enabled auto-merge November 6, 2023 22:57

pedrompflopes approved these changes Nov 6, 2023

View reviewed changes

Merge branch 'main' into dependabot/maven/org.jenkins-ci.tools-maven-…

95445f2

…hpi-plugin-3.51

pedrompflopes disabled auto-merge February 6, 2024 14:37

pedrompflopes merged commit 7ca3425 into main Feb 6, 2024
2 of 5 checks passed

pedrompflopes deleted the dependabot/maven/org.jenkins-ci.tools-maven-hpi-plugin-3.51 branch February 6, 2024 14:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51 #235

Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51 #235

dependabot bot commented on behalf of github Nov 6, 2023 •

edited

Loading

github-actions bot commented Feb 6, 2024

Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51 #235

Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.35 to 3.51 #235

Conversation

dependabot bot commented on behalf of github Nov 6, 2023 • edited Loading

3.51

📦 Dependency updates

3.50

🐛 Bug fixes

👻 Maintenance

🚦 Tests

📦 Dependency updates

3.49

📦 Dependency updates

3.48

🐛 Bug fixes

github-actions bot commented Feb 6, 2024

New Issues

Fixed Issues

dependabot bot commented on behalf of github Nov 6, 2023 •

edited

Loading