Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump org.jenkins-ci.plugins:plugin from 4.51 to 4.76 #239

Merged
merged 2 commits into from
Feb 6, 2024
Merged

Bump org.jenkins-ci.plugins:plugin from 4.51 to 4.76 #239

merged 2 commits into from
Feb 6, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 11, 2023
edited
Loading

Bumps org.jenkins-ci.plugins:plugin from 4.51 to 4.76.

Release notes

Sourced from org.jenkins-ci.plugins:plugin's releases.

4.76

🚀 New features and improvements

👻 Maintenance

  • Remove unnecessary workaround (#873) @​basil
  • Define maven.compiler.testRelease in terms of maven.compiler.release (#850) @​basil

📦 Dependency updates

  • Bump org.jenkins-ci.main:jenkins-test-harness from 2116.v25a_e7e33f4b_2 to 2129.v09f309d2339c (#875) @​dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 (#872) @​dependabot
  • Bump com.diffplug.spotless:spotless-maven-plugin from 2.40.0 to 2.41.1 (#871) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2112.ve584e0edc63b_ to 2116.v25a_e7e33f4b_2 (#870) @​dependabot
  • Bump com.github.eirslett:frontend-maven-plugin from 1.14.2 to 1.15.0 (#868) @​dependabot
  • Bump org.mockito:mockito-bom from 5.7.0 to 5.8.0 (#867) @​dependabot
  • Bump org.codehaus.mojo:build-helper-maven-plugin from 3.4.0 to 3.5.0 (#865) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2109.v930e1e518c15 to 2112.ve584e0edc63b_ (#862) @​dependabot
  • Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.4.5 to 3.5.0 (#863) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2105.v5a_7b_f123294f to 2109.v930e1e518c15 (#860) @​dependabot
  • Bump maven-surefire-plugin.version from 3.2.1 to 3.2.2 (#854) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2104.v8d1866dd0ea_f to 2105.v5a_7b_f123294f (#857) @​dependabot
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.1.0 (#856) @​dependabot
  • Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.2 (#855) @​dependabot
  • Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#851) @​dependabot
  • Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0 (#852) @​dependabot
  • Bump org.mockito:mockito-bom from 5.6.0 to 5.7.0 (#853) @​dependabot
  • Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.50 to 3.51 (#849) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2099.vc95b_86578f37 to 2104.v8d1866dd0ea_f (#848) @​dependabot

4.75

👻 Maintenance

📦 Dependency updates

  • Bump org.jenkins-ci.tools:maven-hpi-plugin from 3.49 to 3.50 (#841) @​dependabot
  • Bump maven-surefire-plugin.version from 3.1.2 to 3.2.1 (#842) @​dependabot
  • Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.0 to 3.6.1 (#843) @​dependabot
  • Bump org.jenkins-ci.main:jenkins-test-harness from 2090.v6d1706e434a_b_ to 2099.vc95b_86578f37 (#844) @​dependabot
  • Bump com.github.eirslett:frontend-maven-plugin from 1.14.0 to 1.14.2 (#845) @​dependabot
  • Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2 (#846) @​dependabot

... (truncated)

Commits
  • 67a876c [maven-release-plugin] prepare release plugin-4.76
  • 1a36717 Bump org.jenkins-ci.main:jenkins-test-harness (#875)
  • 74a46dc Remove unnecessary workaround (#873)
  • ca56515 Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 (#872)
  • 0bdb39f Bump com.diffplug.spotless:spotless-maven-plugin from 2.40.0 to 2.41.1 (#871)
  • 1458eb6 Bump org.jenkins-ci.main:jenkins-test-harness from 2112.ve584e0edc63b_ to 211...
  • cf685d7 Bump com.github.eirslett:frontend-maven-plugin from 1.14.2 to 1.15.0 (#868)
  • 1bd10b1 Bump org.mockito:mockito-bom from 5.7.0 to 5.8.0 (#867)
  • 9322707 Bump org.codehaus.mojo:build-helper-maven-plugin from 3.4.0 to 3.5.0 (#865)
  • 0ea2645 Ban Jenkins test harness in compile scope (#864)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump org.jenkins-ci.plugins:plugin from 4.51 to 4.76
f35fe70 
Bumps [org.jenkins-ci.plugins:plugin](https://github.com/jenkinsci/plugin-pom) from 4.51 to 4.76.
- [Release notes](https://github.com/jenkinsci/plugin-pom/releases)
- [Changelog](https://github.com/jenkinsci/plugin-pom/blob/master/CHANGELOG.md)
- [Commits](jenkinsci/plugin-pom@plugin-4.51...plugin-4.76)

---
updated-dependencies:
- dependency-name: org.jenkins-ci.plugins:plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 11, 2023
@dependabot dependabot bot requested a review from diogopcx December 11, 2023 22:05
@dependabot dependabot bot mentioned this pull request Dec 11, 2023
Closed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2024

Logo
Checkmarx One – Scan Summary & Detailse3ff9b5b-2abb-41eb-9499-9a69ebe91e5e

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: 12 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 54 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 46 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 85 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 64 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /delete-dev-releases.yml: 28 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 109 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /cd.yml: 93 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2014-0114 Maven-commons-beanutils:commons-beanutils-1.9.3
HIGH CVE-2014-0225 Maven-org.springframework:spring-web-2.5.6.SEC03
HIGH CVE-2016-1000027 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-2.5.6.SEC03
HIGH CVE-2016-9878 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
HIGH CVE-2018-1272 Maven-org.springframework:spring-core-2.5.6.SEC03
HIGH CVE-2019-10086 Maven-commons-beanutils:commons-beanutils-1.9.3
HIGH CVE-2019-17571 Maven-log4j:log4j-1.2.17
HIGH CVE-2021-35515 Maven-org.apache.commons:commons-compress-1.19
HIGH CVE-2021-35516 Maven-org.apache.commons:commons-compress-1.19
HIGH CVE-2021-35517 Maven-org.apache.commons:commons-compress-1.19
HIGH CVE-2021-36090 Maven-org.apache.commons:commons-compress-1.19
HIGH CVE-2021-4104 Maven-log4j:log4j-1.2.17
HIGH CVE-2022-22965 Maven-org.springframework:spring-beans-2.5.6.SEC03
HIGH CVE-2022-23302 Maven-log4j:log4j-1.2.17
HIGH CVE-2022-23305 Maven-log4j:log4j-1.2.17
HIGH CVE-2022-23307 Maven-log4j:log4j-1.2.17
HIGH CVE-2022-42003 Maven-com.fasterxml.jackson.core:jackson-databind-2.13.4
HIGH Cx78f40514-81ff Maven-commons-collections:commons-collections-3.2.2
MEDIUM CVE-2010-3700 Maven-org.acegisecurity:acegi-security-1.0.7
MEDIUM CVE-2011-2894 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2011-2894 Maven-org.springframework:spring-context-2.5.6.SEC03
MEDIUM CVE-2013-2160 Maven-org.codehaus.woodstox:wstx-asl-3.2.9
MEDIUM CVE-2013-6429 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2013-6430 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2013-7315 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2014-0054 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2014-1904 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
MEDIUM CVE-2014-3578 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2014-3625 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-11.0.1
MEDIUM CVE-2018-11039 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2018-11040 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
MEDIUM CVE-2018-11040 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2018-1271 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
MEDIUM CVE-2020-17521 Maven-org.codehaus.groovy:groovy-all-2.4.12
MEDIUM CVE-2020-5397 Maven-org.springframework:spring-webmvc-2.5.6.SEC03
MEDIUM CVE-2020-5397 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2020-5421 Maven-org.springframework:spring-web-2.5.6.SEC03
MEDIUM CVE-2021-22060 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2021-22096 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2021-36373 Maven-org.apache.ant:ant-1.10.9
MEDIUM CVE-2021-36374 Maven-org.apache.ant:ant-1.10.9
MEDIUM CVE-2022-22950 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2022-22968 Maven-org.springframework:spring-context-2.5.6.SEC03
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-core-2.5.6.SEC03
MEDIUM CVE-2022-22970 Maven-org.springframework:spring-beans-2.5.6.SEC03
MEDIUM CVE-2022-22971 Maven-org.springframework:spring-core-2.5.6.SEC03
LOW CVE-2020-8908 Maven-com.google.guava:guava-11.0.1

@github-actions github-actions bot merged commit 35b2b92 into main Feb 6, 2024
4 of 6 checks passed
@github-actions github-actions bot deleted the dependabot/maven/org.jenkins-ci.plugins-plugin-4.76 branch February 6, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedrompflopes pedrompflopes pedrompflopes approved these changes

@diogopcx diogopcx Awaiting requested review from diogopcx

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pedrompflopes