Skip to content
Snippets Groups Projects

Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1

Merged Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1
dependabot-maven-org.owasp-dependency-check-maven-12.1.1 into master
Merged Dependabot requested to merge dependabot-maven-org.owasp-dependency-check-maven-12.1.1 into master

Bumps org.owasp:dependency-check-maven from 12.1.0 to 12.1.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.1 (2025-04-05)

  • fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
    • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
  • fix: update links for repository move from jeremylong to the dependency-check organization (#7373)
  • fix: resolve NPE when processing CVE-2025-2682 (#7558)
  • fix: prevent rogue base suppression files (#7544)
  • fix: #6819 handle invalid toml file (#7548)
  • fix: Use unscored severity only in absence of any CVSS baseScore (#7530)
  • fix: protect against exotic version number of yarn (#7525)
  • fix: Ignore require-bundle MANIFEST.MF entry for evidence (#7523)
  • fix: avoid error on yarn berry audit when no vulnerability found (#7501)
  • fix: improve null checks in Downloader (#7493)
  • fix: improve null checks resolves dependency-check/dependency-check-gradle#441
  • fix: Avoid FPs when Composer product name has php (#7486)
  • fix: cli not honoring window paths correctly (#7470)
  • fix: Also apply muteNoisyLoggers to UpdateMojo (#7469)
  • fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#7437)
  • docs: sync the supported Maven version with the one stated in the system requirement section (#7570)
  • docs: update proxy config documentation (#7550)
  • docs: Remove copyright as requested by the Apache foundation
  • docs: drop redundant text in the Internet Access Required section (#7521)
  • docs: correct gradle documentation (#7511)

See the full listing of changes

Commits
  • 67cccfb build: prepare release v12.1.1
  • d7f876d docs: release 12.1.1
  • f7e3d05 build(deps): bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
  • 20c62ec build(deps-dev): bump io.netty:netty-codec-http from 4.1.119.Final to 4.2.0.F...
  • c0a8a52 build(deps-dev): bump io.netty:netty-codec-http
  • 35b7a16 docs: sync the supported Maven version with the one stated in the system requ...
  • 511710f build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 (#7571)
  • b231423 build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (#7568)
  • 1491689 build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 t...
  • 288458c build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 t...
  • Additional commits viewable in compare view

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
Please register or sign in to reply