profile
viewpoint
Steve Springett stevespringett @ServiceNow Chicago https://springett.us/ I build stuff, I break stuff, I develop stuff to protect stuff. Creator of @DependencyTrack. Chair of @CycloneDX SBOM standard. Core team of @package-url

jeremylong/DependencyCheck 3472

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

DependencyTrack/dependency-track 908

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

stevespringett/nist-data-mirror 148

A simple Java command-line utility to mirror the CVE JSON data from NIST.

stevespringett/disable-webassembly 70

Browser hacks to disable WebAssembly (WASM)

OWASP/Software-Component-Verification-Standard 68

Software Component Verification Standard (SCVS)

OWASP/packman 37

A documentation and tracking project with the goal of making package management systems more secure.

hakbot/hakbot-origin-controller 29

Vendor-Neutral Security Tool Automation Controller (over REST)

stevespringett/Alpine 27

An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies

stevespringett/CPE-Parser 24

A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

stevespringett/cvss-calculator 23

A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

startedJamieMagee/ghsa-offline

started time in 7 hours

issue commentDependencyTrack/dependency-track

Add License Permissions, Restrictions, and Limitations

Another option is to simple get all licenses supported by GitHub via GraphQL:

{ 
  licenses {
    conditions {
      description
      key
      label
    }
    description
    featured
    hidden
    id
    implementation
    key
    limitations {
      description
      key
      label
    }
    name
    nickname
    permissions {
      description
      key
      label
    }
    pseudoLicense
    spdxId
    url
  }
}

Although, at this time, GitHub has only analyzed 13 licenses, so its usefulness may be limited.

stevespringett

comment created time in 15 hours

fork stevespringett/swift-package-sbom

A software bill of materials (SBoM) generator for Swift packages

fork in 16 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha aabc720ad6c476059d110347a0b773393cd4fe3a

[maven-release-plugin] prepare for next development iteration

view details

push time in 21 hours

created tagCycloneDX/cyclonedx-gradle-plugin

tagcyclonedx-gradle-plugin-1.4.1

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

created time in 21 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha c492398e5fd9017c68df30ff9a1d771a4ff38e66

[maven-release-plugin] prepare release cyclonedx-gradle-plugin-1.4.1

view details

push time in 21 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha f908d208460c0101f43f5dbbf7c183d9783c31cb

bump plugin version

view details

push time in 21 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha e5402bc1882270b73fc5c06bbe3e85775f14a201

bump

view details

push time in 21 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha 07d80d4d4ad68d20e2d1b995c04fbe1039ec845b

bump

view details

push time in 21 hours

push eventCycloneDX/cyclonedx-gradle-plugin

Steve Springett

commit sha 0c61851ca2e9d9b93197bd22bffcf8e0b8efb031

Fixed issue that could result in invalid BOMs bring produced if they contain URLs that are invalid.

view details

push time in 21 hours

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha 5036701ed66d12ce365c280819fffe2d0d9b792a

Bump maven-artifact from 3.8.2 to 3.8.4 Bumps [maven-artifact](https://github.com/apache/maven) from 3.8.2 to 3.8.4. - [Release notes](https://github.com/apache/maven/releases) - [Commits](https://github.com/apache/maven/compare/maven-3.8.2...maven-3.8.4) --- updated-dependencies: - dependency-name: org.apache.maven:maven-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha db041e5d3ae93260c67a7d23c74cf638a0bf2054

Merge pull request #1290 from DependencyTrack/dependabot/maven/org.apache.maven-maven-artifact-3.8.4 Bump maven-artifact from 3.8.2 to 3.8.4

view details

push time in 21 hours

PR merged DependencyTrack/dependency-track

Bump maven-artifact from 3.8.2 to 3.8.4 dependencies

Bumps maven-artifact from 3.8.2 to 3.8.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/maven/commit/9b656c72d54e5bacbed989b64718c159fe39b537"><code>9b656c7</code></a> [maven-release-plugin] prepare release maven-3.8.4</li> <li><a href="https://github.com/apache/maven/commit/19c3b917b3604f93fef0583a08e70f8695d3a359"><code>19c3b91</code></a> [MNG-7331] Upgrade Jansi to 2.4.0</li> <li><a href="https://github.com/apache/maven/commit/5c36bf5ef78a162cefea47ccdaf0d28e01c1426c"><code>5c36bf5</code></a> [MNG-7312] Revert ThreadLocal approach from MNG-6843 and MNG-7251</li> <li><a href="https://github.com/apache/maven/commit/fb5f3f5b0f36d3232b0193c1d9b33fd0b36b9601"><code>fb5f3f5</code></a> [MNG-7270] Switch to shell alternative to "which"</li> <li><a href="https://github.com/apache/maven/commit/b6186e2c7714158b5a2709f4af9d40b194c53f55"><code>b6186e2</code></a> Remove swap file</li> <li><a href="https://github.com/apache/maven/commit/21e597ec777f0b74eed4e067b58b6eb8b0c9fad4"><code>21e597e</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/apache/maven/commit/ff8e977a158738155dc465c6a97ffaf31982d739"><code>ff8e977</code></a> [maven-release-plugin] prepare release maven-3.8.3</li> <li><a href="https://github.com/apache/maven/commit/0a6bbb8301717d386e6588a7ea32e3e2451c7060"><code>0a6bbb8</code></a> [MNG-7235] Speed improvements when calculating the sorted project graph</li> <li><a href="https://github.com/apache/maven/commit/8882a9c599013182e42f0c7c321396c23b84dbe0"><code>8882a9c</code></a> [MNG-7164] Add constructor MojoExecutionException(Throwable)</li> <li><a href="https://github.com/apache/maven/commit/ab54d17dc2ec355c1e002e8751739edd9a96fcc3"><code>ab54d17</code></a> [MNG-7253] Display relocation message defined in model</li> <li>Additional commits viewable in <a href="https://github.com/apache/maven/compare/maven-3.8.2...maven-3.8.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 21 hours

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha ffc15d6e811aa9c015ed0120446124f3f1492dd1

Bump mockito-core from 3.12.4 to 4.1.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 3.12.4 to 4.1.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha c8fa5a164afc888a4e6097baed5c19729eda8524

Merge pull request #1287 from DependencyTrack/dependabot/maven/org.mockito-mockito-core-4.1.0 Bump mockito-core from 3.12.4 to 4.1.0

view details

push time in 21 hours

PR merged DependencyTrack/dependency-track

Bump mockito-core from 3.12.4 to 4.1.0 dependencies

Bumps mockito-core from 3.12.4 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mockito/mockito/releases">mockito-core's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h1>Major new feature: <code>@DoNotMock</code></h1> <p>You can now mark classes/interfaces with <code>@org.mockito.DoNotMock</code> to disallow mocking with Mockito. For more information, see our documentation: <a href="https://javadoc.io/doc/org.mockito/mockito-core/latest/org/mockito/DoNotMock.html">https://javadoc.io/doc/org.mockito/mockito-core/latest/org/mockito/DoNotMock.html</a></p> <p><!-- raw HTML omitted --><!-- raw HTML omitted --><em>Changelog generated by <a href="https://github.com/shipkit/shipkit-changelog">Shipkit Changelog Gradle Plugin</a></em><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h4>4.1.0</h4> <ul> <li>2021-11-19 - <a href="https://github.com/mockito/mockito/compare/v4.0.0...v4.1.0">20 commit(s)</a> by Lars Vogel, Mikaël Francoeur, S.YAMAMOTO, Tim van der Lippe, dependabot[bot]</li> <li>Disable memory test [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2480">#2480</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2480">mockito/mockito#2480</a>)</li> <li>Bump appcompat from 1.3.1 to 1.4.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2477">#2477</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2477">mockito/mockito#2477</a>)</li> <li>Bump kotlinVersion from 1.5.31 to 1.6.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2474">#2474</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2474">mockito/mockito#2474</a>)</li> <li>Bump versions.bytebuddy from 1.12.0 to 1.12.1 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2472">#2472</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2472">mockito/mockito#2472</a>)</li> <li>Bump com.diffplug.gradle.spotless from 4.5.1 to 6.0.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2471">#2471</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2471">mockito/mockito#2471</a>)</li> <li>Bump versions.bytebuddy from 1.11.22 to 1.12.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2469">#2469</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2469">mockito/mockito#2469</a>)</li> <li>Bump versions.errorprone from 2.9.0 to 2.10.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2466">#2466</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2466">mockito/mockito#2466</a>)</li> <li>Bump auto-service from 1.0 to 1.0.1 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2463">#2463</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2463">mockito/mockito#2463</a>)</li> <li>Bump actions/checkout from 2.3.5 to 2.4.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2462">#2462</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2462">mockito/mockito#2462</a>)</li> <li>Fixes <a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2460">#2460</a>: Remove a sentence commits to a particular version [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2461">#2461</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2461">mockito/mockito#2461</a>)</li> <li>Clarify Javadoc of RETURNS_SMART_NULLS, default answer in Mockito 4.0.0? [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2460">#2460</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2460">mockito/mockito#2460</a>)</li> <li>Bump versions.bytebuddy from 1.11.21 to 1.11.22 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2458">#2458</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2458">mockito/mockito#2458</a>)</li> <li>Updated readme with the latest Mockito version [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2456">#2456</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2456">mockito/mockito#2456</a>)</li> <li>Bump core-ktx from 1.6.0 to 1.7.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2454">#2454</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2454">mockito/mockito#2454</a>)</li> <li>Bump google-java-format from 1.11.0 to 1.12.0 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2450">#2450</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2450">mockito/mockito#2450</a>)</li> <li>Bump versions.bytebuddy from 1.11.20 to 1.11.21 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2448">#2448</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2448">mockito/mockito#2448</a>)</li> <li>Use new CodeCov uploader [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2447">#2447</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2447">mockito/mockito#2447</a>)</li> <li>Bump actions/checkout from 2.3.4 to 2.3.5 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2445">#2445</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2445">mockito/mockito#2445</a>)</li> <li>Fixes <a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2389">#2389</a> : Parallel use of mocks with deep stubbing may lead to ConcurrentModificationException [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2444">#2444</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2444">mockito/mockito#2444</a>)</li> <li>Bump versions.bytebuddy from 1.11.19 to 1.11.20 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2443">#2443</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/2443">mockito/mockito#2443</a>)</li> <li>Parallel use of mocks with deep stubbing may lead to ConcurrentModificationException [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2389">#2389</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2389">mockito/mockito#2389</a>)</li> <li>Add annotation to mark a type as DoNotMock [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1833">#1833</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/pull/1833">mockito/mockito#1833</a>)</li> <li>Cannot mock this class: class java.io.InputStream with Java 13 [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1827">#1827</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1827">mockito/mockito#1827</a>)</li> <li>Cannot mock wrapper types, String.class or Class.class [(<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1734">#1734</a>)](<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1734">mockito/mockito#1734</a>)</li> </ul> <h2>v4.0.0</h2> <h1>Mockito 4: Removing deprecated APIs.</h1> <p>All of these APIs have been marked as deprecated and have been present in Mockito for quite a while.</p> <p>An overview of now-deleted classes/methods:</p> <ul> <li><code>org.mockito.Matchers</code> which was an alias for <code>org.mockito.ArgumentMatchers</code></li> <li><code>org.mockito.ArgumentMatchers#{anyObject,anyVararg}</code> both which were aliases for <code>org.mockito.ArgumentMatchers#any</code></li> <li><code>org.mockito.ArgumentMatchers#any*Of</code>, which were aliases for the same method name without the Of and the generic parameters (which were ignored)</li> <li><code>org.mockito.ArgumentMatchers#{is}{Not}Null(Class)</code> which took a class which was ignored. Aliases for the same methods without the parameter</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mockito/mockito/commit/2c95eb04013847bb2d9f0debb23afdfe33e848fe"><code>2c95eb0</code></a> Bump com.diffplug.gradle.spotless from 4.5.1 to 6.0.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2471">#2471</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/ebc1685f700100be8664e6903f0187afe474759a"><code>ebc1685</code></a> Add annotation to mark a type as DoNotMock (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/1833">#1833</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/102cc38663d05fde909268bef418e1c7a5ecc4e4"><code>102cc38</code></a> Bump kotlinVersion from 1.5.31 to 1.6.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2474">#2474</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/b72a0a5748d5322baec2ae802cd6be7e4d2f308b"><code>b72a0a5</code></a> Disable memory tests (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2480">#2480</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/d373357443088ccbe7c073cef293ed96cd987544"><code>d373357</code></a> Bump appcompat from 1.3.1 to 1.4.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2477">#2477</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/a58dcc5bfffea220711f40e50d1a12998c1d744c"><code>a58dcc5</code></a> Bump versions.bytebuddy from 1.12.0 to 1.12.1 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2472">#2472</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/3635ac3f22425d37979f575e931c8355c826e69d"><code>3635ac3</code></a> Bump versions.bytebuddy from 1.11.22 to 1.12.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2469">#2469</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/584504e8c8ec027d41865eb593be915cb376fb72"><code>584504e</code></a> Bump versions.errorprone from 2.9.0 to 2.10.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2466">#2466</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/8e035a1151549b46458a9f955f40da25f0a5e730"><code>8e035a1</code></a> Bump auto-service from 1.0 to 1.0.1 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2463">#2463</a>)</li> <li><a href="https://github.com/mockito/mockito/commit/b37eed8102b7df7df5896eba82a1e47f0b94a401"><code>b37eed8</code></a> Bump actions/checkout from 2.3.5 to 2.4.0 (<a href="https://github-redirect.dependabot.com/mockito/mockito/issues/2462">#2462</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mockito/mockito/compare/v3.12.4...v4.1.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 21 hours

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha 1e6f4917b95c41337e086151bb4912e052e74227

Bump mysql-connector-java from 8.0.26 to 8.0.27 Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.26 to 8.0.27. - [Release notes](https://github.com/mysql/mysql-connector-j/releases) - [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES) - [Commits](https://github.com/mysql/mysql-connector-j/compare/8.0.26...8.0.27) --- updated-dependencies: - dependency-name: mysql:mysql-connector-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha 6374240f381bfa5ba7c8b98ebb27e59e2497b367

Merge pull request #1288 from DependencyTrack/dependabot/maven/mysql-mysql-connector-java-8.0.27 Bump mysql-connector-java from 8.0.26 to 8.0.27

view details

push time in a day

PR merged DependencyTrack/dependency-track

Bump mysql-connector-java from 8.0.26 to 8.0.27 dependencies

Bumps mysql-connector-java from 8.0.26 to 8.0.27. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES">mysql-connector-java's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/">https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/</a></h1> <p>Version 8.0.27</p> <ul> <li> <p>Fix for Bug#103612 (32902019), Incorrectly identified WITH...SELECT as unsafe for read-only connections.</p> </li> <li> <p>Fix for Bug#71929 (18346501), Prefixing query with double comments cancels query DML validation.</p> </li> <li> <p>Fix for Bug#23204652, CURSOR POSITIONING API'S DOESNOT CHECK THE VALIDITY OF RESULTSET.</p> </li> <li> <p>Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING.</p> </li> <li> <p>Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART CHARSET DETECTION.</p> </li> <li> <p>Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can return duplicated foreign keys.</p> </li> <li> <p>Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting conversion of 'T' and 'F' in a VARCHAR to True/False (boolean).</p> </li> <li> <p>Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA.</p> </li> <li> <p>Fix for Bug#104559 (33232419), ResultSet.getObject(i, java.util.Date.class) throws NPE when the value is null.</p> </li> <li> <p>WL#14707, Support OCI IAM authentication.</p> </li> <li> <p>WL#14660, Testsuite with support for single MySQL server instance.</p> </li> <li> <p>Fix for Bug#103878 (32954449), CONNECTOR/J 8 : QUERY WITH 'SHOW XXX' WILL GET EXCEPTION WHEN USE CURSOR.</p> </li> <li> <p>Fix for Bug#103796 (32922715), CONNECTOR/J 8 STMT SETQUERYTIMEOUT CAN NOT WORK. Thanks to Hong Wang for his contribution.</p> </li> <li> <p>Fix for Bug#104170 (33064455), CONTRIBUTION: CLIENTPREPAREDSTMT: LEAVE CALENDAR UNTOUCHED. Thanks to Björn Michael for his contribution.</p> </li> <li> <p>Fix for Bug#95564 (29894324), createDatabaseIfNotExist is not working for databases with hyphen in name. Thanks to Lukasz Sanek for his contribution.</p> </li> </ul> <p>Version 8.0.26</p> <ul> <li> <p>Fix for Bug#32954396, EXECUTEQUERY HANGS WITH USECURSORFETCH=TRUE & SETFETCHSIZE.</p> </li> <li> <p>Fix for Bug#102372 (32459408), v8.0.23 unusable in OSGi.</p> </li> <li> <p>Fix for Bug#25554464, CONNECT FAILS WITH NPE WHEN THE SERVER STARTED WITH CUSTOM COLLATION.</p> </li> <li> <p>Fix for Bug#100606 (31818423), UNECESARY CALL TO "SET NAMES 'UTF8' COLLATE 'UTF8_GENERAL_CI'". Thanks to Marc Fletcher for his contribution.</p> </li> <li> <p>Fix for Bug#102404 (32435618), CONTRIBUTION: ADD TRACK SESSION STATE CHANGE.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mysql/mysql-connector-j/commit/e920b979015ae7117d60d72bcc8f077a839cd791"><code>e920b97</code></a> GPL license book update.</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/ade4a414fe569fa7831338a5add8632f2391542d"><code>ade4a41</code></a> Fix for Bug#23204652, Bug#71929 (18346501) and Bug#103612 (32902019).</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/509f184047763cd36ab96f44886edf4c35f284fd"><code>509f184</code></a> Fix for Bug#28725534, MULTI HOST CONNECTION WOULD BLOCK IN CONNECTION POOLING.</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/ed64a73ed3d88f0efc422d9cec0e645677315cb2"><code>ed64a73</code></a> Fix for Bug#95139 (29807572), CACHESERVERCONFIGURATION APPEARS TO THWART</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/29054158261504b51b4b71e9436771dc1424eedb"><code>2905415</code></a> Fix for Bug#104641 (33237255), DatabaseMetaData.getImportedKeys can</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/5f142a6c9e76e8d56dcf332b3ce531a55d81844e"><code>5f142a6</code></a> Fix for Bug#33185116, Have method ResultSet.getBoolean() supporting</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/11d4f9fa6c8382f15a489e8885ef9cc3a50ec6ec"><code>11d4f9f</code></a> GPL license book update.</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/15080450a368a5c7ecb08b930d10ca845659660b"><code>1508045</code></a> Fix for Bug#31117686, PROTOCOL ALLOWLIST NOT COMPATIBLE WITH IBM JAVA.</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/5c5e8e1e37190c8bc306fe305af5dc324c97614a"><code>5c5e8e1</code></a> Fix for Bug#104559 (33232419), ResultSet.getObject(i,</li> <li><a href="https://github.com/mysql/mysql-connector-j/commit/2ad747a23dfc610b49be19088c643bc8c9524ac5"><code>2ad747a</code></a> WL#14707, Support OCI IAM authentication.</li> <li>Additional commits viewable in <a href="https://github.com/mysql/mysql-connector-j/compare/8.0.26...8.0.27">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha 76eca8494d4a227921098512a35ceaf0148a2131

Bump unirest-java from 3.13.0 to 3.13.4 Bumps [unirest-java](https://github.com/Kong/unirest-java) from 3.13.0 to 3.13.4. - [Release notes](https://github.com/Kong/unirest-java/releases) - [Changelog](https://github.com/Kong/unirest-java/blob/main/CHANGELOG.md) - [Commits](https://github.com/Kong/unirest-java/compare/v3.13.0...v3.13.4) --- updated-dependencies: - dependency-name: com.konghq:unirest-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha a65ee0d0037476b1bdc831183480427823e52366

Merge pull request #1289 from DependencyTrack/dependabot/maven/com.konghq-unirest-java-3.13.4 Bump unirest-java from 3.13.0 to 3.13.4

view details

push time in a day

PR merged DependencyTrack/dependency-track

Bump unirest-java from 3.13.0 to 3.13.4 dependencies

Bumps unirest-java from 3.13.0 to 3.13.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kong/unirest-java/releases">unirest-java's releases</a>.</em></p> <blockquote> <h2>Release v3.13.4</h2> <p>See CHANGELOG.md for details. Fresh releases may take up to 20 minutes to show up in Maven Central: <a href="https://mvnrepository.com/artifact/com.konghq/unirest-java">https://mvnrepository.com/artifact/com.konghq/unirest-java</a></p> <h2>Release v3.13.3</h2> <p>See CHANGELOG.md for details. Fresh releases may take up to 20 minutes to show up in Maven Central: <a href="https://mvnrepository.com/artifact/com.konghq/unirest-java">https://mvnrepository.com/artifact/com.konghq/unirest-java</a></p> <h2>Release v3.13.2</h2> <p>See CHANGELOG.md for details. Fresh releases may take up to 20 minutes to show up in Maven Central: <a href="https://mvnrepository.com/artifact/com.konghq/unirest-java">https://mvnrepository.com/artifact/com.konghq/unirest-java</a></p> <h2>Release v3.13.1</h2> <p>See CHANGELOG.md for details. Fresh releases may take up to 20 minutes to show up in Maven Central: <a href="https://mvnrepository.com/artifact/com.konghq/unirest-java">https://mvnrepository.com/artifact/com.konghq/unirest-java</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kong/unirest-java/blob/main/CHANGELOG.md">unirest-java's changelog</a>.</em></p> <blockquote> <h2>3.13.3</h2> <ul> <li>Support a way to override Apache HttpClientBuilder options with the Client Builder. All Unirest configs are set first, then the consumer is called which allows consumers to override or add additional configs:</li> </ul> <pre lang="java"><code> Unirest.config() .httpClient(ApacheClient.builder(c -> c.setMaxConnTotal(5000)); </code></pre> <h2>3.13.2</h2> <ul> <li>Allow using a MockResponse in the MockRequestBuilder</li> </ul> <h2>3.13.1</h2> <ul> <li>add some new features to MockClient <ul> <li>mockClient.reset() will clear any expectations</li> <li>mockClient.defaultResponse() returns a default response expectation for when an explicit expectation was not matched</li> <li>thenReturn(Supplier<!-- raw HTML omitted --> supplier) allows you to set the response body as a supplier to be invoked at request time.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kong/unirest-java/commit/c02c4d70cb8a3b4fcb26589efe95c97ca1255afe"><code>c02c4d7</code></a> [maven-release-plugin] prepare release v3.13.4</li> <li><a href="https://github.com/Kong/unirest-java/commit/7dc299bd8148f5a48de46eb0a8c7cbbf9eb8f413"><code>7dc299b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Kong/unirest-java/issues/420">#420</a> from haroon-sheikh/main</li> <li><a href="https://github.com/Kong/unirest-java/commit/863e1d145f73630d224f11d1574c7e40a3881f16"><code>863e1d1</code></a> Ability to replace a map of headers Fixes <a href="https://github-redirect.dependabot.com/Kong/unirest-java/issues/419">#419</a></li> <li><a href="https://github.com/Kong/unirest-java/commit/472f7d0191a77435a5312faab1f20e2917be4165"><code>472f7d0</code></a> update docs</li> <li><a href="https://github.com/Kong/unirest-java/commit/3a39516b7fb1d032d67ed0a668fd28ab684be5ff"><code>3a39516</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/Kong/unirest-java/commit/a7725cfb7b1e2127bf0f348a16de5d9b747ca733"><code>a7725cf</code></a> [maven-release-plugin] prepare release v3.13.3</li> <li><a href="https://github.com/Kong/unirest-java/commit/da595620e9a4a6cbcb6416860e6e043c69961710"><code>da59562</code></a> allow a way to set additional config options on the Http Client Builder</li> <li><a href="https://github.com/Kong/unirest-java/commit/07683eee893c73748d5b8cd549ab2cc4dc738565"><code>07683ee</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/Kong/unirest-java/commit/27d1ee0218409eed4aaa3beeac0abcce2a86f0f5"><code>27d1ee0</code></a> [maven-release-plugin] prepare release v3.13.2</li> <li><a href="https://github.com/Kong/unirest-java/commit/6d7b21f2cbd849e3b18fdb5d9f34d9f21a69f6e6"><code>6d7b21f</code></a> when there is a default expectation then use only that</li> <li>Additional commits viewable in <a href="https://github.com/Kong/unirest-java/compare/v3.13.0...v3.13.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+2 -2

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha d1ccec260cc1759a3e77b45af3544c6c14f317ca

Bump woodstox-core from 6.2.6 to 6.2.7 Bumps [woodstox-core](https://github.com/FasterXML/woodstox) from 6.2.6 to 6.2.7. - [Release notes](https://github.com/FasterXML/woodstox/releases) - [Commits](https://github.com/FasterXML/woodstox/compare/woodstox-core-6.2.6...woodstox-core-6.2.7) --- updated-dependencies: - dependency-name: com.fasterxml.woodstox:woodstox-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha eb048e7c07287668504de125f20720076ee1d19a

Merge pull request #1286 from DependencyTrack/dependabot/maven/com.fasterxml.woodstox-woodstox-core-6.2.7 Bump woodstox-core from 6.2.6 to 6.2.7

view details

push time in a day

PR merged DependencyTrack/dependency-track

Bump woodstox-core from 6.2.6 to 6.2.7 dependencies

Bumps woodstox-core from 6.2.6 to 6.2.7. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/FasterXML/woodstox/commit/203f8b217c92b7bd3337abc9fccc50965baf4f99"><code>203f8b2</code></a> [maven-release-plugin] prepare release woodstox-core-6.2.7</li> <li><a href="https://github.com/FasterXML/woodstox/commit/8df560ef2c6b9407225701f4fbc081c6a5570602"><code>8df560e</code></a> Prepare for 6.2.7 release</li> <li><a href="https://github.com/FasterXML/woodstox/commit/72410f48722588dd991e283eb51f4156004e41c3"><code>72410f4</code></a> And one more LGTM.com warning fix (wrt <a href="https://github-redirect.dependabot.com/FasterXML/woodstox/issues/121">#121</a>)</li> <li><a href="https://github.com/FasterXML/woodstox/commit/2b597bc6128be1abc557186975e0164f35ef37dd"><code>2b597bc</code></a> Fix an actual minor bug (never encountered but legit) as per lgtm.com warning</li> <li><a href="https://github.com/FasterXML/woodstox/commit/d20262c62f27abe1f48daab72e795a7efc775bdc"><code>d20262c</code></a> One minor lgtm fix</li> <li><a href="https://github.com/FasterXML/woodstox/commit/8029523187318aa3b98d8cc8e6db90e73df6c6bf"><code>8029523</code></a> Fix <a href="https://github-redirect.dependabot.com/FasterXML/woodstox/issues/132">#132</a></li> <li><a href="https://github.com/FasterXML/woodstox/commit/b2d6e37874d9780c86e1d88e903b006caa4c95b4"><code>b2d6e37</code></a> add another StudyTrails link to README</li> <li><a href="https://github.com/FasterXML/woodstox/commit/732b151b22fea26633598c74eb433ea97c74ab48"><code>732b151</code></a> Comment out a few bogus lgtm warnings</li> <li><a href="https://github.com/FasterXML/woodstox/commit/05796c275fbc7e47b4fc905414fec3ecd4b90e15"><code>05796c2</code></a> add badge for code coverage</li> <li><a href="https://github.com/FasterXML/woodstox/commit/12c56faccee6bad1678d2bd5b1daa389f88b9554"><code>12c56fa</code></a> Try adding code coverage for woodstox too</li> <li>Additional commits viewable in <a href="https://github.com/FasterXML/woodstox/compare/woodstox-core-6.2.6...woodstox-core-6.2.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+2 -2

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

PR merged DependencyTrack/dependency-track

Bump cvss-calculator from 1.4.0 to 1.4.1 dependencies

Bumps cvss-calculator from 1.4.0 to 1.4.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/5cc7c55764af39a96cedd8c5aed11af83c2edea2"><code>5cc7c55</code></a> [maven-release-plugin] prepare release cvss-calculator-1.4.1</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/243057b35d306a3a5bd13b40af076683274eda62"><code>243057b</code></a> Merge remote-tracking branch 'origin/master'</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/f9fb782290cd5b3c7bb426feeede3f61955dc8e7"><code>f9fb782</code></a> bump</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/3422de2f1f5f6ccdfddef315538a8182a055e4d6"><code>3422de2</code></a> Update maven.yml</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/aa22202e65cc85c8a2ae015f263e744e98b73e68"><code>aa22202</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/stevespringett/cvss-calculator/issues/28">#28</a> from stevespringett/dependabot/maven/org.apache.maven....</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/6cda1d633afe6b29148b9f19fe68ce52da207752"><code>6cda1d6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/stevespringett/cvss-calculator/issues/32">#32</a> from stevespringett/dependabot/maven/org.cyclonedx-cyc...</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/3de73b8e322af23edf1dd63f0ca210edda930621"><code>3de73b8</code></a> Bump cyclonedx-maven-plugin from 2.4.0 to 2.5.3</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/88502a4250ad97ac5c1f722440e21056dc38befa"><code>88502a4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/stevespringett/cvss-calculator/issues/23">#23</a> from stevespringett/dependabot/maven/org.apache.maven....</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/f85078713c354bb20d844f5b399ed0b9668d37ba"><code>f850787</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/stevespringett/cvss-calculator/issues/33">#33</a> from stevespringett/dependabot/maven/org.apache.maven....</li> <li><a href="https://github.com/stevespringett/cvss-calculator/commit/c64eb1935468dff4a42152bd3cdaffab67921786"><code>c64eb19</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/stevespringett/cvss-calculator/issues/35">#35</a> from sapsimon/master</li> <li>Additional commits viewable in <a href="https://github.com/stevespringett/cvss-calculator/compare/cvss-calculator-1.4.0...cvss-calculator-1.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha e19c1f536032d6e602ad171c8a81065040c0aba9

Bump cvss-calculator from 1.4.0 to 1.4.1 Bumps [cvss-calculator](https://github.com/stevespringett/cvss-calculator) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/stevespringett/cvss-calculator/releases) - [Commits](https://github.com/stevespringett/cvss-calculator/compare/cvss-calculator-1.4.0...cvss-calculator-1.4.1) --- updated-dependencies: - dependency-name: us.springett:cvss-calculator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha 96aa50f6244dba79f4452417fb49a9addec8d775

Merge pull request #1284 from DependencyTrack/dependabot/maven/us.springett-cvss-calculator-1.4.1 Bump cvss-calculator from 1.4.0 to 1.4.1

view details

push time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha 6bbecd8fe8133f81f12809f82ef58cebd4ff8769

Bump postgresql from 42.2.23 to 42.3.1 Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.2.23 to 42.3.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.3.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha 7a0b32cbf952961384ffa716d7e3c064fad96223

Merge pull request #1251 from DependencyTrack/dependabot/maven/org.postgresql-postgresql-42.3.1 Bump postgresql from 42.2.23 to 42.3.1

view details

push time in a day

PR merged DependencyTrack/dependency-track

Bump postgresql from 42.2.23 to 42.3.1 dependencies

Bumps postgresql from 42.2.23 to 42.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">postgresql's changelog</a>.</em></p> <blockquote> <h2>[42.3.1] (2021-10-29)</h2> <h3>Changed</h3> <ul> <li>improv: Arrays in Object[] <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2330">PR 2330</a> when an Object[] contains other arrays, treat as though it were a multi-dimensional array the one exception is byte[], which is not supported.</li> <li>improv: Use jre utf-8 decoding <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2317">PR 2317</a> Remove use of custom utf-8 decoding.</li> <li>perf: improve performance of bytea string decoding <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2320">PR 2320</a> improve the parsing of bytea hex encoded string by making a lookup table for each of the valid ascii code points to the 4 bit numeric value</li> <li>feat: intern/canonicalize common strings <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2234">PR 2234</a></li> </ul> <h3>Added</h3> <h3>Fixed</h3> <ul> <li>numeric binary decode for even 10 thousands [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2327">#2327</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2327">pgjdbc/pgjdbc#2327</a>) fixes <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2326">Issue 2326</a> binary numeric values which represented integers multiples of 10,000 from 10,000-9,990,000 were not decoded correctly</li> <li>[typo] typo in certdir/README.md [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2309">#2309</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2309">pgjdbc/pgjdbc#2309</a>) certificatess => certificates</li> <li>[typo] typo in TimestampUtils.java [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2314">#2314</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2314">pgjdbc/pgjdbc#2314</a>) Change <code>Greagorian</code> to <code>Gregorian</code>.</li> <li>remove check for negative pid in cancel request. Apparently pgbouncer can send one fixes <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2317">Issue 2317</a> [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2319">#2319</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2319">pgjdbc/pgjdbc#2319</a>)</li> </ul> <h2>[42.3.0] (2021-10-18)</h2> <h3>Changed</h3> <ul> <li>No longer build for Java 6 or Java 7</li> <li>If assumeMinServerVersion is not defined and server is at least 9.0, group startup statements into a single transaction PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/1977">#1977</a></li> </ul> <h3>Added</h3> <h3>Fixed</h3> <ul> <li>Rework OSGi bundle activator so it does not rely on exception message to check DataSourceFactory presence PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/507">#507</a></li> <li>Fix database metadata getFunctions() and getProcedures() to ignore search_path when no schema pattern is specified [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2174">#2174</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2174">pgjdbc/pgjdbc#2174</a>)</li> <li>Fix refreshRow made the row readOnly. [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2195">#2195</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2195">pgjdbc/pgjdbc#2195</a> Fixes [Issue <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2193">#2193</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2193">pgjdbc/pgjdbc#2193</a>)</li> <li>Fix do not add double quotes to identifiers already double quoted [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2224">#2224</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2224">pgjdbc/pgjdbc#2224</a>) Fixes [Issue <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2223">#2223</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2223">pgjdbc/pgjdbc#2223</a>) Add a property <code>QUOTE_RETURNING_IDENTIFIERS</code> which determines if we put double quotes around identifiers that are provided in the returning array.</li> <li>Fix Provide useful error message for empty or missing passwords for SCRAM auth [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2290">#2290</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2290">pgjdbc/pgjdbc#2290</a>) fixes [Issue <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2288">#2288</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2288">pgjdbc/pgjdbc#2288</a>)</li> </ul> <h2>[42.2.24] (2021-09-23)</h2> <h3>Fixed</h3> <ul> <li>Fix startup regressions caused by [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1949">#1949</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/1949">pgjdbc/pgjdbc#1949</a>). Instead of checking all types by OID, we can return types for well known types [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2257">#2257</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2257">pgjdbc/pgjdbc#2257</a>)</li> <li>Backport [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2148">#2148</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2148">pgjdbc/pgjdbc#2148</a>) Avoid leaking server error details through BatchUpdateException when logServerErrorDetail [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2254">#2254</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2254">pgjdbc/pgjdbc#2254</a>)</li> <li>Backpatch [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2247">#2247</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2247">pgjdbc/pgjdbc#2247</a>) QueryExecutorImpl.receiveFastpathResult did not properly handle ParameterStatus messages. This in turn caused failures for some LargeObjectManager operations. Closes [Issue <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2237">#2237</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2237">pgjdbc/pgjdbc#2237</a>) Fixed by adding the missing code path, based on the existing handling in processResults. [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2253">#2253</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2253">pgjdbc/pgjdbc#2253</a>)</li> <li>Backpatch [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2242">#2242</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2242">pgjdbc/pgjdbc#2242</a>) PgDatabaseMetaData.getIndexInfo() cast operands to smallint <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2253">PR#2253</a> It is possible to break method PgDatabaseMetaData.getIndexInfo() by adding certain custom operators. This PR fixes it.</li> <li>Backpatching [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2251">#2251</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2251">pgjdbc/pgjdbc#2251</a>) into 42.2 Clean up open connections to fix test failures on omni and appveyor use older syntax for COMMENT ON FUNCTION with explicit no-arg parameter parentheses as it is required on server versions before v10. Handle cleanup of connection creation in StatementTest, handle cleanup of privileged connection in DatabaseMetaDataTest</li> <li>Backpatch [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2245">#2245</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2245">pgjdbc/pgjdbc#2245</a>) fixes case where duplicate tables are returned if there are duplicate descriptions oids are not guaranteed to be unique in the catalog [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2248">#2248</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2248">pgjdbc/pgjdbc#2248</a>)</li> <li>Change to updatable result set to use correctly primary or unique keys [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2228">#2228</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2228">pgjdbc/pgjdbc#2228</a>) fixes issues introduced in [PR <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2199">#2199</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2199">pgjdbc/pgjdbc#2199</a>) closes [Issue <a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2196">#2196</a>](<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2196">pgjdbc/pgjdbc#2196</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/3cf846e019767590cc1a4c1b90246ebc26bc5130"><code>3cf846e</code></a> Release notes for 42.3.1 (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2330">#2330</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/515ea066d2af84cbd98ab840457934df5596acfe"><code>515ea06</code></a> fix: remove unused OptimizedUTF8Encoder (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2329">#2329</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/b3050e60f81b4e43fae452bcf6df297df2048ae4"><code>b3050e6</code></a> fix: numeric binary decode for even 10 thousands (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2327">#2327</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/67113020ac79dbad41d2aaf4f0cf6a9e0de4ef02"><code>6711302</code></a> Remove references to JAVA 6 and 7 (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2312">#2312</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/1b8629b24e1851311df98bb390480dc7cbcdfb52"><code>1b8629b</code></a> move version to 42.3.0 (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2322">#2322</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/a024cd5187a7aa5843058fb825680a78ad047ca3"><code>a024cd5</code></a> feat: intern/canonicalize common strings (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2234">#2234</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/f2a24d37363b59279290ef16767047bf65b3694c"><code>f2a24d3</code></a> perf: improve performance of bytea string decoding (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2320">#2320</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/c9be5c0f855bfbda1a481cd8b469210d13b2e553"><code>c9be5c0</code></a> remove check for negative pid in cancel request. Apparently pgbouncer can sen...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/a57860377053bd44008ae47453381b9e78442891"><code>a578603</code></a> improv: Use jre utf-8 decoding (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2317">#2317</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/538c79f560097e0fc8fef460477fbaeaa71ebb19"><code>538c79f</code></a> improv: Arrays in Object[] (<a href="https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/2230">#2230</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.3.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha f9a16abdf6ecb2a1f3cd28e9988dab4a71174584

Bump lib.lucene.version from 8.9.0 to 8.11.0 Bumps `lib.lucene.version` from 8.9.0 to 8.11.0. Updates `lucene-core` from 8.9.0 to 8.11.0 Updates `lucene-analyzers-common` from 8.9.0 to 8.11.0 Updates `lucene-queryparser` from 8.9.0 to 8.11.0 Updates `lucene-queries` from 8.9.0 to 8.11.0 Updates `lucene-sandbox` from 8.9.0 to 8.11.0 --- updated-dependencies: - dependency-name: org.apache.lucene:lucene-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.lucene:lucene-analyzers-common dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.lucene:lucene-queryparser dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.lucene:lucene-queries dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.lucene:lucene-sandbox dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha 7f40fbd24350d740452c8e00d9022672b591515f

Merge pull request #1285 from DependencyTrack/dependabot/maven/lib.lucene.version-8.11.0 Bump lib.lucene.version from 8.9.0 to 8.11.0

view details

push time in a day

PR merged DependencyTrack/dependency-track

Bump lib.lucene.version from 8.9.0 to 8.11.0 dependencies

Bumps lib.lucene.version from 8.9.0 to 8.11.0. Updates lucene-core from 8.9.0 to 8.11.0

Updates lucene-analyzers-common from 8.9.0 to 8.11.0

Updates lucene-queryparser from 8.9.0 to 8.11.0

Updates lucene-queries from 8.9.0 to 8.11.0

Updates lucene-sandbox from 8.9.0 to 8.11.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a day

issue commentossf/wg-vulnerability-disclosures

Embed CPE names into binaries

@kerberosmansour Embedding an SBOM into a binary is likely a non-starter. Some SBOMs are going to be very large, especially ones with full license text.

Embedding component identity into binaries (cpe, purl, swid, etc) would require collaboration across the dozens of binary formats. For example, I don't think ELF is future-proof and would require a major revision in the ELF format in order to make enough room in the file or program header to store identity information. Currently, I don't think ELF is capable of this. Perhaps someone more familiar with ELF can chime in.

I think most SWID tagIds are 16B GUIDs. Purls can/will be much larger than that. In practice, support for URIs up to 1KB in length would likely cover the majority of purls use cases.

knqyf263

comment created time in a day

push eventDependencyTrack/dependency-track

dependabot[bot]

commit sha a496da8443e8f01fe7018e66571cf83e6dbcffb0

Bump packageurl-java from 1.4.0 to 1.4.1 Bumps [packageurl-java](https://github.com/package-url/packageurl-java) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/package-url/packageurl-java/releases) - [Commits](https://github.com/package-url/packageurl-java/compare/packageurl-java-1.4.0...packageurl-java-1.4.1) --- updated-dependencies: - dependency-name: com.github.package-url:packageurl-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Steve Springett

commit sha 87b4b1d30be69c65bea3b7adbbdc1ef5df2a1f38

Merge pull request #1204 from DependencyTrack/dependabot/maven/com.github.package-url-packageurl-java-1.4.1 Bump packageurl-java from 1.4.0 to 1.4.1

view details

push time in 2 days

PR merged DependencyTrack/dependency-track

Bump packageurl-java from 1.4.0 to 1.4.1 dependencies

Bumps packageurl-java from 1.4.0 to 1.4.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/package-url/packageurl-java/commit/c23835e16083c9677e0fe32baa3246c5898b230d"><code>c23835e</code></a> [maven-release-plugin] prepare release packageurl-java-1.4.1</li> <li><a href="https://github.com/package-url/packageurl-java/commit/1d5cc54a65e7766d6c1da95492425cf7afdc9070"><code>1d5cc54</code></a> bump</li> <li><a href="https://github.com/package-url/packageurl-java/commit/759521d0773e66037013ec0629b644249e10146e"><code>759521d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/39">#39</a> from package-url/dependabot/maven/org.apache.maven.plu...</li> <li><a href="https://github.com/package-url/packageurl-java/commit/328b5933cef7a1ffd1df42cfcec13d05d0df6db7"><code>328b593</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/30">#30</a> from package-url/dependabot/maven/org.apache.maven.plu...</li> <li><a href="https://github.com/package-url/packageurl-java/commit/4d07683828af134ce0270fc7c7d4d39c9b35545b"><code>4d07683</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/34">#34</a> from package-url/dependabot/maven/junit-junit-4.13.2</li> <li><a href="https://github.com/package-url/packageurl-java/commit/ead790fe84cd5dd8b9e53bc1424aa5ef23e20883"><code>ead790f</code></a> Bump maven-enforcer-plugin from 1.4.1 to 3.0.0</li> <li><a href="https://github.com/package-url/packageurl-java/commit/89bf7ee40e81a5d6beb5042977c9498aa9f1e663"><code>89bf7ee</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/36">#36</a> from package-url/dependabot/maven/org.apache.maven.plu...</li> <li><a href="https://github.com/package-url/packageurl-java/commit/ef69e79af019376dd43af88d3377cd224d617e21"><code>ef69e79</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/37">#37</a> from package-url/dependabot/maven/com.github.spotbugs-...</li> <li><a href="https://github.com/package-url/packageurl-java/commit/649f4c595790c72a2d1a2ae241e573b5482d9d09"><code>649f4c5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/package-url/packageurl-java/issues/38">#38</a> from mealingr/npm_case_sensitive</li> <li><a href="https://github.com/package-url/packageurl-java/commit/053c58b31d5a36030528a1ac21cf8ee02adade44"><code>053c58b</code></a> Account for NPM being case-sensitive</li> <li>Additional commits viewable in <a href="https://github.com/package-url/packageurl-java/compare/packageurl-java-1.4.0...packageurl-java-1.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+2 -2

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 days

push eventDependencyTrack/dependency-track

Steve Springett

commit sha be3b669e9fd26a1fc02ccd748c5126afbe2c4571

#1168 - Optimized isCapable() to account for multiple attributes within a component (other than just purl). Eliminated multiple places where a specific objectId was queried on thus leading to exceptions if the object is no longer present.

view details

push time in 2 days

more