dependabot[bot] opened a new pull request, #1097: URL: https://github.com/apache/directory-scimple/pull/1097
Bumps [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) from 12.2.0 to 12.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependency-check/DependencyCheck/releases";>org.owasp:dependency-check-maven's releases</a>.</em></p> <blockquote> <h2>Version 12.2.1</h2> <p>Refer to the <a href="https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md#change-log";>CHANGELOG.md</a> for information about improvements and upgrade notes.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md";>org.owasp:dependency-check-maven's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/dependency-check/DependencyCheck/releases/tag/v12.2.1";>Version 12.2.1</a> (2026-04-11)</h2> <ul> <li>build: improve GHA workflow experience for forks (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8285";>#8285</a>)</li> <li>build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8292";>#8292</a>)</li> <li>chore: avoid use of parent pom and maven properties where unnecessary (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8322";>#8322</a>)</li> <li>chore: bump java development to 25.0 (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8365";>#8365</a>)</li> <li>chore: fix Charset warnings; preferring typed charsets (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8326";>#8326</a>)</li> <li>chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8265";>#8265</a>)</li> <li>chore: pin GitHub actions to specific SHAs rather than mutable tags (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8381";>#8381</a>)</li> <li>chore: remove unused properties and schemas (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8378";>#8378</a>)</li> <li>docs: define schema locations in XML examples (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8254";>#8254</a>)</li> <li>docs: document external data sources and hostnames (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8219";>#8219</a>)</li> <li>docs: ensure OSS Index URL override is consistently documented (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8338";>#8338</a>)</li> <li>docs: fix minor typo in README (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8246";>#8246</a>)</li> <li>fix(core): correct xml schema validation handling without needing external access (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8272";>#8272</a>)</li> <li>fix(deps): upgrade slf4j and logback (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8306";>#8306</a>)</li> <li>fix(test): disable pnpm analyzer during test (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8305";>#8305</a>)</li> <li>fix: Correct published/hosted suppressions namespace header and indent (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8258";>#8258</a>)</li> <li>fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8248";>#8248</a>)</li> <li>fix: <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8140";>#8140</a> AssemblyAnalyzer version resolution issue (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8352";>#8352</a>)</li> <li>fix: <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8140";>#8140</a> fix version resolution</li> <li>fix: <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8140";>#8140</a> hint azure_identity_library_for_.net</li> <li>fix: <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8356";>#8356</a> narrow down VersionFilterAnalyzer scope to JAR files (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8358";>#8358</a>)</li> <li>fix: correct parsing for CVSSv4 strings with Provider Urgency (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8377";>#8377</a>)</li> <li>fix: evidence source in Retire JS analyzer (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8303";>#8303</a>)</li> <li>fix: exclude deprecations from Yarn Berry audit results (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8380";>#8380</a>)</li> <li>fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8245";>#8245</a>)</li> <li>fix: improve configuration consistency (casing) (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8355";>#8355</a>)</li> <li>fix: improve logging of unexpected Java Errors during processing of NVD (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8250";>#8250</a>)</li> <li>fix: raw type warning in ProcessReader (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8324";>#8324</a>)</li> <li>fix: suppress false positives for zabbix-utils <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8087";>#8087</a> (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8218";>#8218</a>)</li> <li>fix: update docs (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8405";>#8405</a>)</li> <li>fix: warn if deprecated configs are used (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8366";>#8366</a>)</li> <li>test: Make tests locale independent (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8328";>#8328</a>)</li> <li>test: <a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8140";>#8140</a> reproduce current behavior</li> <li>test: avoid polluting test classpaths with sample dependencies to be scanned (<a href="https://redirect.github.com/dependency-check/DependencyCheck/pull/8267";>#8267</a>)</li> </ul> <p>See the full listing of <a href="https://github.com/dependency-check/DependencyCheck/milestone/104?closed=1";>changes</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/bda36b81e6be958b43fc7d6da3704fc2fe1156cf";><code>bda36b8</code></a> build: prepare release v12.2.1</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/ef83e7bdb0430599c26c4541a9d46f894fa2143f";><code>ef83e7b</code></a> docs: prepare release 12.2.1</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/09af10d689aea793551d8234f9962d0ce4cafa45";><code>09af10d</code></a> fix: update docs (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8405";>#8405</a>)</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/3562775a53355cf1987316423b587d099d9edd70";><code>3562775</code></a> build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8403";>#8403</a>)</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/9ef93be47056e09dd1798a443f1fd8aac393c560";><code>9ef93be</code></a> build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/ca79bd57f1b45909410d0c8018d33b44e8107f73";><code>ca79bd5</code></a> build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/6b58069cb20d14fd257fc59eabc3ba72e4fc04d9";><code>6b58069</code></a> build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8401";>#8401</a>)</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/91c69720cf58cd9e6301f0cb43e0415bc8634dfc";><code>91c6972</code></a> fix: correct parsing for CVSSv4 strings with Provider Urgency (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8377";>#8377</a>)</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/267e7eb6cd8cc6caebf3379d73e484868ec03136";><code>267e7eb</code></a> build(deps): bump the actions-deps group with 2 updates (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8394";>#8394</a>)</li> <li><a href="https://github.com/dependency-check/DependencyCheck/commit/53f58ab67e57c3c0214bc6683b50de44cbd4e76d";><code>53f58ab</code></a> build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (<a href="https://redirect.github.com/dependency-check/DependencyCheck/issues/8389";>#8389</a>)</li> <li>Additional commits viewable in <a href="https://github.com/dependency-check/DependencyCheck/compare/v12.2.0...v12.2.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
