Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump org.owasp:dependency-check-maven from 12.1.5 to 12.1.6

Merged
Number: #341
Type: Pull Request
State: Merged
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 0
Created: September 25, 2025 at 04:02 AM UTC
(9 months ago)
Updated: September 25, 2025 at 05:25 AM UTC
(9 months ago)
Merged: September 25, 2025 at 05:25 AM UTC
(9 months ago)
by dschadow
Time to Close: about 1 hour
Labels:
dependencies java
Description:

Bumps org.owasp:dependency-check-maven from 12.1.5 to 12.1.6.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.6

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.6 (2025-09-24)

  • fix: Disable OSS Index if its credentials are missing (#7963)
  • fix: Correct CVSSv4 parsing for low precision OSSIndex values (#7935)
  • fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#7942)
  • docs: Fix legacy GitHub links within docs and CHANGELOG (#7944)
  • chore: fix version typo in security policy (#7936)

See the full listing of changes

Commits
  • 0a9592c build: prepare release v12.1.6
  • c7e992c docs: release 12.1.6
  • 93b0d1b build(deps): bump netty-codec-http from 5.2.4-final to 5.2.5-final (#7965)
  • 22ecc0b fix: Disable OSS Index if its credentials are missing (#7963)
  • 93422d2 chore: Allow passing ossIndex credentials during false positive ops workflow ...
  • 34a1235 docs: Fix legacy GitHub links within docs and CHANGELOG (#7944)
  • c44ba32 fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#7942)
  • 4af07cc docs: Implement #7808 to make changelog links clickable (#7945)
  • 6008202 test: Fix AssemblyAnalyzerTest to be robust to Grok availability (#7950)
  • b3aa3f2 build: replace deprecated jlink argument (#7953)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
Files Changed:
1
Additions:
+1
Deletions:
-1
Package Dependencies
Package:
org.owasp:dependency-check-maven
Ecosystem:
maven
Version Change:
12.1.5 → 12.1.6
Update Type:
Patch
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 8410719
UUID: 2859035614
Node ID: PR_kwDOAOu-Q86qaWve
Host: GitHub
Repository: dschadow/JavaSecurity
Merge State: Unknown