Bump project-ncl/shared-github-actions/.github/workflows/maven-snapshot.yml from 0.0.17 to 0.0.18

[dependabot]

Bumps project-ncl/shared-github-actions/.github/workflows/maven-snapshot.yml from 0.0.17 to 0.0.18.

Release notes

Sourced from project-ncl/shared-github-actions/.github/workflows/maven-snapshot.yml's releases.

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

• Add jboss_parent overrides for snapshots by @​rnc in project-ncl/shared-github-actions#35
• Fix releaseProfiles name by @​rnc in project-ncl/shared-github-actions#37
• Pass as arguments to release plugin by @​rnc in project-ncl/shared-github-actions#38
• [NCL-9648] Implement NPM build action by @​patrikk0123 in project-ncl/shared-github-actions#40
• [NCL-9648] NPM CI and generic Mend CI by @​patrikk0123 in project-ncl/shared-github-actions#41
• Fetch tags regardless of fetch-depth by @​rnc in project-ncl/shared-github-actions#39
• Add release workflow for shared repo by @​rnc in project-ncl/shared-github-actions#36
• Rename release job. Use workflow_call for jib by @​rnc in project-ncl/shared-github-actions#42

👒 Project Dependencies

• Update project-ncl/shared-github-actions requirement to 429a1085131890ddf95456ac2a7a8b0866dd78ad by @​dependabot[bot] in project-ncl/shared-github-actions#29

Full Changelog: project-ncl/shared-github-actions@v0.0.17...v0.0.18

Commits

• 153b977 Merge pull request #29 from project-ncl/dependabot/github_actions/project-ncl...
• 5c44905 Merge pull request #42 from rnc/BR1
• 99a3c3d Rename release job. Use workflow_call for jib
• d96b556 Merge pull request #36 from rnc/BR1
• 401ca54 Merge pull request #39 from rnc/BR3
• fb9557c Add release workflow for shared repo
• 06a3e68 Update project-ncl/shared-github-actions requirement to 429a1085131890ddf9545...
• 429a108 NCL-9648 Make Mend CI more generic
• 89cdc79 NCL-9648 Implement NPM CI workflow
• 8ba48d2 NCL-9648 Implement NPM build action
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

SCA scan output

http:4.1.133.Final, https://github.com/netty/netty.git - netty-4.1.133.Final, |
|          |                                       |                | io.netty:netty-codec-http:4.2.13.Final                                                             |
+----------+---------------------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-codec-http-4.1.132.Final.jar    | CVE-2026-42585 | Upgrade to version io.netty:netty-codec-http:4.2.13.Final,io.netty:netty-codec-http:4.1.133.Final  |
+----------+---------------------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-handler-proxy-4.1.132.Final.jar | CVE-2026-42578 | Upgrade to version  https://github.com/netty/netty.git - netty-4.2.13.Final,                       |
|          |                                       |                | https://github.com/netty/netty.git - netty-4.1.133.Final                                           |
+----------+---------------------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM   | opentelemetry-api-1.60.1.jar          | CVE-2026-45292 | io.opentelemetry:opentelemetry-api:1.62.0                                                          |
+----------+---------------------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM   | reload4j-1.2.19.jar                   | WS-2022-0467   | Upgrade to version ch.qos.reload4j:reload4j:1.2.22,fiji - 20231211,mases.knetcli - 2.0.0,          |
|          |                                       |                | mases.knetconnect - 2.0.0,mases.knet - 2.0.0,interproscan - no_fix                                 |
+----------+---------------------------------------+----------------+----------------------------------------------------------------------------------------------------+


Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = vulnerability severity

quarkus-micrometer-registry-prometheus-3.35.2.jar
|-- micrometer-registry-prometheus-simpleclient-1.16.5.jar
	|-- simpleclient_common-0.16.0.jar
		|-- simpleclient-0.16.0.jar
			|-- simpleclient_tracer_otel-0.16.0.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- simpleclient_tracer_otel_agent-0.16.0.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
quarkus-oidc-3.35.2.jar
|-- quarkus-vertx-3.35.2.jar
	|-- netty-codec-haproxy-4.1.132.Final.jar
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- quarkus-netty-3.35.2.jar
		|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
		|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
quarkus-scheduler-3.35.2.jar
|-- quarkus-scheduler-kotlin-3.35.2.jar
	|-- quarkus-scheduler-common-3.35.2.jar
		|-- opentelemetry-instrumentation-api-2.26.1.jar
			|-- opentelemetry-api-incubator-1.60.1-alpha.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
quarkus-smallrye-fault-tolerance-3.35.2.jar
|-- smallrye-fault-tolerance-6.11.1.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- smallrye-fault-tolerance-core-6.11.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
quarkus-logging-kafka-3.0.4.jar
|-- kafka-log4j-appender-3.9.2.jar
	|-- slf4j-reload4j-1.7.36.jar
		|-- reload4j-1.2.19.jar [1 MEDIUM]
pnc-common-3.5.0-jakarta.jar
|-- opentelemetry-ext-cli-java-2.0.0.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-exporter-otlp-1.60.1.jar
		|-- opentelemetry-exporter-sender-okhttp-1.60.1.jar
			|-- opentelemetry-exporter-common-1.60.1.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- opentelemetry-sdk-logs-1.60.1.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- opentelemetry-sdk-trace-1.60.1.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-sdk-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- opentelemetry-sdk-common-1.60.1.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- opentelemetry-sdk-metrics-1.60.1.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-semconv-1.29.0-alpha.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- jsoup-1.22.2.jar
	|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- netty-handler-4.1.132.Final.jar
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
rest-client-jakarta-3.4.5.jar
|-- common-3.4.5-jakarta.jar
	|-- opentelemetry-instrumentation-annotations-2.26.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
rest-client-3.4.5-jakarta.jar
|-- vertx-core-4.5.26.jar
	|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
		|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
	|-- netty-handler-proxy-4.1.132.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-socks-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- netty-resolver-dns-4.1.132.Final.jar
		|-- netty-codec-dns-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]


No Policy violations were detected

Project 'causeway' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=d5e99a5a-e396-44cb-9d0f-cc14b315af2a
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=d940c18893904b398e45a8ef2f9d6c2f194752a83389440b9aeaf7a2fa06fc63

Mend AI scan succeeded.

Support Token: 05a177869ee514690ab0cf0d7a06ee7df1778970313257

SAST scan output

*no findings*

Full logs and artifacts