Skip to content

Bump project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.15 to 0.0.18#696

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/project-ncl/shared-github-actions/dot-github/workflows/maven-set-version.yml-0.0.18
Open

Bump project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.15 to 0.0.18#696
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/project-ncl/shared-github-actions/dot-github/workflows/maven-set-version.yml-0.0.18

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 16, 2026

Bumps project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.15 to 0.0.18.

Release notes

Sourced from project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml's releases.

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

👒 Project Dependencies

Full Changelog: project-ncl/shared-github-actions@v0.0.17...v0.0.18

Commits
  • 153b977 Merge pull request #29 from project-ncl/dependabot/github_actions/project-ncl...
  • 5c44905 Merge pull request #42 from rnc/BR1
  • 99a3c3d Rename release job. Use workflow_call for jib
  • d96b556 Merge pull request #36 from rnc/BR1
  • 401ca54 Merge pull request #39 from rnc/BR3
  • fb9557c Add release workflow for shared repo
  • 06a3e68 Update project-ncl/shared-github-actions requirement to 429a1085131890ddf9545...
  • 429a108 NCL-9648 Make Mend CI more generic
  • 89cdc79 NCL-9648 Implement NPM CI workflow
  • 8ba48d2 NCL-9648 Implement NPM build action
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump project-ncl/shared-github-actions/.github/workflows/maven-set-ve…
66635e3 
…rsion.yml

Bumps [project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml](https://github.com/project-ncl/shared-github-actions) from 0.0.15 to 0.0.18.
- [Release notes](https://github.com/project-ncl/shared-github-actions/releases)
- [Commits](project-ncl/shared-github-actions@f704158...153b977)

---
updated-dependencies:
- dependency-name: project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml
  dependency-version: 0.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 16, 2026
@dependabot dependabot Bot mentioned this pull request May 16, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 16, 2026

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
hibernate-validator-3.34.5.jar
		|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
	|-- quarkus-jdbc-postgresql-3.34.5.jar
		|-- postgresql-42.7.10.jar [1 HIGH]
	|-- quarkus-oidc-3.34.5.jar
		|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
		|-- quarkus-vertx-3.34.5.jar
			|-- quarkus-netty-3.34.5.jar
				|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- quarkus-opentelemetry-3.34.5.jar
		|-- opentelemetry-instrumentation-annotations-support-2.23.0-alpha.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-instrumentation-annotations-2.27.0.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-instrumentation-api-2.23.0.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-jdbc-2.23.0-alpha.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-runtime-telemetry-java17-2.23.0-alpha.jar
			|-- opentelemetry-runtime-telemetry-java8-2.23.0-alpha.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-api-incubator-1.57.0-alpha.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-exporter-otlp-common-1.57.0.jar
			|-- opentelemetry-exporter-common-1.57.0.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-exporter-otlp-1.57.0.jar
			|-- opentelemetry-sdk-metrics-1.57.0.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-1.57.0.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
			|-- opentelemetry-sdk-common-1.57.0.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
			|-- opentelemetry-sdk-logs-1.57.0.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
			|-- opentelemetry-sdk-trace-1.57.0.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
		|-- quarkus-grpc-common-3.34.5.jar
			|-- vertx-grpc-4.5.26.jar
				|-- grpc-netty-1.79.0.jar
					|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
					|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
		|-- quarkus-tls-registry-3.34.5.jar
			|-- smallrye-private-key-pem-parser-0.9.2.jar
				|-- bcpkix-jdk18on-1.83.jar [1 MEDIUM]
					|-- bcutil-jdk18on-1.83.jar
						|-- bcprov-jdk18on-1.83.jar [2 CRITICAL, 1 MEDIUM]
				|-- bcprov-jdk18on-1.83.jar [2 CRITICAL, 1 MEDIUM]
	|-- quarkus-smallrye-health-3.34.5.jar
		|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
	|-- quarkus-smallrye-openapi-3.34.5.jar
		|-- quarkus-swagger-ui-3.34.5.jar
			|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
		|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
	|-- reports-rest-3.0.1-SNAPSHOT.jar
		|-- quarkus-rest-jackson-3.34.5.jar
			|-- quarkus-rest-3.34.5.jar
				|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
		|-- quarkus-websockets-3.34.5.jar
			|-- quarkus-http-websocket-vertx-5.4.0.jar
				|-- quarkus-http-websocket-core-5.4.0.jar
					|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
					|-- quarkus-http-core-5.4.0.jar
						|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
		|-- reports-backend-3.0.1-SNAPSHOT.jar
			|-- communication-3.0.1-SNAPSHOT.jar
				|-- quarkus-undertow-3.34.5.jar
					|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
				|-- galley-cache-partyline-1.22-jakarta.jar
					|-- partyline-2.4.jar
						|-- infinispan-core-9.4.24.Final.jar [1 HIGH, 1 MEDIUM]
				|-- galley-transport-httpclient-1.22-jakarta.jar
					|-- jhttpc-1.17.jar
						|-- bcpkix-jdk18on-1.83.jar [1 MEDIUM]
						|-- bcprov-jdk18on-1.83.jar [2 CRITICAL, 1 MEDIUM]
				|-- source-code-manager-3.0.1-SNAPSHOT.jar
					|-- quarkus-quartz-3.34.5.jar
						|-- quarkus-scheduler-3.34.5.jar
							|-- quarkus-vertx-http-3.34.5.jar [1 HIGH]
					|-- maven-scm-api-1.13.0.jar
						|-- plexus-utils-3.6.1.jar [1 HIGH]
					|-- maven-scm-provider-jgit-1.13.0.jar
						|-- maven-scm-provider-git-commons-1.13.0.jar
							|-- plexus-utils-3.6.1.jar [1 HIGH]
						|-- plexus-utils-3.6.1.jar [1 HIGH]
						|-- org.eclipse.jgit-4.5.4.201711221230-r.jar [1 HIGH, 1 MEDIUM]
					|-- maven-scm-provider-svnexe-1.13.0.jar
						|-- commons-lang-2.6.jar [1 MEDIUM]
						|-- maven-scm-provider-svn-commons-1.13.0.jar
							|-- plexus-utils-3.6.1.jar [1 HIGH]
						|-- plexus-utils-3.6.1.jar [1 HIGH]
|-- rest-client-jakarta-3.4.5.jar
	|-- pnc-common-3.4.1-jakarta.jar
		|-- opentelemetry-ext-cli-java-1.5.0.jar
			|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.57.0.jar [1 MEDIUM]
	|-- rest-client-3.4.5-jakarta.jar
		|-- vertx-core-4.5.26.jar
			|-- netty-codec-haproxy-4.1.132.Final.jar
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-socks-4.1.132.Final.jar
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-handler-4.1.132.Final.jar
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-resolver-dns-4.1.132.Final.jar
				|-- netty-codec-dns-4.1.132.Final.jar [1 HIGH]
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]


No Policy violations were detected

Project 'dependency-analysis' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=17cd357b-3d0e-43ac-a982-661505cac482
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=d38fa0abfb554c9cac571a09497e0af3f534680889b74705ab11e416b1c07dd4

Mend AI scan succeeded.

Support Token: 185c05078b4b74ce6915a8d42f1bd80a91778904678463
SAST scan output 
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:142)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:140)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:122)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (source-code-manager/src/main/java/org/jboss/da/scm/impl/SCMImpl.java:69)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:124)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-backend/src/main/java/org/jboss/da/reports/impl/ReportsGeneratorImpl.java:571)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:101)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:103)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (source-code-manager/src/main/java/org/jboss/da/scm/impl/SCMImpl.java:44)

Full logs and artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants