Bump project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.17 to 0.0.18 by dependabot[bot] · Pull Request #151 · project-ncl/trustbox

dependabot · 2026-05-13T07:29:47Z

Bumps project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.17 to 0.0.18.

Release notes

Sourced from project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml's releases.

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

Add jboss_parent overrides for snapshots by @rnc in project-ncl/shared-github-actions#35

Fix releaseProfiles name by @rnc in project-ncl/shared-github-actions#37

Pass as arguments to release plugin by @rnc in project-ncl/shared-github-actions#38

[NCL-9648] Implement NPM build action by @patrikk0123 in project-ncl/shared-github-actions#40

[NCL-9648] NPM CI and generic Mend CI by @patrikk0123 in project-ncl/shared-github-actions#41

Fetch tags regardless of fetch-depth by @rnc in project-ncl/shared-github-actions#39

Add release workflow for shared repo by @rnc in project-ncl/shared-github-actions#36

Rename release job. Use workflow_call for jib by @rnc in project-ncl/shared-github-actions#42

👒 Project Dependencies

Update project-ncl/shared-github-actions requirement to 429a1085131890ddf95456ac2a7a8b0866dd78ad by @dependabot[bot] in project-ncl/shared-github-actions#29

Full Changelog: project-ncl/shared-github-actions@v0.0.17...v0.0.18

Commits

153b977 Merge pull request #29 from project-ncl/dependabot/github_actions/project-ncl...
5c44905 Merge pull request #42 from rnc/BR1
99a3c3d Rename release job. Use workflow_call for jib
d96b556 Merge pull request #36 from rnc/BR1
401ca54 Merge pull request #39 from rnc/BR3
fb9557c Add release workflow for shared repo
06a3e68 Update project-ncl/shared-github-actions requirement to 429a1085131890ddf9545...
429a108 NCL-9648 Make Mend CI more generic
89cdc79 NCL-9648 Implement NPM CI workflow
8ba48d2 NCL-9648 Implement NPM build action
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

…rsion.yml Bumps [project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml](https://github.com/project-ncl/shared-github-actions) from 0.0.17 to 0.0.18. - [Release notes](https://github.com/project-ncl/shared-github-actions/releases) - [Commits](project-ncl/shared-github-actions@2d92776...153b977) --- updated-dependencies: - dependency-name: project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml dependency-version: 0.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-13T07:34:07Z

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

SCA scan output

-4.1.133.Final,    |
|          |                                       |                | io.netty:netty-codec-http2:4.1.133.Final,io.netty:netty-codec-http2:4.2.13.Final,                    |
|          |                                       |                | io.netty:netty-codec-http:4.1.133.Final                                                              |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| HIGH     | netty-handler-proxy-4.1.132.Final.jar | CVE-2026-42578 | Upgrade to version  https://github.com/netty/netty.git - netty-4.2.13.Final,                         |
|          |                                       |                | https://github.com/netty/netty.git - netty-4.1.133.Final                                             |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| HIGH     | quarkus-vertx-http-3.34.6.jar         | CVE-2026-39852 | Upgrade to version io.quarkus:quarkus-vertx-http:3.33.1.1,io.quarkus:quarkus-vertx-http:3.20.6.1,    |
|          |                                       |                | io.quarkus:quarkus-vertx-http:3.27.3.1,io.quarkus:quarkus-vertx-http:3.35.1.1,                       |
|          |                                       |                | io.quarkus:quarkus-vertx-http:3.34.7                                                                 |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-codec-http-4.1.132.Final.jar    | CVE-2026-41417 | Upgrade to version io.netty:netty-codec-http:4.2.13.Final,io.netty:netty-codec-http:4.1.133.Final    |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-codec-http-4.1.132.Final.jar    | CVE-2026-42580 | Upgrade to version io.netty:netty-codec-http:4.2.13.Final, https://github.com/netty/netty.git -      |
|          |                                       |                | netty-4.2.13.Final, https://github.com/netty/netty.git - netty-4.1.133.Final,                        |
|          |                                       |                | io.netty:netty-codec-http:4.1.133.Final                                                              |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-codec-http-4.1.132.Final.jar    | CVE-2026-42581 | Upgrade to version  https://github.com/netty/netty.git - netty-4.2.13.Final,                         |
|          |                                       |                | io.netty:netty-codec-http:4.1.133.Final, https://github.com/netty/netty.git - netty-4.1.133.Final,   |
|          |                                       |                | io.netty:netty-codec-http:4.2.13.Final                                                               |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+
| MEDIUM   | netty-codec-http-4.1.132.Final.jar    | CVE-2026-42585 | Upgrade to version io.netty:netty-codec-http:4.2.13.Final,io.netty:netty-codec-http:4.1.133.Final    |
+----------+---------------------------------------+----------------+------------------------------------------------------------------------------------------------------+


Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = vulnerability severity

quarkus-rest-jackson-3.34.6.jar
|-- quarkus-rest-3.34.6.jar
	|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
quarkus-smallrye-health-3.34.6.jar
|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-vertx-3.34.6.jar
		|-- netty-codec-haproxy-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- quarkus-netty-3.34.6.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- smallrye-common-vertx-context-2.17.0.jar
		|-- vertx-core-4.5.26.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-socks-4.1.132.Final.jar
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-handler-4.1.132.Final.jar
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-resolver-dns-4.1.132.Final.jar
				|-- netty-codec-dns-4.1.132.Final.jar [1 HIGH]
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
pnc-api-3.4.4-jakarta.jar
|-- dto-3.3.1.jar
	|-- commons-validator-1.9.0.jar
		|-- commons-beanutils-1.9.4.jar [1 HIGH]
		|-- commons-digester-2.1.jar
			|-- commons-beanutils-1.9.4.jar [1 HIGH]


No Policy violations were detected

Project 'trustbox' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=33ec8085-b640-4d59-b88e-f67b3a6d56b1
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=7801d89d14e34f0bbc1dd5686dd7d3c879a7205ad28e48ecac2989849391299f

Mend AI scan succeeded.

Support Token: 397d9f4d4e6314bd5bb3e63fde582d1ab1778657600441

SAST scan output

*no findings*

Full logs and artifacts

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 13, 2026

thescouser89 merged commit 9611288 into main May 13, 2026
4 checks passed

dependabot Bot deleted the dependabot/github_actions/project-ncl/shared-github-actions/dot-github/workflows/maven-set-version.yml-0.0.18 branch May 13, 2026 15:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.17 to 0.0.18#151

Bump project-ncl/shared-github-actions/.github/workflows/maven-set-version.yml from 0.0.17 to 0.0.18#151
thescouser89 merged 1 commit into
mainfrom
dependabot/github_actions/project-ncl/shared-github-actions/dot-github/workflows/maven-set-version.yml-0.0.18

dependabot Bot commented on behalf of github May 13, 2026

Uh oh!

github-actions Bot commented May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 13, 2026

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

👒 Project Dependencies

Uh oh!

github-actions Bot commented May 13, 2026

Mend Scan Results

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant