Skip to content

Comments

Merge from upstream#3

Merged
fgibelin merged 140 commits intofgibelin:masterfrom
OWASP-Benchmark:master
Jan 13, 2026
Merged

Merge from upstream#3
fgibelin merged 140 commits intofgibelin:masterfrom
OWASP-Benchmark:master

Conversation

@fgibelin
Copy link
Owner

@fgibelin fgibelin commented Jan 6, 2026

No description provided.

PauloASilva and others added 30 commits July 4, 2024 10:58
@PauloASilva
fix(docker): deprecated MAINTAINER instruction
8ac6dc5
@PauloASilva
fix(docker): legacy "ENV key value" format
63b11d6
@dependabot
Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
109e3ed 
Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.9.3.1 to 4.9.3.2.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.3.1...spotbugs-maven-plugin-4.9.3.2)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.9.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #332 from OWASP-Benchmark/dependabot/maven/com.git…
99d7530 
…hub.spotbugs-spotbugs-maven-plugin-4.9.3.2

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
@dependabot
Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0
eae3c16 
Bumps [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) from 2.6.2.0 to 2.7.0.0.
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases)
- [Changelog](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.0-readme-crypto-changes.html)
- [Commits](ESAPI/esapi-java-legacy@esapi-2.6.2.0...esapi-2.7.0.0)

---
updated-dependencies:
- dependency-name: org.owasp.esapi:esapi
  dependency-version: 2.7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #333 from OWASP-Benchmark/dependabot/maven/org.owa…
6be8ea9 
…sp.esapi-esapi-2.7.0.0

Bump org.owasp.esapi:esapi from 2.6.2.0 to 2.7.0.0
@dependabot
Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.0
520e8d1 
Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #334 from OWASP-Benchmark/dependabot/maven/org.apa…
a8bd437 
…che.maven.plugins-maven-enforcer-plugin-3.6.0

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.0
@dependabot
Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.5 to 2.45.0
5aa8320 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.44.5 to 2.45.0.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/2.44.5...lib/2.45.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 2.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #335 from OWASP-Benchmark/dependabot/maven/com.dif…
d706e9c 
…fplug.spotless-spotless-maven-plugin-2.45.0

Bump com.diffplug.spotless:spotless-maven-plugin from 2.44.5 to 2.45.0
@dependabot
Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 to 3.6.1
b79b28f 
Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.6.0...enforcer-3.6.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump commons-io:commons-io from 2.19.0 to 2.20.0
ecbd3a2 
Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.19.0 to 2.20.0.
- [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-io@rel/commons-io-2.19.0...rel/commons-io-2.20.0)

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump com.fasterxml.jackson.core:jackson-databind from 2.19.1 to 2.19.2
e1dcc84 
Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.19.1 to 2.19.2.
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump com.diffplug.spotless:spotless-maven-plugin from 2.45.0 to 2.46.1
d9348d6 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.45.0 to 2.46.1.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@lib/2.45.0...maven/2.46.1)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 2.46.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
d087c0c 
Bumps [commons-codec:commons-codec](https://github.com/apache/commons-codec) from 1.18.0 to 1.19.0.
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-codec@rel/commons-codec-1.18.0...rel/commons-codec-1.19.0)

---
updated-dependencies:
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #336 from OWASP-Benchmark/dependabot/maven/org.apa…
2df9e37 
…che.maven.plugins-maven-enforcer-plugin-3.6.1

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 to 3.6.1
@davewichers
Merge pull request #339 from OWASP-Benchmark/dependabot/maven/commons…
8b46536 
…-io-commons-io-2.20.0

Bump commons-io:commons-io from 2.19.0 to 2.20.0
@davewichers
Merge pull request #340 from OWASP-Benchmark/dependabot/maven/com.fas…
baf2a74 
…terxml.jackson.core-jackson-databind-2.19.2

Bump com.fasterxml.jackson.core:jackson-databind from 2.19.1 to 2.19.2
@davewichers
Merge pull request #341 from OWASP-Benchmark/dependabot/maven/com.dif…
91df53e 
…fplug.spotless-spotless-maven-plugin-2.46.1

Bump com.diffplug.spotless:spotless-maven-plugin from 2.45.0 to 2.46.1
@davewichers
Merge pull request #342 from OWASP-Benchmark/dependabot/maven/commons…
e2734b2 
…-codec-commons-codec-1.19.0

Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
@dependabot
Bump com.github.spotbugs:spotbugs from 4.9.3 to 4.9.4
a8a92a3 
Bumps [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.3...4.9.4)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-version: 4.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.codehaus.cargo:cargo-maven3-plugin from 1.10.20 to 1.10.21
fb9e3c7 
Bumps org.codehaus.cargo:cargo-maven3-plugin from 1.10.20 to 1.10.21.

---
updated-dependencies:
- dependency-name: org.codehaus.cargo:cargo-maven3-plugin
  dependency-version: 1.10.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/checkout from 4 to 5
87aad45 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #347 from OWASP-Benchmark/dependabot/maven/com.git…
bc16ff9 
…hub.spotbugs-spotbugs-4.9.4

Bump com.github.spotbugs:spotbugs from 4.9.3 to 4.9.4
@davewichers
Merge pull request #348 from OWASP-Benchmark/dependabot/maven/org.cod…
177d79d 
…ehaus.cargo-cargo-maven3-plugin-1.10.21

Bump org.codehaus.cargo:cargo-maven3-plugin from 1.10.20 to 1.10.21
@davewichers
Merge pull request #349 from OWASP-Benchmark/dependabot/github_action…
eb87c89 
…s/actions/checkout-5

Bump actions/checkout from 4 to 5
@dependabot
Bump actions/setup-java from 4 to 5
9b45fb6 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4 to 5.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #351 from OWASP-Benchmark/dependabot/github_action…
0303430 
…s/actions/setup-java-5

Bump actions/setup-java from 4 to 5
@dependabot
Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0
21b66e6 
Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.9.3.2 to 4.9.4.0.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.3.2...spotbugs-maven-plugin-4.9.4.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #352 from OWASP-Benchmark/dependabot/maven/com.git…
79bb497 
…hub.spotbugs-spotbugs-maven-plugin-4.9.4.0

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0
davewichers and others added 29 commits November 24, 2025 09:28
@davewichers
Merge pull request #397 from OWASP-Benchmark/dependabot/maven/org.cod…
4d7dfa9 
…ehaus.mojo-versions-maven-plugin-2.20.0

Bump org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.0
@dependabot
Bump org.codehaus.mojo:versions-maven-plugin from 2.20.0 to 2.20.1
633afab 
Bumps [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/mojohaus/versions/releases)
- [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md)
- [Commits](mojohaus/versions@2.20.0...2.20.1)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:versions-maven-plugin
  dependency-version: 2.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #398 from OWASP-Benchmark/dependabot/maven/org.cod…
2bdd0c4 
…ehaus.mojo-versions-maven-plugin-2.20.1

Bump org.codehaus.mojo:versions-maven-plugin from 2.20.0 to 2.20.1
@dependabot
Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0
cbcb9ea 
Bumps [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/apache/maven-resources-plugin/releases)
- [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...v3.4.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-resources-plugin
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0
b50ec2a 
Bumps [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.7.1 to 3.8.0.
- [Release notes](https://github.com/apache/maven-assembly-plugin/releases)
- [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.7.1...v3.8.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-assembly-plugin
  dependency-version: 3.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.maven.plugins:maven-war-plugin from 3.5.0 to 3.5.1
e70b8da 
Bumps [org.apache.maven.plugins:maven-war-plugin](https://github.com/apache/maven-war-plugin) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/apache/maven-war-plugin/releases)
- [Commits](apache/maven-war-plugin@maven-war-plugin-3.5.0...maven-war-plugin-3.5.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-war-plugin
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0
ed937c0 
Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/apache/maven-release/releases)
- [Commits](apache/maven-release@maven-release-3.2.0...maven-release-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-release-plugin
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #399 from OWASP-Benchmark/dependabot/maven/org.apa…
685692c 
…che.maven.plugins-maven-resources-plugin-3.4.0

Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0
@davewichers
Merge pull request #400 from OWASP-Benchmark/dependabot/maven/org.apa…
2be9e9e 
…che.maven.plugins-maven-assembly-plugin-3.8.0

Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0
@davewichers
Merge pull request #401 from OWASP-Benchmark/dependabot/maven/org.apa…
938b2a2 
…che.maven.plugins-maven-war-plugin-3.5.1

Bump org.apache.maven.plugins:maven-war-plugin from 3.5.0 to 3.5.1
@davewichers
Merge pull request #402 from OWASP-Benchmark/dependabot/maven/org.apa…
4943dbb 
…che.maven.plugins-maven-release-plugin-3.3.0

Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0
@dependabot
Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1
02fb88d 
Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/apache/maven-release/releases)
- [Commits](apache/maven-release@maven-release-3.3.0...maven-release-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-release-plugin
  dependency-version: 3.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump org.apache.httpcomponents.core5:httpcore5 from 5.3.6 to 5.4
21e104c 
Bumps [org.apache.httpcomponents.core5:httpcore5](https://github.com/apache/httpcomponents-core) from 5.3.6 to 5.4.
- [Changelog](https://github.com/apache/httpcomponents-core/blob/master/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-core@rel/v5.3.6...rel/v5.4)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.core5:httpcore5
  dependency-version: '5.4'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/upload-artifact from 5 to 6
0d0d1be 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #405 from OWASP-Benchmark/dependabot/maven/org.apa…
b0b465b 
…che.maven.plugins-maven-release-plugin-3.3.1

Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1
@davewichers
Merge pull request #406 from OWASP-Benchmark/dependabot/maven/org.apa…
13c9863 
…che.httpcomponents.core5-httpcore5-5.4

Bump org.apache.httpcomponents.core5:httpcore5 from 5.3.6 to 5.4
@davewichers
Merge pull request #407 from OWASP-Benchmark/dependabot/github_action…
f139ec1 
…s/actions/upload-artifact-6

Bump actions/upload-artifact from 5 to 6
Upgrade Tomcat version.
5ed20d1
@dependabot
Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6
45bab03 
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5.1 to 5.6.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-client@rel/v5.5.1...rel/v5.6)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: '5.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #408 from OWASP-Benchmark/dependabot/maven/org.apa…
df45f14 
…che.httpcomponents.client5-httpclient5-5.6

Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6
@dependabot
Bump org.codehaus.cargo:cargo-maven3-plugin from 1.10.25 to 1.10.26
0fa4076 
Bumps org.codehaus.cargo:cargo-maven3-plugin from 1.10.25 to 1.10.26.

---
updated-dependencies:
- dependency-name: org.codehaus.cargo:cargo-maven3-plugin
  dependency-version: 1.10.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@davewichers
Merge pull request #409 from OWASP-Benchmark/dependabot/maven/org.cod…
2f279f9 
…ehaus.cargo-cargo-maven3-plugin-1.10.26

Bump org.codehaus.cargo:cargo-maven3-plugin from 1.10.25 to 1.10.26
@darkspirit510
fix wrong hostname
dc9abba
@darkspirit510
fix-outdated-urls
3b4bdf5
@davewichers
Merge pull request #410 from darkspirit510/fix-sonarqube-reader
e8ca871 
fix wrong hostname.
@davewichers
Merge pull request #230 from PauloASilva/fix/dockerfile
7fefbf8 
fix(dockerfile): deprecated Dockerfile instructions
@davewichers
Add instructions on how to publish the updated Benchmark for Java Doc…
e36b028 
…ker image to Docker Hub.
@darkspirit510
remove linebreaks
6ff6662
@davewichers
Merge pull request #411 from darkspirit510/fix-urls
36f30ff 
Fix outdated URLs
@fgibelin fgibelin merged commit 88da553 into fgibelin:master Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fgibelin @PauloASilva @davewichers @darkspirit510