Bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1

[dependabot]

Bumps org.owasp:dependency-check-maven from 12.1.0 to 12.1.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.1 (2025-04-05)

• fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
  • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
• fix: update links for repository move from jeremylong to the dependency-check organization (#7373)
• fix: resolve NPE when processing CVE-2025-2682 (#7558)
• fix: prevent rogue base suppression files (#7544)
• fix: #6819 handle invalid toml file (#7548)
• fix: Use unscored severity only in absence of any CVSS baseScore (#7530)
• fix: protect against exotic version number of yarn (#7525)
• fix: Ignore require-bundle MANIFEST.MF entry for evidence (#7523)
• fix: avoid error on yarn berry audit when no vulnerability found (#7501)
• fix: improve null checks in Downloader (#7493)
• fix: improve null checks resolves dependency-check/dependency-check-gradle#441
• fix: Avoid FPs when Composer product name has php (#7486)
• fix: cli not honoring window paths correctly (#7470)
• fix: Also apply muteNoisyLoggers to UpdateMojo (#7469)
• fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#7437)
• docs: sync the supported Maven version with the one stated in the system requirement section (#7570)
• docs: update proxy config documentation (#7550)
• docs: Remove copyright as requested by the Apache foundation
• docs: drop redundant text in the Internet Access Required section (#7521)
• docs: correct gradle documentation (#7511)

See the full listing of changes

Commits

• 67cccfb build: prepare release v12.1.1
• d7f876d docs: release 12.1.1
• f7e3d05 build(deps): bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
• 20c62ec build(deps-dev): bump io.netty:netty-codec-http from 4.1.119.Final to 4.2.0.F...
• c0a8a52 build(deps-dev): bump io.netty:netty-codec-http
• 35b7a16 docs: sync the supported Maven version with the one stated in the system requ...
• 511710f build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 (#7571)
• b231423 build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (#7568)
• 1491689 build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 t...
• 288458c build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)