Skip to content

Bump org.jboss.pnc:pnc-api from 3.4.4 to 3.5.0#690

Merged
rnc merged 2 commits into
masterfrom
dependabot/maven/org.jboss.pnc-pnc-api-3.5.0
Jun 15, 2026
Merged

Bump org.jboss.pnc:pnc-api from 3.4.4 to 3.5.0#690
rnc merged 2 commits into
masterfrom
dependabot/maven/org.jboss.pnc-pnc-api-3.5.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps org.jboss.pnc:pnc-api from 3.4.4 to 3.5.0.

Release notes

Sourced from org.jboss.pnc:pnc-api's releases.

3.5.0

What's Changed

🐛 Fixes / 🚀 Enhancements

👒 Project Dependencies

... (truncated)

Commits
  • 402f876 [maven-release-plugin] prepare release 3.5.0
  • 6ae5cae Define name for child modules
  • f0d3a8a Remove redundant plugin and property overrides
  • 9f79650 Modify maven-pr permissions
  • b2a31a3 Use jboss-parent and revert to JDK8 API. Update gh-actions.
  • db86760 Revert "[NCL-9665] Fix description for BUILD_CATEGORY"
  • 45d751d Revert "[NCL-9668] Introduce build categories for IBM and Red Hat suffixing"
  • f23040a Bump project-ncl/shared-github-actions/.github/workflows/maven-release.yml
  • dee3653 [NCL-9665] Fix description for BUILD_CATEGORY
  • a335e29 Bump org.projectlombok:lombok from 1.18.44 to 1.18.46
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 9, 2026
@rnc

rnc commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/maven/org.jboss.pnc-pnc-api-3.5.0 branch from fe7261e to 78316f5 Compare June 15, 2026 13:29
@rnc

rnc commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot
Bump org.jboss.pnc:pnc-api from 3.4.4 to 3.5.0
c24d5c3 
Bumps [org.jboss.pnc:pnc-api](https://github.com/project-ncl/pnc-api) from 3.4.4 to 3.5.0.
- [Release notes](https://github.com/project-ncl/pnc-api/releases)
- [Commits](project-ncl/pnc-api@3.4.4...3.5.0)

---
updated-dependencies:
- dependency-name: org.jboss.pnc:pnc-api
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/org.jboss.pnc-pnc-api-3.5.0 branch from 78316f5 to c24d5c3 Compare June 15, 2026 13:48
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
- netty-codec-http2-4.1.133.Final.jar [3 MEDIUM]
					|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
					|-- netty-handler-4.1.133.Final.jar [3 HIGH]
				|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
		|-- quarkus-virtual-threads-3.36.1.jar
			|-- vertx-core-4.5.27.jar
				|-- netty-codec-haproxy-4.1.133.Final.jar [2 HIGH]
				|-- netty-codec-http2-4.1.133.Final.jar [3 MEDIUM]
				|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
					|-- netty-handler-4.1.133.Final.jar [3 HIGH]
				|-- netty-handler-proxy-4.1.133.Final.jar
					|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
					|-- netty-handler-4.1.133.Final.jar [3 HIGH]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
				|-- netty-resolver-dns-4.1.133.Final.jar [2 HIGH, 1 MEDIUM]
					|-- netty-handler-4.1.133.Final.jar [3 HIGH]
|-- maven-scm-provider-jgit-1.13.0.jar
	|-- org.eclipse.jgit-4.5.4.201711221230-r.jar [1 HIGH, 1 MEDIUM]
|-- maven-scm-provider-svnexe-1.13.0.jar
	|-- commons-lang-2.6.jar [1 MEDIUM]
testsuite-3.0.1-SNAPSHOT.jar
|-- application-3.0.1-SNAPSHOT.jar
	|-- quarkus-jdbc-postgresql-3.36.1.jar
		|-- quarkus-agroal-3.36.1.jar
			|-- opentelemetry-jdbc-2.26.1-alpha.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- quarkus-narayana-jta-3.36.1.jar
				|-- narayana-jta-7.3.4.Final.jar
					|-- infinispan-commons-16.0.12.jar
						|-- micrometer-core-1.16.5.jar [2 HIGH]
					|-- infinispan-core-9.4.24.Final.jar [1 HIGH, 1 MEDIUM]
	|-- quarkus-micrometer-opentelemetry-3.36.1.jar
		|-- opentelemetry-micrometer-1.5-2.26.1-alpha.jar
			|-- opentelemetry-instrumentation-api-2.26.1.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- quarkus-micrometer-3.36.1.jar
			|-- micrometer-core-1.16.5.jar [2 HIGH]
			|-- quarkus-undertow-3.36.1.jar
				|-- quarkus-http-core-5.5.0.jar
					|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
		|-- quarkus-opentelemetry-3.36.1.jar
			|-- opentelemetry-instrumentation-annotations-support-2.26.1-alpha.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-runtime-telemetry-java17-2.26.1-alpha.jar
				|-- opentelemetry-runtime-telemetry-2.26.1-alpha.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-api-incubator-1.60.1-alpha.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-common-1.60.1.jar
				|-- opentelemetry-exporter-common-1.60.1.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-1.60.1.jar
				|-- opentelemetry-sdk-logs-1.60.1.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- quarkus-grpc-common-3.36.1.jar
				|-- vertx-grpc-4.5.27.jar
					|-- grpc-netty-1.81.0.jar
						|-- netty-codec-http2-4.1.133.Final.jar [3 MEDIUM]
	|-- quarkus-oidc-3.36.1.jar
		|-- quarkus-vertx-3.36.1.jar
			|-- netty-codec-haproxy-4.1.133.Final.jar [2 HIGH]
			|-- quarkus-netty-3.36.1.jar
				|-- netty-codec-http2-4.1.133.Final.jar [3 MEDIUM]
				|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
	|-- reports-rest-3.0.1-SNAPSHOT.jar
		|-- quarkus-websockets-3.36.1.jar
			|-- quarkus-websockets-client-3.36.1.jar
				|-- quarkus-http-websocket-core-5.5.0.jar
					|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
		|-- reports-backend-3.0.1-SNAPSHOT.jar
			|-- quarkus-hibernate-orm-3.36.1.jar
				|-- micrometer-core-1.16.5.jar [2 HIGH]
			|-- communication-3.0.1-SNAPSHOT.jar
				|-- galley-cache-partyline-1.22-jakarta.jar
					|-- partyline-2.4.jar
						|-- infinispan-core-9.4.24.Final.jar [1 HIGH, 1 MEDIUM]
				|-- source-code-manager-3.0.1-SNAPSHOT.jar
					|-- maven-scm-provider-jgit-1.13.0.jar
						|-- org.eclipse.jgit-4.5.4.201711221230-r.jar [1 HIGH, 1 MEDIUM]
					|-- maven-scm-provider-svnexe-1.13.0.jar
						|-- commons-lang-2.6.jar [1 MEDIUM]
|-- rest-client-jakarta-3.4.5.jar
	|-- common-3.4.5-jakarta.jar
		|-- opentelemetry-instrumentation-annotations-2.27.0.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- pnc-common-3.5.0-jakarta.jar
		|-- opentelemetry-ext-cli-java-2.0.0.jar
			|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-sdk-1.60.1.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
				|-- opentelemetry-sdk-common-1.60.1.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
				|-- opentelemetry-sdk-metrics-1.60.1.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
				|-- opentelemetry-sdk-trace-1.60.1.jar
					|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
			|-- netty-handler-4.1.133.Final.jar [3 HIGH]
	|-- rest-client-3.4.5-jakarta.jar
		|-- vertx-core-4.5.27.jar
			|-- netty-codec-haproxy-4.1.133.Final.jar [2 HIGH]
			|-- netty-codec-http2-4.1.133.Final.jar [3 MEDIUM]
				|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
			|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
			|-- netty-handler-proxy-4.1.133.Final.jar
				|-- netty-codec-http-4.1.133.Final.jar [1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]
			|-- netty-handler-4.1.133.Final.jar [3 HIGH]
			|-- netty-resolver-dns-4.1.133.Final.jar [2 HIGH, 1 MEDIUM]
				|-- netty-handler-4.1.133.Final.jar [3 HIGH]


No Policy violations were detected

Project 'dependency-analysis' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=17cd357b-3d0e-43ac-a982-661505cac482
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=d38fa0abfb554c9cac571a09497e0af3f534680889b74705ab11e416b1c07dd4

Mend AI scan succeeded.

Support Token: 102f190eb6d324200b09c07d4043e175d1781532621914
SAST scan output 
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:142)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:140)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:122)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (source-code-manager/src/main/java/org/jboss/da/scm/impl/SCMImpl.java:69)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:124)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-backend/src/main/java/org/jboss/da/reports/impl/ReportsGeneratorImpl.java:571)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:101)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (reports-rest/src/main/java/org/jboss/da/rest/reports/Reports.java:103)
warning: 'info' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (source-code-manager/src/main/java/org/jboss/da/scm/impl/SCMImpl.java:44)

Full logs and artifacts

@rnc rnc merged commit 75b7c78 into master Jun 15, 2026
2 checks passed
@rnc rnc deleted the dependabot/maven/org.jboss.pnc-pnc-api-3.5.0 branch June 15, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rnc