Skip to content

Bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.4 to 3.3.7#4536

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.jboss.shrinkwrap.resolver-shrinkwrap-resolver-bom-3.3.7
Open

Bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.4 to 3.3.7#4536
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/org.jboss.shrinkwrap.resolver-shrinkwrap-resolver-bom-3.3.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.4 to 3.3.7.

Release notes

Sourced from org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom's releases.

3.3.7

Shrinkwrap Resolver - 3.3.7

Full Changelog: shrinkwrap/resolver@3.3.6...3.3.7

Resolved issues

Component upgrades

3.3.6

Shrinkwrap Resolver - 3.3.6

Full Changelog: shrinkwrap/resolver@3.3.5...3.3.6

Resolved issues

Chores

Component upgrades

3.3.5

Shrinkwrap Resolver - 3.3.5

Full Changelog: shrinkwrap/resolver@3.3.4...3.3.5

... (truncated)

Commits
  • 2a0b700 [maven-release-plugin] prepare release 3.3.7
  • 4377646 Merge pull request #546 from shrinkwrap/dependabot/maven/version.eu.maveniver...
  • 614ed2a chore(deps): bump version.eu.maveniverse.mima from 2.4.44 to 2.4.45
  • b37f294 Merge pull request #526 from xjusko/fix-provided-scope-warnings
  • 7734ff2 Merge pull request #545 from petrberan/dependencyUpdates
  • fd5fb7e chore(deps): bump org.apache.maven:maven from 3.9.15 to 3.9.16
  • 12a3f51 Merge pull request #542 from shrinkwrap/dependabot/maven/version.eu.maveniver...
  • eb418ed Merge pull request #544 from shrinkwrap/dependabot/maven/org.apache.maven.plu...
  • 8c7c467 Merge pull request #543 from shrinkwrap/dependabot/maven/org.codehaus.plexus-...
  • 98510c6 chore(deps-dev): bump org.apache.maven.plugins:maven-site-plugin
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom
6b74785 
Bumps [org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom](https://github.com/shrinkwrap/resolver) from 3.3.4 to 3.3.7.
- [Release notes](https://github.com/shrinkwrap/resolver/releases)
- [Commits](shrinkwrap/resolver@3.3.4...3.3.7)

---
updated-dependencies:
- dependency-name: org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom
  dependency-version: 3.3.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 15, 2026
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
on-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-sdk-logs-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- opentelemetry-semconv-1.29.0-alpha.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client-jakarta.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-client-3.6.0-SNAPSHOT-jakarta.jar
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
rest-client-3.6.0-SNAPSHOT.jar
|-- vertx-core-3.9.14.jar [1 MEDIUM]
	|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
|-- common-3.6.0-SNAPSHOT.jar
	|-- opentelemetry-instrumentation-annotations-2.24.0.jar
		|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT-patch-builders.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- dto-3.6.0-SNAPSHOT.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
spi-3.6.0-SNAPSHOT.jar
|-- opentelemetry-instrumentation-annotations-2.24.0.jar
	|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- model-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-common-3.4.0.jar
		|-- opentelemetry-ext-cli-java-1.5.0.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-1.58.0.jar
				|-- opentelemetry-exporter-otlp-common-1.58.0.jar
					|-- opentelemetry-exporter-common-1.58.0.jar
						|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-logs-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-metrics-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-sdk-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-common-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-trace-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
test-common-3.6.0-SNAPSHOT.jar
|-- shrinkwrap-resolver-impl-maven-archive-3.3.7.jar
	|-- guice-6.0.0.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- plexus-compiler-javac-2.16.2.jar
		|-- plexus-compiler-api-2.16.2.jar
			|-- plexus-utils-3.2.1.jar [1 HIGH]
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- plexus-utils-3.2.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-3.3.7.jar
	|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- maven-model-builder-3.6.3.jar
		|-- maven-artifact-3.6.3.jar
			|-- plexus-utils-3.2.1.jar [1 HIGH]
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- maven-model-3.6.3.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- maven-repository-metadata-3.6.3.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- maven-resolver-provider-3.6.3.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- maven-settings-builder-3.6.3.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
		|-- plexus-sec-dispatcher-1.4.jar
			|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- maven-settings-3.6.3.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- plexus-sec-dispatcher-2.0.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- plexus-utils-3.2.1.jar [1 HIGH]
	|-- org.eclipse.sisu.plexus-0.3.4.jar
		|-- plexus-utils-3.2.1.jar [1 HIGH]


No Policy violations were detected

Project 'pnc' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=0225ec74-4391-4ac9-bfb5-714664caa6bb
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=c9f6fd516a5241de98250adf2d7ea547bc93772d823b4ff28dd89e6f18810351

Mend AI scan succeeded.

Support Token: 081a070fd09904ee8a07aa6e2c22544d51781556499579
SAST scan output 
warning: 'error' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (mapper/src/main/java/org/jboss/pnc/mapper/abstracts/AbstractArtifactMapper.java:92)

Full logs and artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants