Bump the maven group across 1 directory with 6 updates

[dependabot]

Bumps the maven group with 6 updates in the / directory:

Package	From	To
org.codehaus.plexus:plexus-archiver	2.2	4.8.0
org.json:json	20201115	20231013
org.jenkins-ci.plugins.workflow:workflow-job	2.4	1295.v395eb_7400005
org.jenkins-ci.plugins:credentials	2.1.19	1371.1373.v4eb_fa_b_7161e9
org.jenkins-ci.main:jenkins-core	2.241	2.462.3
org.apache.ant:ant	1.10.8	1.10.11

Updates org.codehaus.plexus:plexus-archiver from 2.2 to 4.8.0

Release notes

Sourced from org.codehaus.plexus:plexus-archiver's releases.

4.8.0

🚀 New features and improvements

• Add tzst alias for tar.zst archiver/unarchived (#274) @​slawekjaranowski

🐛 Bug Fixes

• detect permissions for addFile (#293) @​hboutemy

📦 Dependency updates

• Bump org.codehaus.plexus:plexus from 13 to 14 (#296) @​dependabot
• Bump zstd-jni from 1.5.5-4 to 1.5.5-5 (#295) @​dependabot
• Bump Eclipse Sisu and from 0.3.5 to 0.9.0.M2 (#289) @​slachiewicz
• Bump commons-io from 2.12.0 to 2.13.0 (#288) @​dependabot
• Bump zstd-jni from 1.5.5-3 to 1.5.5-4 (#287) @​dependabot
• Bump plexus-utils from 3.5.1 to 4.0.0 (#283) @​dependabot
• Bump commons-io from 2.11.0 to 2.12.0 (#277) @​dependabot
• Bump zstd-jni from 1.5.5-2 to 1.5.5-3 (#284) @​dependabot
• Bump guice from 5.1.0 to 6.0.0 (#278) @​dependabot
• Bump plexus from 10 to 13 (#280) @​dependabot

👻 Maintenance

• Remove public modifier from JUnit 5 tests (#294) @​slawekjaranowski
• Use https in scm/url (#291) @​slawekjaranowski
• Remove junit-jupiter-engine from project dependencies (#292) @​slawekjaranowski
• Remove parent and reports menu from site (#282) @​slawekjaranowski
• Cleanup after "veryLargeJar" test (#281) @​slachiewicz
• Override project.url (#279) @​slawekjaranowski

Plexus Archiver 4.7.1

🐛 Bug Fixes

• don't apply umask on unknown perms (Win) (#273) @​hboutemy

Plexus Archiver 4.7.0

🚀 New features and improvements

• add umask support and use 022 in RB mode (#271) @​hboutemy
• Use NIO Files for creating temporary files (#270) @​slawekjaranowski
• Deprecate the JAR Index feature (JDK-8302819) (#268) @​jorsol
• Add Archiver aliases for tar.* (#266) @​slawekjaranowski

📦 Dependency updates

• Bump junitVersion from 5.9.2 to 5.9.3 (#267) @​dependabot

... (truncated)

Changelog

Sourced from org.codehaus.plexus:plexus-archiver's changelog.

Plexus Archiver Release Notes

Newer release

Newer release notes are maintained on GitHub releases

Plexus Archiver 4.2.1

Bugs

• [Issue #126][issue-126] - Fixed broken javadoc for Archiver#configureReproducible.
• [Issue #127][issue-127] - Fixed reproducible zip entry time depends on local daylight saving time.

Plexus Archiver 4.2.0

Improvements

• [Pull Request #121][pr-121] - Add API to configure reproducible archives - Archiver#configureReproducible.
• Add option to force the user and group for all archive entries.
• Add option to force the last modified date for all archive entries.
• [Issue #114][issue-114] - Add option to provide Comparator for Archiver. The archive entries will be added in the order specified by the provided comparator.
• [Pull Request #117][pr-117] - Add option to limit the output size for AbstractZipUnArchiver as a way of protection against ZIP bombs. Thanks to Sergey Patrikeev and Semyon Atamas.
• Various code improvements. Thanks to Semyon Atamas and Sergey Patrikeev.

Bugs

• [Issue #94][issue-94] - Fixed setting archiver destination to the working directory causes NullPointerException.

Tasks

• [Issue #119][issue-119] - Updated dependencies: commons-compress to 1.18, plexus-io to 3.2.0 and plexus-utils to 3.3.0.

Plexus Archiver 4.1.0

Improvements

... (truncated)

Commits

• See full diff in compare view

Updates org.json:json from 20201115 to 20231013

Release notes

Sourced from org.json:json's releases.

20231013

Pull Request	Description
#793	Reverted #761
#792	update the docs for release 20231013
#783	optLong vs getLong inconsistencies
#782	Fix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows
#779	add validity check for JSONObject constructors
#778	Fix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows
#776	Update [JUnit to version 4.13.2
#774	Removing unneeded synchronization
#773	Add optJSONArray method to JSONObject with a default value
#772	Disallow nested objects and arrays as keys in objects
#779	Unit test cleanup
#769	Addressed Java 17 compile warnings
#764	Update CodeQL action version
#761	Add module-info
#759	JSON parsing should detect embedded
#753	Updated new object methods
#752	Fixes possible unit test bug when compiling/testing on Windows

20230618

Pull Request	Description
#749	Prep for release 20230618
#740	Fixed Flaky Tests Caused by JSON permutations
#734	Fixed Flaky Tests Caused by JSON permutations
#733	JSONTokener implemented java.io.Closeable
#731	Removing commented out code in JSONObject optDouble()
#729	Refactor ParserConfiguration class hierarchy

20230227

Pull Request	Description
#723	Protect JSONML from stack overflow exceptions caused by recursion
#720	Limit the XML nesting depth for CVE-2022-45688
#711	Revert pull 707 - interviewbit spam
#704	Move javadoc comments above the interface definition to make it visible
#703	Update Releases.md for JSONObject(Map): Throws NPE if key is null
#696	Update JSONPointerTest for NonDex compatibility
#694	Pretty print XML
#692	Example.md syntax highlight and indentation
#691	Create unit tests for various number formats

20220924

Pull Request	Description
#688	Update copyright to Public Domain
#687	Fix a typo
#685	JSONObject map type unit tests

... (truncated)

Changelog

Sourced from org.json:json's changelog.

20231013 First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.

20230618 Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.

20230227 Fix for CVE-2022-45688 and recent commits

20220924 New License - public domain, and some minor updates

20220320 Wrap StackOverflow with JSONException

20211205 Recent commits and some bug fixes for similar()

20210307 Recent commits and potentially breaking fix to JSONPointer

Commits

• See full diff in compare view

Updates org.jenkins-ci.plugins.workflow:workflow-job from 2.4 to 1295.v395eb_7400005

Release notes

Sourced from org.jenkins-ci.plugins.workflow:workflow-job's releases.

1292.v27d8cc3e2602

👷 Changes for plugin developers

• Bump plugin from 4.57 to 4.58 (#341) @​dependabot

📦 Dependency updates

• Bump plugin from 4.60 to 4.61 (#347) @​dependabot
• Bump plugin from 4.58 to 4.60 (#345) @​dependabot

1289.vd1c337fd5354

👷 Changes for plugin developers

• Add pipeline-groovy-lib to test classpath (#340) @​basil

📦 Dependency updates

• Bump bom-2.361.x from 1750.v0071fa_4c4a_e3 to 1948.veb_1fd345d3a_e (#338) @​dependabot
• Bump plugin from 4.56 to 4.57 (#339) @​dependabot
• Bump plugin from 4.55 to 4.56 (#337) @​dependabot

1284.v2fe8ed4573d4

👷 Changes for plugin developers

• Do not fail MemoryCleanupTest due to INSANE NCDFE (#336) @​jglick

1282.ve6d865025906

🐛 Bug fixes

• JENKINS-69915 - do not use inline js blocks (csp) (#304) @​Pldi23

👻 Maintenance

• Drop dependency on Commons Lang 3 (#328) @​basil

📦 Dependency updates

• Bump plugin from 4.54 to 4.55 (#334) @​dependabot
• Bump git-changelist-maven-extension from 1.5 to 1.6 (#332) @​dependabot
• Bump git-changelist-maven-extension from 1.4 to 1.5 (#331) @​dependabot
• Bump plugin from 4.53 to 4.54 (#326) @​dependabot
• Bump BOM, baseline (#321) @​jglick

1268.v6eb_e2ee1a_85a

👷 Changes for plugin developers

... (truncated)

Commits

• See full diff in compare view

Updates org.jenkins-ci.plugins:credentials from 2.1.19 to 1371.1373.v4eb_fa_b_7161e9

Release notes

Sourced from org.jenkins-ci.plugins:credentials's releases.

1371.1373.v4eb_fa_b_7161e9

🔒 Security fixes

• Fix SECURITY-3373. This fix requires Jenkins 2.479 or newer, LTS 2.462.3 or newer, to be effective. Backport of 1381.v2c3a_12074da_b_ on top of 1371.vfee6b_095f0a_3.

1371.vfee6b_095f0a_3

🚀 New features and improvements

• JENKINS-73335 - add support for PEM encoded certificate (and key) (#543) @​jtnord

1361.v56f5ca_35d21c

🚀 New features and improvements

• JENKINS-73334 - make plugin FIPS-140 compliant by blocking PKCS#12 certificates when in FIPS mode (#539) @​jtnord

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.84 to 4.85 (#546) @​dependabot

1355.v46f52a_b_98d64

🚨 Removed

• Remove FileOnMasterKeyStroreSource and SECURITY-1322 - migration (#540) @​jtnord

👻 Maintenance

• Remove FileOnMasterKeyStroreSource and SECURITY-1322 - migration (#540) @​jtnord

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.83 to 4.84 (#545) @​dependabot

1350.v1b_df4d227d1b_

🚨 Removed

• remove deprecated and unused Upload class (#541) @​jtnord

📦 Dependency updates

• Bump io.jenkins.tools.incrementals:git-changelist-maven-extension from 1.7 to 1.8 (#524) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.80 to 4.83 (#535) @​dependabot

1344.v5a_3f65a_1e173

🔨 Developer

... (truncated)

Changelog

Sourced from org.jenkins-ci.plugins:credentials's changelog.

Version History

Moved to https://github.com/jenkinsci/credentials-plugin/releases starting in 2.3.8.

Version 2.3.7 (April 16th, 2020)

• JCasC support for GlobalCredentialsConfiguration (JENKINS-61880)

Version 2.3.6 (April 15th, 2020)

• JCasC support for CredentialsProvider extensions (JENKINS-61900).

Version 2.3.5 (March 23rd, 2020)

• Add system property com.cloudbees.plugins.credentials.CredentialsProvider.fingerprintEnabled which can be set to false to disable credentials tracking using fingerprints.

Version 2.3.4 (March 18th, 2020)

• Add category to system settings for modern Jenkins releases.

Version 2.3.3 (February 27th, 2020)

• Use pass-through conversion for SecretBytes to avoid JCasC errors (PR-135).

Version 2.3.2 (February 27th, 2020)

• Show credentials id in DomainWrapper view (PR-120).
• Migrate changelog to repository (PR-134).

Version 2.3.1 (August 26th, 2019)

• Use GitHub for documentation root instead of wiki ( PR-128 ).
• Various code cleanups ( PR-133 - JCasC test harness, PR-132 - Use latest parent pom, PR-131 - Minor documentation grammar fix, PR-130 - Test with configuration as code plugin 1.34, PR-127 - Use try with resources and ACL.as, other cleanups ).

Version 2.3.0 (August 26th, 2019)

• Allow credentials parameters to shadow credentials with the same id in credentials lookup (JENKINS-58170).
• Various code cleanups ( PR-125 - Use Java 8 syntax more widely, other cleanup, PR-124 - Documentation updates ).

Version 2.2.1 (August 1st, 2019)

• Fix incorrect permission check for MANAGE_DOMAINS (JENKINS-56607).
• Fix memory leak in credentials fingerprint tracking

... (truncated)

Commits

• See full diff in compare view

Updates org.jenkins-ci.main:jenkins-core from 2.241 to 2.462.3

Release notes

Sourced from org.jenkins-ci.main:jenkins-core's releases.

2.462.3

We're excited to announce the release of Jenkins 2.462.3 🎉

Changelog and upgrade guide

See the changelog and upgrade guide to learn about breaking changes and other considerations when updating.

Reporting issues

If you locate an issue with this release, please file an issue on Jira, otherwise use the forums if you're unsure whether you encounter an issue or not.

2.462.3 RC

Please report issues found to the release candidate announcement thread.

Final release is scheduled for October 2nd, 2024.

Download the release from: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.462.3-rc35065.1812dee1f93d/jenkins-war-2.462.3-rc35065.1812dee1f93d.war

After the final release, the official changelog and official upgrade guide will be available on www.jenkins.io/download.

2.462.2

Jenkins 2.462.2

We're excited to announce the release of Jenkins 2.462.2 🎉

Changelog and upgrade guide

See the changelog and upgrade guide to learn about breaking changes and other considerations when updating.

Reporting issues

If you find an issue with this release, please file an issue on Jira, otherwise use the forums if you're unsure whether you encounter an issue or not.

2.462.2 RC

Please report issues found to the release candidate announcement thread.

Final release is scheduled for September 4th, 2024.

Download the release from the Jenkins artifact repository

After the final release, the official changelog and official upgrade guide will be available on www.jenkins.io/download.

2.462.1

We're excited to announce the release of Jenkins 2.462.1 🎉

Changelog and upgrade guide

See the changelog and upgrade guide to learn about breaking changes and other considerations when updating.

Reporting issues

If you locate an issue with this release, please file an issue on Jira, otherwise use the forums if you're unsure whether you encounter an issue or not.

... (truncated)

Commits

• c91a0e9 [maven-release-plugin] prepare release jenkins-2.462.3
• 22ec4ac [SECURITY-3373]
• e2cb320 [SECURITY-3451]
• e384931 [SECURITY-3448]
• 1812dee Upgrade to Winstone 6.22 and Jetty 10.0.24 (#9698)
• 33a868d Merge pull request #9733 from krisstern/chore/stable-2.462/backporting-2.462.3-1
• d894603 [JENKINS-73692] Turn off logging from BackgroundGlobalBuildDiscarder (#9663)
• bddc28b [JENKINS-73668] fix styling of rowSelectionController dropdown (#9641)
• 8fdfb98 [JENKINS-73422] Add escape hatch for Authenticated user access to Resource UR...
• 71321fa [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.apache.ant:ant from 1.10.8 to 1.10.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.