[jenkinsci/findbugs-plugin] 586890: Update spotbugs version

[Ullrich Hafner]

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/findbugs-plugin
  Commit: 58689039ce4d741f4c2d0fa67725d6aa52abd5b1
      
https://github.com/jenkinsci/findbugs-plugin/commit/58689039ce4d741f4c2d0fa67725d6aa52abd5b1
  Author: Alexander Link <alexander.l...@sap.com>
  Date:   2020-08-04 (Tue, 04 Aug 2020)

  Changed paths:
    M library/pom.xml

  Log Message:
  -----------
  Update spotbugs version

The latest version 4.1.1 contains dom4j 2.1.3 which fixes
- CVE-2020-10683 (CVSS v3: 9.8)
- CVE-2018-1000632 (CVSS v3: 7.5)


  Commit: 37560a6a6016f1fce874cc2a1eed5d04157894a2
      
https://github.com/jenkinsci/findbugs-plugin/commit/37560a6a6016f1fce874cc2a1eed5d04157894a2
  Author: Alexander Link <33052602+alx...@users.noreply.github.com>
  Date:   2020-08-04 (Tue, 04 Aug 2020)

  Changed paths:
    M library/pom.xml

  Log Message:
  -----------
  Update dependency xerces

Xerces 2.11.0 contains vulnerability CVE-2012-0881 (CVSS v3: 7.5)
It is fixed in 2.12.0.


  Commit: eaaf2f730da82deb2cbe735b43b5efd9f4bac56c
      
https://github.com/jenkinsci/findbugs-plugin/commit/eaaf2f730da82deb2cbe735b43b5efd9f4bac56c
  Author: Ullrich Hafner <ullrich.haf...@gmail.com>
  Date:   2020-08-17 (Mon, 17 Aug 2020)

  Changed paths:
    M library/pom.xml

  Log Message:
  -----------
  Merge pull request #20 from alxsap/PR_dependencyUpdates

Update vulnerable dependencies: xerces & spotbugs


Compare: 
https://github.com/jenkinsci/findbugs-plugin/compare/15fbf4d5de76...eaaf2f730da8

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/findbugs-plugin/push/refs/heads/master/15fbf4-eaaf2f%40github.com.