Bump org.owasp:dependency-check-maven from 12.2.0 to 12.2.2

[dependabot]

Bumps org.owasp:dependency-check-maven from 12.2.0 to 12.2.2.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.2

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.2 (2026-05-03x)

• fix: widen reference URL column to handle long Mozilla CVE URLs (#8467)

• fix: improve Sonatype Guide / OSS Index cache handling and insufficient credits error reporting (#8451)

• fix: de-duplicate and sort both includedBy and projectReferences in reports (#8440)

• fix: add corepack to docker image (#8386)

• fix: support and prefer githubID vuln identifiers from RetireJS (#8419)

• fix: bump open-vulnerability-clients to resolve NVD timestamp parsing errors (#8427)

• fix: migrate default OSS Index API URL to Sonatype Guide; supporting optional username (#8404)

• chore(fp): remove duplicate log4j FP suppressions (#8468)

• chore: remove spurious bundle-audit log line when there are no errors (#8454)

• docs: tweak docs site structure; documenting missing analyzers (#8462)

• docs: correct missing documentation for Gradle plugin (#8431)

• build(deps): bump the actions-deps group with 8 updates (#8472)

• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 (#8465)

• build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 (#8463)

• build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#8453)

• build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 (#8452)

• build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 (#8464)

• build(deps): bump com.mysql:mysql-connector-j from 9.6.0 to 9.7.0 (#8445)

• build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 (#8448)

• build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0

• build(deps): bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#8437)

• build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#8420)

• build(deps): bump httpcomponents.client.version from 5.6 to 5.6.1 (#8432)

• build(deps): bump apache.ant.version from 1.10.16 to 1.10.17 (#8416)

• chore: tidy CHANGELOG formatting (#8414)

See the full listing of changes

Version 12.2.1 (2026-04-11)

• build: improve GHA workflow experience for forks (#8285)
• build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
• chore: avoid use of parent pom and maven properties where unnecessary (#8322)
• chore: bump java development to 25.0 (#8365)
• chore: fix Charset warnings; preferring typed charsets (#8326)
• chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
• chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
• chore: remove unused properties and schemas (#8378)
• docs: define schema locations in XML examples (#8254)
• docs: document external data sources and hostnames (#8219)
• docs: ensure OSS Index URL override is consistently documented (#8338)
• docs: fix minor typo in README (#8246)
• fix(core): correct xml schema validation handling without needing external access (#8272)
• fix(deps): upgrade slf4j and logback (#8306)
• fix(test): disable pnpm analyzer during test (#8305)
• fix: Correct published/hosted suppressions namespace header and indent (#8258)

... (truncated)

Commits

• b51290f build: prepare release v12.2.2
• 70070a9 docs: release 12.2.2
• 47aa0c7 fix: widen reference URL column to handle long Mozilla CVE URLs (#8467)
• 1de40c0 build(deps): bump the actions-deps group with 8 updates (#8472)
• 74678b0 build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 (#8...
• 3f83d80 build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 (#8463)
• 04387c3 build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#8453)
• 11e1771 build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to...
• e850545 chore(fp): remove duplicate log4j FP suppressions (#8468)
• 9acbb33 feat: improve Sonatype Guide / OSS Index cache handling and insufficient cred...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)