chore(deps): bump org.apache.maven.plugins:maven-war-plugin from 2.3 to 3.4.0 in /jans-casa

[dependabot]

Bumps org.apache.maven.plugins:maven-war-plugin from 2.3 to 3.4.0.

Commits

• 6943938 [maven-release-plugin] prepare release maven-war-plugin-3.4.0
• 2209ad9 [MWAR-467] Upgrade components
• 31ed4e9 Fix formatting
• 7053021 [MWAR-464] Upgrade lifecycle mapping plugins
• eb5d29a [MWAR-466] Refresh download page
• ae901c9 [MWAR-465] Rename empty test classes to clazz
• acb0bbb [MWAR-463] Upgrade Parent to 39 - add git blame ignore
• 12fe88e [MWAR-463] Upgrade Parent to 39 - code reformat
• e0c9cbc [MWAR-463] Upgrade Parent to 39
• df7bb81 [MWAR-458] Bump maven-filtering from 3.3.0 to 3.3.1 (#46)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the maven-war-plugin version in the jans-casa/app-fips and jans-casa/app projects, which is a build-time change that does not directly impact the runtime security of the application, but it is important to review the updated plugin version's changelog or release notes and regularly review the application's overall security posture, including dependency management, logging configurations, cryptographic libraries, and secure coding practices.

Expand for full summary

Summary:

The code changes in this pull request are focused on updating the version of the maven-war-plugin used in the build process for the jans-casa/app-fips and jans-casa/app projects. This is a build-time change and does not directly impact the runtime security of the application.

From an application security perspective, the changes do not introduce any obvious security risks. However, it's important to review the changelog or release notes of the updated plugin version to ensure that there are no known security issues or breaking changes that could impact the application. Additionally, the application's overall security posture should be regularly reviewed, including the management of dependencies, logging and monitoring configurations, use of cryptographic libraries, and adherence to secure coding practices.

Files Changed:

1. jans-casa/app-fips/pom.xml:

   • The maven-war-plugin version is updated from 2.3 to 3.4.0.
   • This is a build-related change and does not directly impact the application code or introduce any security concerns.
   • It's recommended to review the changelog or release notes of the updated plugin version to ensure there are no known security issues or breaking changes.

2. jans-casa/app/pom.xml:

   • The maven-war-plugin version is updated from 2.3 to 3.4.0.
   • This is a build-time change and does not directly impact the runtime security of the application.
   • The application includes a large number of dependencies, and it's important to ensure they are up-to-date and do not contain any known vulnerabilities.
   • The application uses the Log4j logging framework, and the logging configurations should be reviewed to ensure they do not expose sensitive information.
   • The application includes several Bouncy Castle cryptographic libraries, and their usage should be reviewed to avoid potential cryptographic vulnerabilities.
   • The application includes various third-party libraries, and they should be regularly reviewed for known vulnerabilities.
   • The overall codebase should follow secure coding practices to mitigate common web application vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.