Bump org.owasp:dependency-check-maven from 12.2.0 to 12.2.1

[dependabot]

Bumps org.owasp:dependency-check-maven from 12.2.0 to 12.2.1.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

• build: improve GHA workflow experience for forks (#8285)
• build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
• chore: avoid use of parent pom and maven properties where unnecessary (#8322)
• chore: bump java development to 25.0 (#8365)
• chore: fix Charset warnings; preferring typed charsets (#8326)
• chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
• chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
• chore: remove unused properties and schemas (#8378)
• docs: define schema locations in XML examples (#8254)
• docs: document external data sources and hostnames (#8219)
• docs: ensure OSS Index URL override is consistently documented (#8338)
• docs: fix minor typo in README (#8246)
• fix(core): correct xml schema validation handling without needing external access (#8272)
• fix(deps): upgrade slf4j and logback (#8306)
• fix(test): disable pnpm analyzer during test (#8305)
• fix: Correct published/hosted suppressions namespace header and indent (#8258)
• fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
• fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
• fix: #8140 fix version resolution
• fix: #8140 hint azure_identity_library_for_.net
• fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
• fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
• fix: evidence source in Retire JS analyzer (#8303)
• fix: exclude deprecations from Yarn Berry audit results (#8380)
• fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
• fix: improve configuration consistency (casing) (#8355)
• fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
• fix: raw type warning in ProcessReader (#8324)
• fix: suppress false positives for zabbix-utils #8087 (#8218)
• fix: update docs (#8405)
• fix: warn if deprecated configs are used (#8366)
• test: Make tests locale independent (#8328)
• test: #8140 reproduce current behavior
• test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Commits

• bda36b8 build: prepare release v12.2.1
• ef83e7b docs: prepare release 12.2.1
• 09af10d fix: update docs (#8405)
• 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
• 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
• ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...
• 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401)
• 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
• 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394)
• 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)