fix(deps): update dependency org.jenkins-ci.plugins:sidebar-link to v2 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.jenkins-ci.plugins:sidebar-link	1.9.1 -> 2.2.2

GitHub Vulnerability Alerts

CVE-2023-32985

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons.

Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation.

This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Sidebar Link Plugin 2.2.2 ensures that only files located within the expected userContent/ directory can be accessed.

---

Release Notes

jenkinsci/sidebar-link-plugin (org.jenkins-ci.plugins:sidebar-link)

v2.2.1

• Apply upcoming core styling to file upload https://github.com/jenkinsci/sidebar-link-plugin/pull/46
• Do not validate icon if default one is used https://github.com/jenkinsci/sidebar-link-plugin/pull/50
• Update dependencies

v2.2.0

• Fixes default icon name JENKINS-68250
• Update dependencies

v2.1.0

• Fix icon upload iframe in global config
  (PR #​36,
  fixes #​28,
  fixes JENKINS-55710)

v2.0.2

• Fix number for hpi.compatibleSinceVersion
  (PR #​38,
  fixes #​37)

v2.0.1

• Add warning about new version
  (PR #​33)
• Update messages
  (PR #​34)

v2.0.0

⚠️ Starting in this version, the plugin configuration is in the
hudson.plugins.sidebar_link.SidebarLinkPlugin.xml file on the Jenkins
controller. Previous versions used sidebar-link.xml instead.

• Remove Travis, add Jenkins badge
  (PR #​29)
• Remove outdated Codacy badge
  (PR #​30)
• Tweaks to use of Java generics
  (PR #​32)
• Adding JCasC support
  (PR #​25,
  fixes JENKINS-63149)

v1.12.1

• Hacktoberfest docs-to-code migration
  (PR #​27,
  mostly fixes #​21)

v1.12.0

• Integrates with TravisCI
  (PR #​15)
• Fixes broken link to badge
  (PR #​16)
• Adds Codacy badge, removes reported issues
  (PR #​18)
• Adds integration with Appveyor
  (PR #​19)
• Use HTTPS URLs in pom.xml
  (PR #​20)
• Migrate to JDK 11
  (PR #​24)

v1.11.0

• Updates pom.xml, adds .gitignore, license
  (PR #​12)
• Upgrades dependencies and JDK to version 8
  (PR #​13)
• Reformats code to Java standards
  (PR #​14)

v1.10

• Add support of Sidebar links for Jenkins Pipeline and other project
  types
  (PR #​9,
  fixes JENKINS-33458)
• Add Jenkinsfile
  (PR #​10)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud