chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 2.1.1 to 3.21.0 in /jans-casa

[dependabot]

Bumps org.apache.maven.plugins:maven-site-plugin from 2.1.1 to 3.21.0.

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

maven-site-plugin-3.20.0

Full Changelog: apache/maven-site-plugin@maven-site-plugin-3.12.1...maven-site-plugin-3.20.0

maven-site-plugin-3.12.1

Full Changelog: apache/maven-site-plugin@maven-site-plugin-3.12.0...maven-site-plugin-3.12.1

maven-site-plugin-3.12.0

What's Changed

• [MSITE-829] Upgrade Jetty to 9.4.x implicit java8 requirement now by @​olamy in apache/maven-site-plugin#21
• Enable release drafter by @​olamy in apache/maven-site-plugin#75
• Bump mrm-maven-plugin from 1.2.0 to 1.3.0 by @​dependabot in apache/maven-site-plugin#72
• Bump slf4jVersion from 1.7.32 to 1.7.36 by @​dependabot in apache/maven-site-plugin#71
• Upgrade to maven 3.2.5 + Java8 by @​cstamas in apache/maven-site-plugin#73

New Contributors

• @​olamy made their first contribution in apache/maven-site-plugin#21
• @​cstamas made their first contribution in apache/maven-site-plugin#73

Full Changelog: apache/maven-site-plugin@maven-site-plugin-3.11.0...maven-site-plugin-3.12.0

Commits

• 43f73ec [maven-release-plugin] prepare release maven-site-plugin-3.21.0
• a2880fb [MSITE-1024] Remove IT for MSITE-901
• 6171e7d [MSITE-1023] Upgrade plugins and components (in ITs)
• efd8a57 [MSITE-1022] Upgrade to Maven Reporting Exec 2.0.0
• f5c5fc9 Fix typos in history.apt and faq.fml
• 64c4035 [MSITE-1021] Bump doxiaSitetoolsVersion from 2.0.0-M19 to 2.0.0
• e26765c [MSITE-1020] Bump org.apache.maven.reporting:maven-reporting-api from 4.0.0-M...
• 354cf19 [MSITE-1019] Bump doxiaVersion from 2.0.0-M12 to 2.0.0
• 67b568a Use '@​project.' instead of '@​pom.' expression prefix
• fdfd807 Add version 3.20.0 to plugin history
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

The code changes for the Janssen Project focus on enhancing security through comprehensive GitHub Actions workflows, dependency management, code analysis, secure development practices, and security monitoring across the project's repository.

Expand for full summary

Summary:

The provided code changes cover a wide range of improvements to the Janssen Project's GitHub repository, with a strong focus on enhancing the project's security posture. The changes include the addition of various GitHub Actions workflows, updates to issue and pull request templates, and the introduction of a security policy.

The key security-related improvements are:

1. Dependency Management: The project has implemented Dependabot configuration to automatically update dependencies, and a GitHub Actions workflow to build and publish Docker images, ensuring that dependencies are kept up-to-date and secure.

2. Static Code Analysis and Testing: The project has integrated SonarCloud for continuous code quality and security analysis, as well as linting workflows (Flake8 and Markdown) to maintain code quality and consistency.

3. Secure Development Practices: The project has updated its pull request and issue templates to encourage secure development practices, such as reading guidelines, updating documentation, and running static code analysis.

4. Secure Build and Release Process: The project has implemented various GitHub Actions workflows to build, test, and publish packages and Docker images in a secure manner, including signing packages, generating checksums, and hardening the runner environment.

5. Security Monitoring and Reporting: The project has added a GitHub Actions workflow to regularly analyze the repository's security posture using the OSSF Scorecard tool, and a security policy to provide guidance on reporting and handling security vulnerabilities.

Overall, the provided code changes demonstrate a strong commitment to improving the security and maintainability of the Janssen Project, aligning with industry best practices for secure software development.

Files Changed:

• .gitattributes: Adds a file to enable automatic line ending normalization for text files in the repository.
• .github/ISSUE_TEMPLATE/development-item.md: Adds a new issue template for tracking development tasks.
• .github/ISSUE_TEMPLATE/bug_report.md: Adds a new issue template for reporting bugs.
• .github/CODEOWNERS: Defines code ownership for various components of the project.
• .github/ISSUE_TEMPLATE/feature_request.md: Adds a new issue template for feature requests.
• .github/ISSUE_TEMPLATE/failing-tests.md: Adds a new issue template for reporting failing tests.
• .github/SECURITY.md: Adds a security policy for the Janssen Project.
• .github/dependabot.yml: Configures Dependabot to automatically update dependencies.
• .github/maven-settings.xml: Configures Maven to authenticate with a GitHub server using environment variables.
• .github/pull_request_template.md: Updates the pull request template to encourage secure development practices.
• .github/workflows/build-docker-image.yml: Adds a workflow to build and publish Docker images for the Janssen Project.
• .github/workflows/build-docs.yml: Adds a workflow to publish the project's documentation to GitHub Pages.
• .github/workflows/lint-docs.yml: Adds a workflow to lint the project's documentation.
• .github/workflows/build-nightly-build.yml: Adds a workflow to create nightly builds for the GitHub CLI.
• .github/workflows/build-test.yml: Adds a workflow to build, test, and publish the Janssen Project's applications.
• .github/workflows/ops-label-pr-issues.yml: Adds a workflow to automatically label pull requests and issues.
• .github/workflows/lint-flak8.yml: Adds a workflow to run Flake8 linting on Python code.
• .github/workflows/build-packages.yml: Adds a workflow to publish packages for the Janssen Project.
• .github/workflows/scan-dependency.yml: Adds a workflow to scan dependencies for known vulnerabilities.
• .github/workflows/test-jans-pycloudlib.yml: Adds a workflow to run tests for the jans-pycloudlib project.
• .github/workflows/scan-sonar.yml: Adds a workflow to perform code quality checks using SonarCloud.
• .github/workflows/security-scorecard.yml: Adds a workflow to analyze the repository's security posture using the OSSF Scorecard tool.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[moabu]

@dependabot recreate