chore(deps): bump org.apache.maven.plugins:maven-war-plugin from 2.3 to 3.4.0 in /jans-casa

[dependabot]

Bumps org.apache.maven.plugins:maven-war-plugin from 2.3 to 3.4.0.

Commits

• 6943938 [maven-release-plugin] prepare release maven-war-plugin-3.4.0
• 2209ad9 [MWAR-467] Upgrade components
• 31ed4e9 Fix formatting
• 7053021 [MWAR-464] Upgrade lifecycle mapping plugins
• eb5d29a [MWAR-466] Refresh download page
• ae901c9 [MWAR-465] Rename empty test classes to clazz
• acb0bbb [MWAR-463] Upgrade Parent to 39 - add git blame ignore
• 12fe88e [MWAR-463] Upgrade Parent to 39 - code reformat
• e0c9cbc [MWAR-463] Upgrade Parent to 39
• df7bb81 [MWAR-458] Bump maven-filtering from 3.3.0 to 3.3.1 (#46)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the maven-war-plugin version in the pom.xml files for the app-fips and app modules, which is a common practice to ensure the application is built with the latest features and bug fixes provided by the plugin, and does not directly introduce any security concerns.

Expand for full summary

Summary:

The code changes in this pull request are updates to the maven-war-plugin version in the pom.xml files for two different modules, app-fips and app. Updating the maven-war-plugin version is a common practice to ensure the application is built with the latest features and bug fixes provided by the plugin.

From an application security perspective, these changes do not directly introduce any security concerns. The maven-war-plugin is responsible for packaging the Java web application into a WAR (Web Application Archive) file, and the version update is unlikely to have a significant impact on the application's security.

However, it's important to review the overall dependencies and configurations in the pom.xml files to ensure that the project is using secure versions of all the libraries and frameworks. Outdated or vulnerable dependencies can potentially introduce security vulnerabilities in the application. Additionally, it's a good practice to regularly review the project's dependencies and update them to the latest stable versions to address any known security issues.

Files Changed:

1. jans-casa/app-fips/pom.xml: This file has been updated to use the maven-war-plugin version 3.4.0 instead of the previous version 2.3. This is a routine update to ensure the application is built with the latest features and bug fixes provided by the plugin.

2. jans-casa/app/pom.xml: Similar to the changes in the app-fips/pom.xml file, this file has been updated to use the maven-war-plugin version 3.4.0 instead of the previous version 2.3. This is also a routine update to ensure the application is built with the latest features and bug fixes provided by the plugin.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[moabu]

@dependabot recreate