Update dependency org.jenkins-ci.plugins:credentials to v1381

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.jenkins-ci.plugins:credentials (source)	dependencies	major	1112.vc87b_7a_3597f6 -> 1381.v2c3a_12074da_b_

By merging this PR, the issue #518 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.5	CVE-2024-47805

---

Release Notes

jenkinsci/credentials-plugin (org.jenkins-ci.plugins:credentials)

v1381.v2c3a_12074da_b_

Compare Source

🔒 Security fixes

• Fix SECURITY-3373. This fix requires Jenkins 2.479 or newer, LTS 2.462.3 or newer, to be effective.

v1380.va_435002fa_924

Compare Source

🚀 New features and improvements

• CSP compatibility improvements (#​533) @​zbynek

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.87 to 4.88 (#​560) @​dependabot

v1378.v81ef4269d764

Compare Source

💥 Breaking changes

• In FIPS environment password must be at least 14 characters (#​558) @​olamy

🐛 Bug fixes

• In FIPS environment password must be at least 14 characters (#​558) @​olamy

✍ Other changes

• Remove hard-coded java-version in Security Scan (#​555) @​strangelookingnerd
• Enable Jenkins Security Scan (#​538) @​strangelookingnerd

📦 Dependency updates

• Bump org.jenkins-ci.plugins:bouncycastle-api from 2.30.1.78.1-246.ve1089fe22055 to 2.30.1.78.1-248.ve27176eb_46cb_ (#​548) @​dependabot
• Bump org.antlr:antlr4-maven-plugin from 4.13.1 to 4.13.2 (#​554) @​dependabot
• Bump io.jenkins.tools.bom:bom-2.426.x from 2961.v1f472390972e to 3208.vb_21177d4b_cd9 (#​552) @​dependabot
• Bump org.jenkins-ci.plugins:plugin from 4.85 to 4.87 (#​556) @​dependabot

v1361.v56f5ca_35d21c

Compare Source

🚀 New features and improvements

• JENKINS-73334 - make plugin FIPS-140 compliant by blocking PKCS#12 certificates when in FIPS mode (#​539) @​jtnord

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.84 to 4.85 (#​546) @​dependabot

v1307.v3757c78f17c3

Compare Source

🐛 Bug fixes

• Compatibility error in CredentialsProvider (#​492) @​jglick

v1305.v04f5ec1f3743

Compare Source

👷 Changes for plugin developers

• JEP-227 - JENKINS-39324 - Replace Acegi Security with Spring Security APIs (#​490) @​Vlatombe

⚠️ Regressions reported, under investigation.

v1304.v5ec13eecef46

Compare Source

👻 Maintenance

• Prepare for prototype removal (#​491) @​rsandell
• Do not use FormApply#applyResponse to execute arbitrary javascript (#​481) @​yaroslavafenkin

📦 Dependency updates

• Bump org.antlr:antlr4-maven-plugin from 4.13.0 to 4.13.1 (#​482) @​dependabot

v1293.vff276f713473

Compare Source

👷 Changes for plugin developers

• Use Descriptor.bindJSON to support complex describable fields in custom credentials (#​488) @​dwnusbaum

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.73 to 4.74 (#​487) @​dependabot

v1268.v3f0d043d60e9

Compare Source

🐛 Bug fixes

• Replace Prototype.js with native JavaScript (#​443) @​basil

📦 Dependency updates

• Bump asciidoctorj-pdf from 2.3.4 to 2.3.9 (#​463) @​dependabot
• Bump antlr4-maven-plugin from 4.11.1 to 4.13.0 (#​447) @​dependabot
• Bump git-changelist-maven-extension from 1.4 to 1.7 (#​461) @​dependabot
• Bump plugin from 4.66 to 4.71 (#​464) @​dependabot
• Upgrade HtmlUnit from 2.x to 3.x (#​453) @​timja-bot

v1236.v31e44e6060c0

Compare Source

🚀 New features and improvements

• Apply upcoming core styling to file upload (#​403) @​timja
• Simplify Manage Jenkins items naming + change icons (#​417) @​janfaracik

👻 Maintenance

• Adapt to https://github.com/jenkinsci/jenkins/pull/7293 (#​385) @​basil

📦 Dependency updates

• Bump plugin from 4.55 to 4.61 (#​433) @​dependabot

v1214.v1de940103927

Compare Source

🐛 Bug fixes

• JENKINS-68791 - Missing icon for global credential store (#​377) @​ridemountainpig

👻 Maintenance

• JENKINS-69653 - Un-inlining dialog.jelly (#​378) @​Pldi23
• Move app-bar to main panel (#​366) @​timja

✍ Other changes

• Add Java 17 to test matrix (#​387) @​NotMyFault
• chore: use jenkins infra maven cd reusable workflow (#​325) @​jetersen

📦 Dependency updates

• Bump plugin from 4.49 to 4.50 (#​389) @​dependabot
• Bump asciidoctorj from 2.5.5 to 2.5.7 (#​381) @​dependabot
• Bump jruby-complete from 9.3.4.0 to 9.3.9.0 (#​382) @​dependabot
• Bump asciidoctorj-pdf from 2.3.0 to 2.3.3 (#​380) @​dependabot
• Bump plugin from 4.47 to 4.49 (#​384) @​dependabot

v1129.vef26f5df883c

Compare Source

🐛 Bug fixes

• JENKINS-68616 - Enable field validation checks (#​316) @​MarkEWaite

v1126.ve05618c41e62

Compare Source

🚀 New features and improvements

• Add CredentialsUseListener to improve tracking of Credentials usage (#​295) @​meiswjn

---

• If you want to rebase/retry this PR, check this box

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.61%. Comparing base (bef263b) to head (022b5e2).

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #588   +/-   ##
=========================================
  Coverage     84.61%   84.61%           
  Complexity      133      133           
=========================================
  Files           123      123           
  Lines           780      780           
  Branches         86       86           
=========================================
  Hits            660      660           
  Misses           33       33           
  Partials         87       87           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.