Update dependency org.jenkins-ci.plugins.workflow:workflow-job to v1295 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.jenkins-ci.plugins.workflow:workflow-job	2.42 -> 1295.v395eb_7400005

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-32977

Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when "Do not allow concurrent builds" is set.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts.
Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted.

---

Release Notes

jenkinsci/workflow-job-plugin (org.jenkins-ci.plugins.workflow:workflow-job)

v1295.v395eb_7400005

Compare Source

v1292.v27d8cc3e2602

Compare Source

👷 Changes for plugin developers

• Bump plugin from 4.57 to 4.58 (#​341) @​dependabot

📦 Dependency updates

• Bump plugin from 4.60 to 4.61 (#​347) @​dependabot
• Bump plugin from 4.58 to 4.60 (#​345) @​dependabot

v1289.1291.vb_7c188e7e7df

Compare Source

v1289.vd1c337fd5354

Compare Source

👷 Changes for plugin developers

• Add pipeline-groovy-lib to test classpath (#​340) @​basil

📦 Dependency updates

• Bump bom-2.361.x from 1750.v0071fa_4c4a_e3 to 1948.veb_1fd345d3a_e (#​338) @​dependabot
• Bump plugin from 4.56 to 4.57 (#​339) @​dependabot
• Bump plugin from 4.55 to 4.56 (#​337) @​dependabot

v1284.v2fe8ed4573d4

Compare Source

👷 Changes for plugin developers

• Do not fail MemoryCleanupTest due to INSANE NCDFE (#​336) @​jglick

v1282.ve6d865025906

Compare Source

🐛 Bug fixes

• JENKINS-69915 - do not use inline js blocks (csp) (#​304) @​Pldi23

👻 Maintenance

• Drop dependency on Commons Lang 3 (#​328) @​basil

📦 Dependency updates

• Bump plugin from 4.54 to 4.55 (#​334) @​dependabot
• Bump git-changelist-maven-extension from 1.5 to 1.6 (#​332) @​dependabot
• Bump git-changelist-maven-extension from 1.4 to 1.5 (#​331) @​dependabot
• Bump plugin from 4.53 to 4.54 (#​326) @​dependabot
• Bump BOM, baseline (#​321) @​jglick

v1268.v6eb_e2ee1a_85a

Compare Source

👷 Changes for plugin developers

• Stop testing against non-block-scoped stage (#​325) @​jglick

📦 Dependency updates

• Bump plugin from 4.52 to 4.53 (#​318) @​dependabot
• Bump plugin from 4.51 to 4.52 (#​317) @​dependabot
• Bump plugin from 4.50 to 4.51 (#​315) @​dependabot
• Use ionicons-api version provided by bom (#​311) @​NotMyFault
• Bump plugin from 4.49 to 4.50 (#​313) @​dependabot

v1254.v3f64639b_11dd

Compare Source

👷 Changes for plugin developers

• reintroduce binary compatabilty lost in #​303 (#​308) @​jtnord

📦 Dependency updates

• Bump plugin from 4.48 to 4.49 (#​306) @​dependabot

v1249.v7d974144cc14

Compare Source

🐛 Bug fixes

• Robustness of NewNodeConsoleNote.annotate (#​300) @​jglick

v1246.v6110f5347f1f

Compare Source

🐛 Bug fixes

• WorkflowRun.doTerm and doKill need to redirect back to the build (#​303) @​jglick

👻 Maintenance

• Adding CODEOWNERS (#​299) @​jglick
• feat: Switch to ionicons-api for symbols (#​291) @​NotMyFault

📦 Dependency updates

• Update baseline, BOM to 2.361.x (#​298) @​jglick
• Bump plugin from 4.47 to 4.48 (#​296) @​dependabot

v1239.v71b_b_a_124a_725

Compare Source

🚀 New features and improvements

• Deduplicate project page entries (#​280) @​NotMyFault

v1236.vc3a_d1602f439

Compare Source

🚀 New features and improvements

• Do not log every time a Pipeline build completes (#​295) @​jglick

📦 Dependency updates

• Bump plugin from 4.43.1 to 4.47 (#​292) @​dependabot

v1232.v5a_4c994312f1

Compare Source

🚀 New features and improvements

• Remove hierarchal sidebar links (#​281) @​janfaracik

📦 Dependency updates

• Bump git-changelist-maven-extension from 1.3 to 1.4 (#​282) @​dependabot

v1229.vb_7c2419a_b_558

Compare Source

🐛 Bug fixes

• Descriptor#bindJSON not StaplerRequest#bindJSON (#​284) @​jglick

v1226.v44f718dcfe1f

Compare Source

🚀 New features and improvements

• Update project configuration screen (#​261) @​janfaracik

v1207.1209.v69351208a_5a_7

Compare Source

v1207.ve6191ff089f8

Compare Source

👷 Changes for plugin developers

• Remove java 8 from CI (#​279) @​timja

v1206.vc48d96b_930b_2

Compare Source

🚀 New features and improvements

• JENKINS-68981 - Change access level of WorkflowRun#isInProgress to public (#​278) @​jmdesprez

📦 Dependency updates

• Bump plugin from 4.41 to 4.42 (#​275) @​dependabot

v1203.v7b_7023424efe

Compare Source

🚀 New features and improvements

• Modernize icons (#​274) @​DuMaM

👻 Maintenance

• chore: use jenkins infra maven cd reusable workflow (#​266) @​jetersen

v1189.va_d37a_e9e4eda_

Compare Source

👷 Changes for plugin developers

• Bump plugin from 4.40 to 4.41 (#​273) @​dependabot

📦 Dependency updates

• Bump plugin from 4.40 to 4.41 (#​273) @​dependabot

v1186.v8def1a_5f3944

Compare Source

🐛 Bug fixes

• Call FlowExecutionListener.fireResumed a bit later (#​260) @​jglick

v1182.v60a_e6279b_579

Compare Source

🚀 New features and improvements

• Update disabled job check with forward compatibility (#​262) @​timja

v1181.va_25d15548158

Compare Source

🐛 Bug fixes

• Make WorkflowJob.submit honor overrides of FlowDefinitionDescriptor.newInstance (jenkinsci/workflow-job-plugin@a25d155) @​yaroslavafenkin

v1180.v04c4e75dce43

Compare Source

👷 Changes for plugin developers

• Update plugin parent POM and BOM (#​256) @​basil

📦 Dependency updates

• Bump actions/checkout from 2.4.0 to 3.0.1 (#​254) @​dependabot
• Bump actions/setup-java from 2 to 3 (#​255) @​dependabot
• Align bom and minimum Jenkins version with 2.332 (#​243) @​NotMyFault

v1174.1176.va_29023983d67

Compare Source

v1174.vdcb_d054cf74a_

Compare Source

🚀 New features and improvements

• Utilize modern table design (#​238) @​NotMyFault

📝 Documentation updates

• New Item>Pipeline ES translation - Hacktoberfest (#​215) @​tatoberres

v1167.v8fe861b_09ef9

Compare Source

🚀 New features and improvements

• Switch to SVG icon (#​234) @​NotMyFault

🐛 Bug fixes

• Ensure all runs with corrupt execution are marked as failures (#​226) @​jonsten

📦 Dependency updates

• Bump plugin from 4.31 to 4.33 (#​232) @​dependabot

🚦 Tests

• Skip tests using @ASTTest which fail when LibraryDecorator is present (#​208) @​jglick

v1156.v7539182e7b_d5

Compare Source

🚀 New features and improvements

• JENKINS-67552 - Use same animation as core for pipeline logs (#​235) @​timja

📦 Dependency updates

• EOL JSR 305 (#​230) @​basil
• Bump actions/checkout from 2.3.4 to 2.4.0 (#​228) @​dependabot
• Bump git-changelist-maven-extension from 1.2 to 1.3 (#​231) @​dependabot

👻 Maintenance

• Missing nullability annotations added (#​217) @​offa

v1145.v7f2433caa07f

🚀 New features and improvements

• Use SVG icons where possible (#​221) @​zbynek
• Move content of buildCaption text into single line. (#​207) @​uhafner
• New Item>Pipeline FR translation JENKINS-66658 - Hacktoberfest (#​214) @​tatoberres

👻 Maintenance

• enable cd (#​227) @​car-roll
• Miscellaneous code cleanup (#​225) @​basil
• Use container agent in Jenkinsfile (#​224) @​basil
• Update Dependabot configuration (#​223) @​basil

🚦 Tests

• No need to override reuseForks (#​220) @​jglick

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.