Bump script-security from 1.75 to 1.78

[dependabot]

Bumps script-security from 1.75 to 1.78.

Release notes

Sourced from script-security's releases.

Script Security v1.78

• JENKINS-41797 - Resolve infinite loop causes by Concurrent Write to ProxyWhitelist delegates (#356) @​Dohbedoh
• Do not request review from @​dwnusbaum on Dependabot PRs (#360) @​dwnusbaum

📦 Dependency updates

• Bump plugin from 4.21 to 4.24 (#361) @​dependabot
• Bump bom-2.222.x from 807.v6d348e44c987 to 887.vae9c8ac09ff7 (#354) @​dependabot
• Bump plugin from 4.18 to 4.21 (#358) @​dependabot

Script Security 1.77

🚀 New features and improvements

• JEP-223 - RUN_SCRIPTS → ADMINISTER (#348) @​jglick
• JENKINS-64057 - : Whitelist XmlUtil and a few java.util scripts (#319) @​dasanjan1296

🐛 Bug fixes

• Base64 whitelists did not work due to use of canonical rather than binary name (#339) @​jglick

📦 Dependency updates

• Update plugin parent POM; use plugin BOM (#345) @​basil
• Bump caffeine from 2.8.8 to 2.9.0 (#330) @​dependabot
• Bump plugin from 4.15 to 4.16 (#328) @​dependabot
• Bump plugin from 4.14 to 4.15 (#326) @​dependabot
• Bump caffeine from 2.8.6 to 2.8.8 (#323) @​dependabot
• Bump plugin from 4.13 to 4.14 (#324) @​dependabot
• Bump plugin from 4.12 to 4.13 (#321) @​dependabot
• Bump plugin from 4.11 to 4.12 (#317) @​dependabot
• Bump plugin from 4.10 to 4.11 (#316) @​dependabot
• Bump caffeine from 2.8.5 to 2.8.6 (#313) @​dependabot
• Bump plugin from 4.1 to 4.10 (#314) @​dependabot

👻 Maintenance

• Use native Java functionality rather than com.google.common.collect (#346) @​basil

Changelog

Sourced from script-security's changelog.

Changelog

From of version 1.77 see GitHub Releases

Version 1.76

Release date: 2021-02-01

• Improvement: Add the following to the default list of approved signatures ([PR #308](jenkinsci/script-security-plugin#308), [PR #310](jenkinsci/script-security-plugin#310)):
  • All static methods and fields in java.lang.Math
  • All methods related to java.lang.StringBuilder and java.lang.StringBuffer
  • All methods related to java.lang.CharSequence and java.lang.String apart from String.intern()
  • All static methods and fields in java.nio.charset.Charset
  • All methods related to java.util.Base64, java.util.Base64.Decoder, and java.util.Base64.Encoder
• Internal: Update dependencies and parent POM ([PR #311](jenkinsci/script-security-plugin#311), [PR #313](jenkinsci/script-security-plugin#313), [PR #314](jenkinsci/script-security-plugin#314), [PR #316](jenkinsci/script-security-plugin#316), [PR #317](jenkinsci/script-security-plugin#317), [PR #321](jenkinsci/script-security-plugin#321), [PR #323](jenkinsci/script-security-plugin#323), [PR #324](jenkinsci/script-security-plugin#324), [PR #326](jenkinsci/script-security-plugin#326))

Commits

• 58083dc [maven-release-plugin] prepare release script-security-1.78
• a8371ec Merge pull request #356 from Dohbedoh/JENKINS-41797
• a283cfe Merge pull request #361 from jenkinsci/dependabot/maven/org.jenkins-ci.plugin...
• b9afa78 Bump plugin from 4.21 to 4.24
• 90fbaa2 Merge pull request #360 from dwnusbaum/dependabot-reviewers
• a6fcc77 Do not request review from @​dwnusbaum on Dependabot PRs
• ddce7c7 Merge pull request #354 from jenkinsci/dependabot/maven/io.jenkins.tools.bom-...
• 75cbcbe Merge pull request #358 from jenkinsci/dependabot/maven/org.jenkins-ci.plugin...
• 12669c4 Bump plugin from 4.18 to 4.21
• b2d5c82 Update for code for clarity
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[bakito]

@dependabot rebase