Changelog
*Sourced from [dependency-check-maven's changelog](https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md).*
> ## [Version 4.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v4.0.2) (2019-01-01)
>
> ### Enhancements
>
> - Added the ability for the dependency-check-maven plugin to scan the `dependencyManagement` section
> of the `pom.xml`. Note that in the default configuration the dependency management section is skipped.
> To enable this feature set `false`.
> - If using a local Nexus server (v2 or v3 pro) it is now possible to provide authentication credentials.
> - Previous versions only worked with anonymous/unauthenticated access.
> - See [issue #977](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/977)
>
> ### Bug Fixes
>
> - Updated fix for transitive dependencies with known vulnerabilities (guava and commons-collections)
> so that the upgrade occurs correctly in other integrations that utilize core; see
> [issue #1562](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1561#issuecomment-450112110).
> - Resolved several false positives
Commits
- [`0c39611`](https://github.com/jeremylong/DependencyCheck/commit/0c3961197e87abc0cd925a14440c411a4db584bf) added version 4.0.2 release notes
- [`b355855`](https://github.com/jeremylong/DependencyCheck/commit/b3558554b9055dc7f29a832e2ff3c40079a5d13e) version 4.0.2
- [`5cf9206`](https://github.com/jeremylong/DependencyCheck/commit/5cf9206655a705f148b34d2031b858974fe35731) checkstyle/cleanup
- [`60d2d86`](https://github.com/jeremylong/DependencyCheck/commit/60d2d86cccb39983f92a4e291740d793ce651f0b) Merge pull request [#1552](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1552) from guidoschreuder/enable-dependency-management-sca...
- [`969c046`](https://github.com/jeremylong/DependencyCheck/commit/969c046db48a9eac6e853e0adff5d19d7c3f7fda) Merge pull request [#1647](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1647) from jeremylong/fixScanAgentTest
- [`0742e3d`](https://github.com/jeremylong/DependencyCheck/commit/0742e3de40353735129af15b2be5470c880d5dcb) fix the scan agent test case as reported https://groups.google.com/forum/#!to...
- [`4dce03c`](https://github.com/jeremylong/DependencyCheck/commit/4dce03c905d08f007786d5db72c40319249ec321) suppression rules for [#1620](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1620), [#1621](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1621), [#1622](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1622), [#1624](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1624), [#1626](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1626), [#1627](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1627), [#1629](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1629), [#1630](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1630),...
- [`0865362`](https://github.com/jeremylong/DependencyCheck/commit/08653625760eae1ee113761c20931f236db08755) enable tests
- [`bfd472f`](https://github.com/jeremylong/DependencyCheck/commit/bfd472f089a3748f1464f3167c18321587413e5c) proper fix for [#1561](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1561)
- [`94dd6b8`](https://github.com/jeremylong/DependencyCheck/commit/94dd6b8993217cc7496d70275e3fd3279e59195d) make test case more flexible
- Additional commits viewable in [compare view](https://github.com/jeremylong/DependencyCheck/compare/v4.0.1...v4.0.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps dependency-check-maven from 4.0.1 to 4.0.2.
Changelog
*Sourced from [dependency-check-maven's changelog](https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md).* > ## [Version 4.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v4.0.2) (2019-01-01) > > ### Enhancements > > - Added the ability for the dependency-check-maven plugin to scan the `dependencyManagement` section > of the `pom.xml`. Note that in the default configuration the dependency management section is skipped. > To enable this feature set `Commits
- [`0c39611`](https://github.com/jeremylong/DependencyCheck/commit/0c3961197e87abc0cd925a14440c411a4db584bf) added version 4.0.2 release notes - [`b355855`](https://github.com/jeremylong/DependencyCheck/commit/b3558554b9055dc7f29a832e2ff3c40079a5d13e) version 4.0.2 - [`5cf9206`](https://github.com/jeremylong/DependencyCheck/commit/5cf9206655a705f148b34d2031b858974fe35731) checkstyle/cleanup - [`60d2d86`](https://github.com/jeremylong/DependencyCheck/commit/60d2d86cccb39983f92a4e291740d793ce651f0b) Merge pull request [#1552](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1552) from guidoschreuder/enable-dependency-management-sca... - [`969c046`](https://github.com/jeremylong/DependencyCheck/commit/969c046db48a9eac6e853e0adff5d19d7c3f7fda) Merge pull request [#1647](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1647) from jeremylong/fixScanAgentTest - [`0742e3d`](https://github.com/jeremylong/DependencyCheck/commit/0742e3de40353735129af15b2be5470c880d5dcb) fix the scan agent test case as reported https://groups.google.com/forum/#!to... - [`4dce03c`](https://github.com/jeremylong/DependencyCheck/commit/4dce03c905d08f007786d5db72c40319249ec321) suppression rules for [#1620](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1620), [#1621](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1621), [#1622](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1622), [#1624](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1624), [#1626](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1626), [#1627](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1627), [#1629](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1629), [#1630](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1630),... - [`0865362`](https://github.com/jeremylong/DependencyCheck/commit/08653625760eae1ee113761c20931f236db08755) enable tests - [`bfd472f`](https://github.com/jeremylong/DependencyCheck/commit/bfd472f089a3748f1464f3167c18321587413e5c) proper fix for [#1561](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1561) - [`94dd6b8`](https://github.com/jeremylong/DependencyCheck/commit/94dd6b8993217cc7496d70275e3fd3279e59195d) make test case more flexible - Additional commits viewable in [compare view](https://github.com/jeremylong/DependencyCheck/compare/v4.0.1...v4.0.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.