Update plugin org.owasp.dependencycheck to v9

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.owasp.dependencycheck	8.4.3 -> 9.0.7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[TWiStErRob]

Doesn't look trivial: https://github.com/dependency-check/dependency-check-gradle?tab=readme-ov-file#900-upgrade-notice

Upgrade guide: https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#900-upgrade-notice

[BraisGabin]

Do we even want/need this plugin? I don't get why we have it on this repo meanwhile we don't have it on the "main" one (https://github.com/detekt/detekt)

[TWiStErRob]

Haha, good point @BraisGabin, looks like it was an external contribution: https://github.com/detekt/sarif4k/pull/1

@cortinico @chao2zhang do you remember why?

[cortinico]

looks like it was an external contribution: #1

Basically this. We should have it in the main repo as well IMHO

[BraisGabin]

https://github.com/detekt/detekt/pull/6933 does the same and it's probably easy to maintain. What do you think?

[3flex]

See if it works first :D

Just merged it so should see results soon in the Insights and Security tabs on the main repo.

[3flex]

Looks good: https://github.com/detekt/detekt/security/dependabot?q=is%3Aopen+ecosystem%3AMaven

Well not "good" because it shows a number of new issues, but it seems to work.

[TWiStErRob]

What is going on with this?! The version are going backwards with force pushes...