search

entur / gbfs-java-model

4 stars 1 forks source link

Update dependency org.owasp:dependency-check-maven from v5.3.2 to v9 - autoclosed #111

Closed renovate[bot] closed 4 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 5.3.2 -> 9.2.0 age adoption passing confidence

Release Notes

jeremylong/DependencyCheck (org.owasp:dependency-check-maven) ### [`v9.2.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-920-2024-05-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.1.0...v9.2.0) - docs: update logo per intellj ([#​6660](https://togithub.com/jeremylong/DependencyCheck/issues/6660)) - feat: Carthage analyzer ([#​6614](https://togithub.com/jeremylong/DependencyCheck/issues/6614)) - fix: Ensure valid JSON output for gitlab report ([#​6630](https://togithub.com/jeremylong/DependencyCheck/issues/6630)) - feat: Support Package.swift version 3 Specification ([#​6578](https://togithub.com/jeremylong/DependencyCheck/issues/6578)) - chore: Update the packaged suppressions to include new hosted suppressions ([#​6567](https://togithub.com/jeremylong/DependencyCheck/issues/6567)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/82?closed=1). ### [`v9.1.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-910-2024-03-31) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.10...v9.1.0) - feat: Add v2 support for maven_install.json ([#​6528](https://togithub.com/jeremylong/DependencyCheck/issues/6528)) - build(deps): bump open-vulnerability-client ([#​6554](https://togithub.com/jeremylong/DependencyCheck/issues/6554)) - resolves update issues due to CVSS Metrics 4.0 - build(deps): bump jackson.version from 2.16.0 to 2.16.1 ([#​6353](https://togithub.com/jeremylong/DependencyCheck/issues/6353)) - build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 ([#​6362](https://togithub.com/jeremylong/DependencyCheck/issues/6362)) - build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine ([#​6506](https://togithub.com/jeremylong/DependencyCheck/issues/6506)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/81?closed=1). ### [`v9.0.10`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-9010-2024-03-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.9...v9.0.10) - fix: [#​4321](https://togithub.com/jeremylong/DependencyCheck/issues/4321) Suppress redis server CVEs for client libraries ([#​4321](https://togithub.com/jeremylong/DependencyCheck/issues/4321)) ([#​6489](https://togithub.com/jeremylong/DependencyCheck/issues/6489)) - fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 ([#​6492](https://togithub.com/jeremylong/DependencyCheck/issues/6492)) - feat: Allow to pass NVD API key via environment variable ([#​6454](https://togithub.com/jeremylong/DependencyCheck/issues/6454)) - fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block ([#​6501](https://togithub.com/jeremylong/DependencyCheck/issues/6501)) - docs: document the default data directory ([#​6484](https://togithub.com/jeremylong/DependencyCheck/issues/6484)) - fix: prevent NPE in bundler audit ([#​6462](https://togithub.com/jeremylong/DependencyCheck/issues/6462)) - fix: [#​6441](https://togithub.com/jeremylong/DependencyCheck/issues/6441) Improve suppression rule to not restrict to a single version ([#​6442](https://togithub.com/jeremylong/DependencyCheck/issues/6442)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/80?closed=1). ### [`v9.0.9`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-909-2024-01-17) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.8...v9.0.9) - fix: for [#​6374](https://togithub.com/jeremylong/DependencyCheck/issues/6374) to delete non-empty directories ([#​6375](https://togithub.com/jeremylong/DependencyCheck/issues/6375)) - fix: NoSuchMethodError closeQuietly(java.io.Closeable\[]) ([#​6377](https://togithub.com/jeremylong/DependencyCheck/issues/6377)) - chore: close stream to prevent possible resource leak ([#​6382](https://togithub.com/jeremylong/DependencyCheck/issues/6382)) - docs: Document default for CLI --data ([#​6359](https://togithub.com/jeremylong/DependencyCheck/issues/6359)) - docs: document gradle build ([#​6371](https://togithub.com/jeremylong/DependencyCheck/issues/6371)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/79?closed=1). ### [`v9.0.8`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-908-2024-01-06) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.7...v9.0.8) - fix: favor stability over performance ([#​6349](https://togithub.com/jeremylong/DependencyCheck/issues/6349)) - chore: replace commons-io with core java calls ([#​6343](https://togithub.com/jeremylong/DependencyCheck/issues/6343)) - fix: improve error reporting for invalid H2 database ([#​6339](https://togithub.com/jeremylong/DependencyCheck/issues/6339)) - fix: rework fix for closing input streams on errors correctly ([#​6338](https://togithub.com/jeremylong/DependencyCheck/issues/6338)) - fix: reduce chance NVD API block updates due to rate limit ([#​6333](https://togithub.com/jeremylong/DependencyCheck/issues/6333)) - fix: ensure open handles will not leak on errors ([#​6326](https://togithub.com/jeremylong/DependencyCheck/issues/6326)) - fix: improve error reporting ([#​6324](https://togithub.com/jeremylong/DependencyCheck/issues/6324)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/78?closed=1). ### [`v9.0.7`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-907-2023-12-18) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.6...v9.0.7) - docs: document insecure configuration for GHSA-qqhq-8r2c-c3f5 ([#​6315](https://togithub.com/jeremylong/DependencyCheck/issues/6315)) - fix: improve memory usage on NVD update ([#​6321](https://togithub.com/jeremylong/DependencyCheck/issues/6321)) - fix: skip pyproject.toml unless it contains `tool.poetry` ([#​6316](https://togithub.com/jeremylong/DependencyCheck/issues/6316)) - fix: resolve build error that may cause an issue on some JDK versions ([#​6312](https://togithub.com/jeremylong/DependencyCheck/issues/6312)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/77?closed=1). ### [`v9.0.6`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-906-2023-12-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.5...v9.0.6) - build: bump open-vulnerability-clients@5.1.1 ([#​6308](https://togithub.com/jeremylong/DependencyCheck/issues/6308)) - fix: mask nvd.api.key in logs; see GHSA-qqhq-8r2c-c3f5 ([#​6307](https://togithub.com/jeremylong/DependencyCheck/issues/6307)) - fix: update java version check ([#​6297](https://togithub.com/jeremylong/DependencyCheck/issues/6297)) - fix: more efficient memory usage ([#​6299](https://togithub.com/jeremylong/DependencyCheck/issues/6299)) - fix: stream NVD data via Jackson to reduce memory footprint ([#​6275](https://togithub.com/jeremylong/DependencyCheck/issues/6275)) - docs: document github action caching ([#​6301](https://togithub.com/jeremylong/DependencyCheck/issues/6301)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/76?closed=1). ### [`v9.0.5`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-905-2023-12-13) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.4...v9.0.5) - fix: make NVD API endpoint configurable ([#​6287](https://togithub.com/jeremylong/DependencyCheck/issues/6287)) - fix: synch last modified timestamp for NVD API ([#​6281](https://togithub.com/jeremylong/DependencyCheck/issues/6281)) - fix: read NVD cache meta files if cache.properties does not exist ([#​6282](https://togithub.com/jeremylong/DependencyCheck/issues/6282)) - fix: correct property for nonProxyHosts ([#​6285](https://togithub.com/jeremylong/DependencyCheck/issues/6285)) - fix: reduce apache http logging ([#​6280](https://togithub.com/jeremylong/DependencyCheck/issues/6280)) - fix: store last modified timestamp for RetireJS and the Hosted Suppression File in db ([#​6271](https://togithub.com/jeremylong/DependencyCheck/issues/6271)) - build: bump golang in the docker image ([#​6274](https://togithub.com/jeremylong/DependencyCheck/issues/6274)) - fix: use temporary files to reduce memory usage during the NVD Update ([#​6270](https://togithub.com/jeremylong/DependencyCheck/issues/6270)) - fix: use BIT for Oracle DB instead of Boolean when calling prepared statements ([#​6264](https://togithub.com/jeremylong/DependencyCheck/issues/6264)) - fix: showing all reference tags in reports ([#​6259](https://togithub.com/jeremylong/DependencyCheck/issues/6259)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/75?closed=1). ### [`v9.0.4`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-904-2023-12-08) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.3...v9.0.4) - fix: utilize maven proxy if present ([#​6255](https://togithub.com/jeremylong/DependencyCheck/issues/6255)) - fix: allow api key in cli to be quoted ([#​6253](https://togithub.com/jeremylong/DependencyCheck/issues/6253)) - fix: use correct maven plugin reporting plugin ([#​6244](https://togithub.com/jeremylong/DependencyCheck/issues/6244)) - fix: correct trailing comma in JSON report ([#​6245](https://togithub.com/jeremylong/DependencyCheck/issues/6245)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/74?closed=1). ### [`v9.0.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-903-2023-12-06) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.2...v9.0.3) - fix: use Java properties for proxy configuration ([#​6238](https://togithub.com/jeremylong/DependencyCheck/issues/6238)) - docs: update proxy configuration documentation ([#​6237](https://togithub.com/jeremylong/DependencyCheck/issues/6237)) - docs: add documentation on caching ([#​6204](https://togithub.com/jeremylong/DependencyCheck/issues/6204)) - docs: Clarify H2 database caching strategy ([#​6220](https://togithub.com/jeremylong/DependencyCheck/issues/6220)) - docs: Update list of supported report formats ([#​6224](https://togithub.com/jeremylong/DependencyCheck/issues/6224)) - docs: example 5 with new nvdDatafeedUrl parameter ([#​6215](https://togithub.com/jeremylong/DependencyCheck/issues/6215)) - fix: prevent NPEs ([#​6232](https://togithub.com/jeremylong/DependencyCheck/issues/6232) and [#​6206](https://togithub.com/jeremylong/DependencyCheck/issues/6206)) - fix: check valid for hours for NVD API ([#​6225](https://togithub.com/jeremylong/DependencyCheck/issues/6225)) - fix: correct NVD cache last checked logic ([#​6218](https://togithub.com/jeremylong/DependencyCheck/issues/6218)) - fix: nvd datafeed should process current year ([#​6213](https://togithub.com/jeremylong/DependencyCheck/issues/6213)) - fix: correct references to cvssv2 and cvssv3 fields in json and xml reports ([#​6212](https://togithub.com/jeremylong/DependencyCheck/issues/6212)) - fix: correct name on reference links in report ([#​6205](https://togithub.com/jeremylong/DependencyCheck/issues/6205)) - fix: flaws int the gitlab report ([#​6193](https://togithub.com/jeremylong/DependencyCheck/issues/6193)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/73?closed=1). ### [`v9.0.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-902-2023-12-01) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.1...v9.0.2) - fix: remove virtual match string on NVD API Request ([#​6177](https://togithub.com/jeremylong/DependencyCheck/issues/6177)) - fix: correct meta data in report after switching the NVD API ([#​6154](https://togithub.com/jeremylong/DependencyCheck/issues/6154)) - fix: retry HTTP connections to NVD on 502 and 504 errors ([#​6151](https://togithub.com/jeremylong/DependencyCheck/issues/6151)) - fix: Gitlab report format needs severity capitalized ([#​6182](https://togithub.com/jeremylong/DependencyCheck/issues/6182)) - fix: improve JDK update version parsing ([#​6163](https://togithub.com/jeremylong/DependencyCheck/issues/6163)) - fix: mute JCS logging (again) ([#​6153](https://togithub.com/jeremylong/DependencyCheck/issues/6153)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/72?closed=1). ### [`v9.0.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-9010-2024-03-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.0.0...v9.0.1) - fix: [#​4321](https://togithub.com/jeremylong/DependencyCheck/issues/4321) Suppress redis server CVEs for client libraries ([#​4321](https://togithub.com/jeremylong/DependencyCheck/issues/4321)) ([#​6489](https://togithub.com/jeremylong/DependencyCheck/issues/6489)) - fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 ([#​6492](https://togithub.com/jeremylong/DependencyCheck/issues/6492)) - feat: Allow to pass NVD API key via environment variable ([#​6454](https://togithub.com/jeremylong/DependencyCheck/issues/6454)) - fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block ([#​6501](https://togithub.com/jeremylong/DependencyCheck/issues/6501)) - docs: document the default data directory ([#​6484](https://togithub.com/jeremylong/DependencyCheck/issues/6484)) - fix: prevent NPE in bundler audit ([#​6462](https://togithub.com/jeremylong/DependencyCheck/issues/6462)) - fix: [#​6441](https://togithub.com/jeremylong/DependencyCheck/issues/6441) Improve suppression rule to not restrict to a single version ([#​6442](https://togithub.com/jeremylong/DependencyCheck/issues/6442)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/80?closed=1). ### [`v9.0.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-900-2023-11-22) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.4.3...v9.0.0) **breaking changes**: See the [upgrade notice](https://togithub.com/jeremylong/DependencyCheck#900-upgrade-notice) - feat: Utilize NVD API ([#​5978](https://togithub.com/jeremylong/DependencyCheck/issues/5978)) - feat: gitlab dependency scanner report format [#​5919](https://togithub.com/jeremylong/DependencyCheck/issues/5919) ([#​5920](https://togithub.com/jeremylong/DependencyCheck/issues/5920)) - fix: Use ASCII apostrophe for console message ([#​6076](https://togithub.com/jeremylong/DependencyCheck/issues/6076)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/68?closed=1). ### [`v8.4.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-843-2023-11-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.4.2...v8.4.3) - fix: bump jcs3 ([#​6047](https://togithub.com/jeremylong/DependencyCheck/issues/6047)) - docs: Corrected docs on hostedSuppressions ([#​6035](https://togithub.com/jeremylong/DependencyCheck/issues/6035)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/70?closed=1). ### [`v8.4.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-842-2023-10-22) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.4.1...v8.4.2) - fix: correct log configuration in cli ([#​6002](https://togithub.com/jeremylong/DependencyCheck/issues/6002)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/69?closed=1). ### [`v8.4.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-841-2023-10-21) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.4.0...v8.4.1) ##### Fixed - fix: upgrade to JCS3 ([#​5114](https://togithub.com/jeremylong/DependencyCheck/issues/5114)) - fix: Support ~= version specifier in requirements.txt and pipfile ([#​5902](https://togithub.com/jeremylong/DependencyCheck/issues/5902)) - fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name ([#​5901](https://togithub.com/jeremylong/DependencyCheck/issues/5901)) - fix: Do not filter out evidences added by hints ([#​5900](https://togithub.com/jeremylong/DependencyCheck/issues/5900)) - fix: fixes FP [#​5925](https://togithub.com/jeremylong/DependencyCheck/issues/5925) ([#​5927](https://togithub.com/jeremylong/DependencyCheck/issues/5927)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/67?closed=1). ### [`v8.4.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-840-2023-08-19) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.3.1...v8.4.0) ##### Added - feat: Add support for Nexus v3 to NexusAnalyzer ([#​5849](https://togithub.com/jeremylong/DependencyCheck/issues/5849)) ##### Fixed - fix: Hint Analyzer should run before VersionFilter Analyzer ([#​5818](https://togithub.com/jeremylong/DependencyCheck/issues/5818)) - chore: switch to sha1-pinning as suggested by Semgrep - fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter ([#​5845](https://togithub.com/jeremylong/DependencyCheck/issues/5845)) - fix: use curl with -L to follow github redirect ([#​5808](https://togithub.com/jeremylong/DependencyCheck/issues/5808)) - fix: use curl with -L to follow github redirect - fix: [#​5671](https://togithub.com/jeremylong/DependencyCheck/issues/5671) out of memory error ([#​5789](https://togithub.com/jeremylong/DependencyCheck/issues/5789)) - fix: [#​5671](https://togithub.com/jeremylong/DependencyCheck/issues/5671) Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/66?closed=1). ### [`v8.3.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-831-2023-06-12) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.3.0...v8.3.1) Re-release of 8.3.0 as 8.3.1. ### [`v8.3.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-830-2023-06-12) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.2.1...v8.3.0) ##### Added - Add LibmanAnalyzer ([#​5652](https://togithub.com/jeremylong/DependencyCheck/issues/5652)) - Update HTML report Dependencies header based on display settings ([#​5619](https://togithub.com/jeremylong/DependencyCheck/issues/5619)) - Add link to suppressed vulnerabilities header in HTML report ([#​5620](https://togithub.com/jeremylong/DependencyCheck/issues/5620)) - Enable local proxy configuration in maven plugin configuration ([#​5696](https://togithub.com/jeremylong/DependencyCheck/issues/5696)) ##### Fixed - Fix npm alias present in requires of dependencies ([#​5703](https://togithub.com/jeremylong/DependencyCheck/issues/5703)) - Make Central URL configurable via CLI ([#​5667](https://togithub.com/jeremylong/DependencyCheck/issues/5667)) - Ensure support of CVSSv3.1 ([#​5602](https://togithub.com/jeremylong/DependencyCheck/issues/5602)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/65?closed=1). ### [`v8.2.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-821-2023-03-23) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.2.0...v8.2.1) ##### Fixed - NullPointerException in MSBuildAnalyzer ([#​5589](https://togithub.com/jeremylong/DependencyCheck/issues/5589)) - SQL Syntax for Oracle ([#​5590](https://togithub.com/jeremylong/DependencyCheck/issues/5590)) - Use `https://` URLs in report templates ([#​5582](https://togithub.com/jeremylong/DependencyCheck/issues/5582)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/64?closed=1). ### [`v8.2.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-820-2023-03-22) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.1.2...v8.2.0) ##### Added - Support msbuild Directory.build.props ([#​5475](https://togithub.com/jeremylong/DependencyCheck/issues/5475)) - better display of NPM audit references - Add CVSS V3 results from NPM Audit results ##### Fixed - Fix several issues on NPM Audit reporting ([#​5546](https://togithub.com/jeremylong/DependencyCheck/issues/5546)) - Case issue in SQL ([#​5557](https://togithub.com/jeremylong/DependencyCheck/issues/5557)) - Fix CWE(s) extraction for NPM Audit advisories - Use the stable github_advisory_id instead of the now unstable id in NPM audit results See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/63?closed=1). ### [`v8.1.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-812-2023-02-28) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.1.1...v8.1.2) ##### Fixed - Fix `NullPointerException` in the Jar Analyzer introduced in 8.1.1 ([#​5512](https://togithub.com/jeremylong/DependencyCheck/issues/5512)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/62?closed=1). ### [`v8.1.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-811-2023-02-27) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.1.0...v8.1.1) ##### Fixed - allow hosted suppressions file to be disabled ([#​5509](https://togithub.com/jeremylong/DependencyCheck/issues/5509)) - Several FPs not suitable for our automation ([#​5504](https://togithub.com/jeremylong/DependencyCheck/issues/5504)) - Fix incorrect defaults for nexus and central-analyzer in gradle plugin documentation ([#​5503](https://togithub.com/jeremylong/DependencyCheck/issues/5503)) - Erroneous error-log for deprecated CLI flag usage when using properyfile based disablement of Node Audit Analyzer ([#​5487](https://togithub.com/jeremylong/DependencyCheck/issues/5487)) - Prefer pom.properties G/A/V over pom.xml G/A/V to resolve GAV interpolation issues ([#​5473](https://togithub.com/jeremylong/DependencyCheck/issues/5473)) - Node package dependencies ending up as related dependency of the wrong version of the package ([#​5479](https://togithub.com/jeremylong/DependencyCheck/issues/5479)) - do not throw error if pyproject.toml is in node_modules ([#​5470](https://togithub.com/jeremylong/DependencyCheck/issues/5470)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/61?closed=1). ### [`v8.1.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-810-2023-01-26) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.0.2...v8.1.0) ##### Added - `Pipefile.lock` files are now supported ([#​5404](https://togithub.com/jeremylong/DependencyCheck/pull/5404)). - Python projects with only a `pyproject.toml` but no lock file or requirements will report an error as ODC is unable to analyze the project ([#​5409](https://togithub.com/jeremylong/DependencyCheck/pull/5409)). ##### Fixed - Some maven projects caused false positives due to bad string interpolation ([#​5421](https://togithub.com/jeremylong/DependencyCheck/pull/5421)). - Error message from Assembly Analyzer has been updated to emphasize dotnet 6 is required for analysis ([#​5408](https://togithub.com/jeremylong/DependencyCheck/pull/5408)). - Correct issue where database defrag occurs even when no updates were performed ([#​5441](https://togithub.com/jeremylong/DependencyCheck/pull/5441)). - Fixed several False Positives and one False Negative. - Fixed the `format` configuration more flexible in the gradle plugin ([dependency-check-gradle/#​324](https://togithub.com/dependency-check/dependency-check-gradle/pull/324)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/60?closed=1). ### [`v8.0.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-802-2023-01-26) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.0.1...v8.0.2) ##### Fixed - Resolved bug causing an issue with some Maven Extensions ([#​5366](https://togithub.com/jeremylong/DependencyCheck/pull/5366)). - ArchiveAnalyzer will now correctly throw an exception if it cannot open an Archive ([#​5371](https://togithub.com/jeremylong/DependencyCheck/pull/5371)). - Updated CSV report so that it no longer has a duplicate `description` column ([#​5364](https://togithub.com/jeremylong/DependencyCheck/pull/5364)). - Moved several logging statements to trace which should drastically reduce the log size ([#​5350](https://togithub.com/jeremylong/DependencyCheck/pull/5350)). - Fixed bug with RetireJS' `--retirejsFilterNonVulnerable` and `--retirejsFilter` when used with the CLI ([#​5351](https://togithub.com/jeremylong/DependencyCheck/pull/5351)). - Fixed the `sarif` report format and added validation ([#​5345](https://togithub.com/jeremylong/DependencyCheck/pull/5345) and ([#​5363](https://togithub.com/jeremylong/DependencyCheck/pull/5363)) - Fixed `MalformedPackageException` in the gradle plugin ([dependency-check-gradle/#​320](https://togithub.com/dependency-check/dependency-check-gradle/pull/320)). - Fixed `MissingMethodException` in the gradle plugin ([dependency-check-gradle/#​316](https://togithub.com/dependency-check/dependency-check-gradle/pull/316)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/59?closed=1). ### [`v8.0.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-801-2023-01-18) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v8.0.0...v8.0.1) ##### Fixed - Fixed Stack Overflow Exception in the gradle plugin ([dependency-check-gradle/#​308](https://togithub.com/dependency-check/dependency-check-gradle/pull/308)). - Fixed No Signature of Method Exception in the gradle plugin ([dependency-check-gradle/#​305](https://togithub.com/dependency-check/dependency-check-gradle/pull/305)). - Updated DB initialization scripts for externally hosted DBs ([#​5314](https://togithub.com/jeremylong/DependencyCheck/pull/5314) and [#​5317](https://togithub.com/jeremylong/DependencyCheck/pull/5317)). - Postgres users will need to use the updated init script and 8.0.1. - Resolved NPE in the NodePackageAnalyzer ([#​5339](https://togithub.com/jeremylong/DependencyCheck/pull/5339)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/58?closed=1). ### [`v8.0.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-800-2023-01-15) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.4.4...v8.0.0) ##### Added - Utilize the hosted suppression file to allow for faster remediation of reported False Positives ([#​4723](https://togithub.com/jeremylong/DependencyCheck/issues/4723)). - Include the [CISA Known Exploited Vulnerability Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) ([#​4878](https://togithub.com/jeremylong/DependencyCheck/issues/4878)). - The `gradle` and `maven` plugins now have the capability to scan the build plugins ([#​4035](https://togithub.com/jeremylong/DependencyCheck/issues/4035)). - The `gradle` and `maven` plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency ([#​5001](https://togithub.com/jeremylong/DependencyCheck/pull/5001)). - Added `properties.security-severity` to SARIF report for better integration with GitHub Security Code scanning ([#​5277](https://togithub.com/jeremylong/DependencyCheck/pull/5227)). - Allow for HTTP auth settings for Retire JS repository ([#​5209](https://togithub.com/jeremylong/DependencyCheck/pull/5209)). - New schema for the XML report was added to support some of the above additions ([#​5296](https://togithub.com/jeremylong/DependencyCheck/pull/5296)). - Added missing gradle option to only warn on remote errors from the OSS Index Analyzer ([gradle #​303](https://togithub.com/dependency-check/dependency-check-gradle/pull/303)). ##### Changed - **Breaking:** the database schema updated - if using an external database the update scripts must be run! - The [exit codes](https://tldp.org/LDP/abs/html/exit-status.html) from the CLI have been changed to be in the range from 0-255 ([#​4511](https://togithub.com/jeremylong/DependencyCheck/pull/4511). - The OSS Index Analyzer will automatically disable itself if a transport error occurs - preventing copious errors from being reported ([#​5300](https://togithub.com/jeremylong/DependencyCheck/pull/5300])). ##### Fixed - Added an additional check for rejected CVEs to reduce FP ([#​5268](https://togithub.com/jeremylong/DependencyCheck/pull/5268). - Corrected the analysis of `node_modules` to prevent NPEs ([#​5266](https://togithub.com/jeremylong/DependencyCheck/pull/5266)). - Fixed error when scanning node packages with local dependencies ([#​5235](https://togithub.com/jeremylong/DependencyCheck/pull/5235)). - Fixed NPE in the MSBuild Analyzer ([#​5293](https://togithub.com/jeremylong/DependencyCheck/pull/5293)). - Several False Positives have been resolved. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/46?closed=1). ### [`v7.4.4`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-744-2023-01-06) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.4.3...v7.4.4) ##### Fixed - Resolved issue processing NVD CVE data due to column width ([#​5229](https://togithub.com/jeremylong/DependencyCheck/issues/5229)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/56?closed=1). ### [`v7.4.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-743-2022-12-29) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.4.2...v7.4.3) ##### Fixed - Fixed NPE when analyzing version ranges in NPM ([#​5158](https://togithub.com/jeremylong/DependencyCheck/issues/5158) & [#​5190](https://togithub.com/jeremylong/DependencyCheck/issues/5190)) - Resolved several FP ([#​5191](https://togithub.com/jeremylong/DependencyCheck/issues/5191)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/55?closed=1). ### [`v7.4.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-742-2022-12-28) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.4.1...v7.4.2) ##### Fixed - Fixes maven 3.1 compatibility issue ([#​5152](https://togithub.com/jeremylong/DependencyCheck/issues/5152)) - Fixed issue with invalid `node_module` paths in some scans ([#​5135](https://togithub.com/jeremylong/DependencyCheck/issues/5135)) - Fixed missing option to disable the Poetry Analyzer in the CLI ([#​5160](https://togithub.com/jeremylong/DependencyCheck/issues/5160)) - Fixed missing option to configure the OSS Index URL in the CLI ([#​5180](https://togithub.com/jeremylong/DependencyCheck/issues/5180)) - Fixed NPE when analyzing version ranges in NPM ([#​5158](https://togithub.com/jeremylong/DependencyCheck/issues/5158)) - Fixed issue with non-proxy host in the gradle plugin ([https://github.com/dependency-check/dependency-check-gradle/pull/298](https://togithub.com/dependency-check/dependency-check-gradle/pull/298)) - Resolved several FP See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/54?closed=1). ### [`v7.4.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-741-2022-12-09) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.4.0...v7.4.1) ##### Fixed - Fixed bug when setting the proxy port in gradle ([#​5123](https://togithub.com/jeremylong/DependencyCheck/issues/5123)) - Fixed issue with invalid `node_module` paths in some scans ([#​5127](https://togithub.com/jeremylong/DependencyCheck/issues/5127)) - Resolved several FP See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/53?closed=1). ### [`v7.4.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-740-2022-12-04) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.3.2...v7.4.0) ##### Added - Add support for npm package lock v2 and v3 ([#​5078](https://togithub.com/jeremylong/DependencyCheck/issues/5078)) - Added experimental support for Python Poetry ([#​5025](https://togithub.com/jeremylong/DependencyCheck/issues/5025)) - Added a vanilla HTML report for use in Jenkins ([#​5053](https://togithub.com/jeremylong/DependencyCheck/issues/5053)) ##### Changed - Renamed `RELEASE_NOTES.md` to `CHANGELOG.md` to be more conventional - Optimized checksum calculation to improve performance ([#​5112](https://togithub.com/jeremylong/DependencyCheck/issues/5112)) - Added support for scanning .NET assemblies when only the dotnet runtime is installed ([#​5087](https://togithub.com/jeremylong/DependencyCheck/issues/5087)) - Bumped several dependencies ##### Fixed - Fixed bug when setting the proxy port ([#​5076](https://togithub.com/jeremylong/DependencyCheck/issues/5076)) - Resolved several FP and FN See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/52?closed=1). ### [`v7.3.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-732-2022-11-18) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.3.1...v7.3.2) ##### Changed - Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1. - Resolved several false positives and false negatives. - Use Jackson Afterburner if still on Java 8 ([#​4966](https://togithub.com/jeremylong/DependencyCheck/issues/4966)). - Exclude `node_modules` from the Maven plugin's scan path ([#​4974](https://togithub.com/jeremylong/DependencyCheck/issues/4974)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/51?closed=1). ### [`v7.3.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-731-2022-11-16) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.3.0...v7.3.1) ##### Changed - Resolved several false positives and false negatives. - Use Jackson Afterburner if still on Java 8 ([#​4966](https://togithub.com/jeremylong/DependencyCheck/issues/4966)). - Exclude `node_modules` from the Maven plugin's scan path ([#​4974](https://togithub.com/jeremylong/DependencyCheck/issues/4974)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/51?closed=1). ### [`v7.3.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-730-2022-10-19) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.2.1...v7.3.0) ##### Added - Added an experimental Dart analyzer ([#​4869](https://togithub.com/jeremylong/DependencyCheck/issues/4869)). ##### Changed - Migrated from Jackson Afterburner to Blackbird ([#​4905](https://togithub.com/jeremylong/DependencyCheck/issues/4905)). ##### Fixed - Fixed issue with the Maven plugin that caused concurrent modification exceptions ([#​4935](https://togithub.com/jeremylong/DependencyCheck/issues/4935)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/50?closed=1). ### [`v7.2.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-721-2022-09-20) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.2.0...v7.2.1) ##### Fixed - Fixed logging issue ([#​4846](https://togithub.com/jeremylong/DependencyCheck/issues/4846)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/49?closed=1). ### [`v7.2.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-720-2022-09-14) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.1.2...v7.2.0) ##### Changed - Add support for Bazel's pinned `maven_install.json` ([#​4772](https://togithub.com/jeremylong/DependencyCheck/issues/4772)). - Fixed bug preventing the use of custom report templates ([#​4800](https://togithub.com/jeremylong/DependencyCheck/issues/4800)). - Updated several dependencies including upgrades for dependencies with CVEs. - Several bug fixes made and suppression rules were added. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/48?closed=1). ### [`v7.1.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-712-2022-08-20) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.1.1...v7.1.2) ##### Changed - The maven plugin now includes pnpm and yarn lock files in the scan by default ([#​4753](https://togithub.com/jeremylong/DependencyCheck/issues/4753)). - If a suppression rule is no longer used a log entry will be written ([#​4685](https://togithub.com/jeremylong/DependencyCheck/issues/4685)). - Several bug fixes made and suppression rules added. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/47?closed=1). ### [`v7.1.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-711-2022-06-12) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.1.0...v7.1.1) ##### Fixed - Minor bug fixes. - Resolved several false positives. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/45?closed=1). ### [`v7.1.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-710-2022-04-23) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.0.4...v7.1.0) ##### Changed - Improved sorting in the HTML report ([see #​4112](https://togithub.com/jeremylong/DependencyCheck/issues/4112)). - Improved support for Swift ([see #​4265](https://togithub.com/jeremylong/DependencyCheck/pull/4265)). - Resolved several false positives. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/45?closed=1). ### [`v7.0.4`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-704-2022-03-30) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.0.3...v7.0.4) ##### Changed - Update to `jackson-databind` (see [#​4285](https://togithub.com/jeremylong/DependencyCheck/issues/4285)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/43?closed=1). ### [`v7.0.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-703-2022-03-29) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.0.2...v7.0.3) ##### Changed - Update to `jackson-databind` (see [#​4285](https://togithub.com/jeremylong/DependencyCheck/issues/4285)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/42?closed=1). ### [`v7.0.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-702-2022-03-28) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.0.1...v7.0.2) ##### Changed - General project maintenance, bug fixes, and false positive and false negative reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/41?closed=1). ### [`v7.0.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-701-2022-03-23) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v7.0.0...v7.0.1) ##### Changed - General project maintenance, bug fixes, and false positive reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/40?closed=1). ### [`v7.0.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-700-2022-02-28) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.5.3...v7.0.0) ##### Changed - **Breaking:** The H2 database version has been upgraded. - if you use the `dataDirectory` option you will need to run a purge after upgrading. - **Breaking:** Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available. - The Sarif report format has been fixed and can now be imported into GitHub if desired (See [#​3993](https://togithub.com/jeremylong/DependencyCheck/issues/3993)). - Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports. - [Create New FP Report Issue](https://togithub.com/jeremylong/DependencyCheck/issues/new?assignees=\&labels=FP+Report\&template=false-positive-report.yml\&title=%5BFP%5D%3A+). - When analyzing Java projects ODC now includes data from the developers section. - This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly. - General project maintenance, bug fixes, and false positive reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/28?closed=1). ### [`v6.5.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-653-2022-01-12) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.5.2...v6.5.3) ##### Changed - Performance improvements for some Maven projects (see [#​3923](https://togithub.com/jeremylong/DependencyCheck/issues/3923) and [#​3931](https://togithub.com/jeremylong/DependencyCheck/issues/3931)). - Fixed bug in npm version handling introduced in 6.5.2 (see [#​3956](https://togithub.com/jeremylong/DependencyCheck/issues/3956)). - Improved the node package analyzer to correctly report the origin of a dependency (see [#​3970](https://togithub.com/jeremylong/DependencyCheck/issues/3970)). - General code maintenance and false positive reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/39?closed=1). ### [`v6.5.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-652-2022-01-03) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.5.1...v6.5.2) ##### Changed - Fixed false positives around log4j-api and Log4j-web ([#​3910](https://togithub.com/jeremylong/DependencyCheck/issues/3910) & [#​3937](https://togithub.com/jeremylong/DependencyCheck/issues/3937)). - Bug fix when processing NPM lock files ([#​3893](https://togithub.com/jeremylong/DependencyCheck/issues/3893)). - Added missing `pnpm` argmument to the CLI ([#​3916](https://togithub.com/jeremylong/DependencyCheck/issues/3916)). - General code maintenance and false positive reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/38?closed=1). ### [`v6.5.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-651-2021-12-17) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.5.0...v6.5.1) ##### Changed - Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified ([#​3787](https://togithub.com/jeremylong/DependencyCheck/issues/3787)). - Improved the analysis of Swift package manager (package.resolved - see [#​3813](https://togithub.com/jeremylong/DependencyCheck/issues/3813)). - General code maintenance and false positive reductions. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/37?closed=1). ### [`v6.5.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-650-2021-11-08) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.4.1...v6.5.0) ##### Changed - Updated build configuration to create [reproducible builds](https://reproducible-builds.org/). - Updated automated release process to work with branch protection. - Resolved several false positives in the Java ecosystem. - Enabled the Swift Resolved analyzer per [#​3735](https://togithub.com/jeremylong/DependencyCheck/issues/3735) - Improved iOS support per [#​3168](https://togithub.com/jeremylong/DependencyCheck/issues/3168) and [#​3765](https://togithub.com/jeremylong/DependencyCheck/issues/3765) - Added the a new pnpm Analyzer - Fixed issue with some npm and yarn analysis failing due to large audit output See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/36?closed=1). ### [`v6.4.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-641-2021-10-11) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.4.0...v6.4.1) ##### Added - Added download attempts with increasing wait time for `CVE meta` files from the NVD to prevent rate limiting issues (see [#​3725](https://togithub.com/jeremylong/DependencyCheck/pull/3725)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/35?closed=1). ### [`v6.4.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-640-2021-10-11) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.3.2...v6.4.0) ##### Changed - Increased timeout between downloads from the NVD to prevent rate limiting issues (see [#​3722](https://togithub.com/jeremylong/DependencyCheck/pull/3722)). - `cveStartYear` is now configurable and can be set to any year from 2002 to present. - `cveWaitTime` is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see [#​3690](https://togithub.com/jeremylong/DependencyCheck/pull/3690)). - The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version. - Fixed NPE in the ODC maven plugin (see [#​3702](https://togithub.com/jeremylong/DependencyCheck/pull/3702). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/34?closed=1). ### [`v6.3.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-632-2021-09-29) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.3.1...v6.3.2) ##### Changed - Reduced chance of rate limiting when download files from NVD (see [#​2670](https://togithub.com/jeremylong/DependencyCheck/pull/3670)). - Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see [#​3627](https://togithub.com/jeremylong/DependencyCheck/pull/3627)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/33?closed=1). ### [`v6.3.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-631-2021-09-01) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.3.0...v6.3.1) ##### Fixed - Fixed [ConcurrentModificationException](https://togithub.com/jeremylong/DependencyCheck/issues/3618) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/32?closed=1). ### [`v6.3.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-630-2021-08-31) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.2.2...v6.3.0) ##### Changed - Many updates were made to improve performance on large scans, reduce false positives, and other bug fixes. - Increased the width of four columns in the database; if you use a an external database you should also update the width (see [upgrade\_5.1.sql](https://togithub.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/data/upgrade\_5.1.sql)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/31?closed=1). ### [`v6.2.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-622-2021-06-10) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.2.1...v6.2.2) ##### Fixed - Resolved issue with database connections introduced in 6.2.0 (see [https://github.com/jeremylong/DependencyCheck/issues/3432](https://togithub.com/jeremylong/DependencyCheck/issues/3432)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/30?closed=1). ### [`v6.2.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-621-2021-06-08) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.2.0...v6.2.1) ##### Fixed - Resolved issue with database connections introduced in 6.2.0 (see [https://github.com/jeremylong/DependencyCheck/issues/3416](https://togithub.com/jeremylong/DependencyCheck/issues/3416)). See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/29?closed=1). ### [`v6.2.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-620-2021-05-29) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.6...v6.2.0) ##### Changed - Added an experimental Perl CPAN analyzer [#​3378](https://togithub.com/jeremylong/DependencyCheck/pull/3378) - Note that the full DSL of the CPAN is not yet supported so any required dependency is analyzed (i.e. there is no way to exclude development requirements) - Improved database performance [#​3206](https://togithub.com/jeremylong/DependencyCheck/pull/3206) - The archive analyzer now extracts files from RPM archives [#​3226](https://togithub.com/jeremylong/DependencyCheck/pull/3226) - Ensure ordered output in reports [#​3243](https://togithub.com/jeremylong/DependencyCheck/pull/3343) - Several minor bug fixes and updates to reduce false positives See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/27?closed=1). ### [`v6.1.6`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-616-2021-04-29) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.5...v6.1.6) ##### Fixed - Resolved issue with Sarif report ([#​3243](https://togithub.com/jeremylong/DependencyCheck/issues/3243)) - Resolved issue with Ruby Bundle Audit ([#​3256](https://togithub.com/jeremylong/DependencyCheck/issues/3256)) - Several minor bug fixes and updates to reduce false positives See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/26?closed=1). ### [`v6.1.5`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-615-2021-03-31) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.4...v6.1.5) ##### Fixed - Fixed a second NPE introduced in 6.1.3 (see [#​3246](https://togithub.com/jeremylong/DependencyCheck/issues/3246)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/25?closed=1). ### [`v6.1.4`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-614-2021-03-30) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.3...v6.1.4) ##### Changed - Fixed an NPE introduced in 6.1.3 (see [#​3212](https://togithub.com/jeremylong/DependencyCheck/issues/3212)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/24?closed=1). ### [`v6.1.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-613-2021-03-22) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.2...v6.1.3) ##### Changed - Modified the new CPE matching strategy to be more performant ([#​3207](https://togithub.com/jeremylong/DependencyCheck/issues/3207)) - Upgraded a vulnerable dependency (velocity-engine-core/CVE-2020-13936) ([#​3205](https://togithub.com/jeremylong/DependencyCheck/issues/3205)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/23?closed=1). ### [`v6.1.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-612-2021-03-08) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.1...v6.1.2) ##### Changed - Fixed a bug in the Sarif report generation. - Fixed a bug with the Ant task not being able to read the dependency-check properties file in 6.1.1. - Added a new CPE matching strategy to reduce false negatives. - CLI and Ant task will no longer be published to bintray. - Several minor bug fixes. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/22?closed=1). ### [`v6.1.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-611-2021-02-13) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.1.0...v6.1.1) ##### Changed - Added missing configuration options for yarn and msbuild. - Several bug fixes. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/21?closed=1). ### [`v6.1.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-610-2021-01-27) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.0.5...v6.1.0) ##### Changed - Added SARIF file format per [#​3081](https://togithub.com/jeremylong/DependencyCheck/issues/3081). - Added support for Yarn per [#​3063](https://togithub.com/jeremylong/DependencyCheck/pull/3063). - False positive reduction and minor bug fixes. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/20?closed=1). ### [`v6.0.5`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-605-2021-01-07) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.0.4...v6.0.5) ##### Changed - Added missing command line arguments per [#​3028](https://togithub.com/jeremylong/DependencyCheck/issues/3028) and [#​3035](https://togithub.com/jeremylong/DependencyCheck/issues/3035). - False positive reduction and minor bug fixes. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/19?closed=1). ### [`v6.0.4`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-604-2020-12-31) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.0.3...v6.0.4) ##### Changed - Minor bug fixes and reduction of false positives. See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/18?closed=1). ### [`v6.0.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-603-2020-11-03) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v6.0.2...v6.0.3) ##### Changed - Added a bash command completion script (see [#​2916](https://togithub.com/jeremylong/DependencyCheck/issues/2916)); to add completion to your shell `completion-for-dependency-check.sh` can be found in the bin directory of the CLI: ```bash $ source completion-for-dependency-check.sh ``` - An experimental PIP File Analyzer was added (see [#​2877](https://togithub.com/jeremylong/DependencyCheck/issues/2877)). - Analysis of Node JS produced several false positives (see [#​2796](https://togithub.com/jeremylong/DependencyCheck/issues/2796)); the analysis has bee

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud[bot] commented 5 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud