chore(deps): update dependency org.owasp:dependency-check-maven from v5.3.2 to v11

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.owasp:dependency-check-maven (source)	`5.3.2` -> `11.1.0`

Release Notes

jeremylong/DependencyCheck (org.owasp:dependency-check-maven)

### [`v11.1.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1110-2024-10-30) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v11.0.0...v11.1.0) - feat: PHP Composer Analyzer now scans packages-dev by default ([#7114](https://redirect.github.com/jeremylong/DependencyCheck/issues/7114)) - Users can configure if packages-dev should be skipped - fix(regression): re-add h2 database driver name ([#7115](https://redirect.github.com/jeremylong/DependencyCheck/issues/7115)) - fix(regression): Make the Downloader honour the proxy.nonproxyhosts ODC Setting ([#7077](https://redirect.github.com/jeremylong/DependencyCheck/issues/7077)) - fix: do not set legacy proxy from maven or env ([#7072](https://redirect.github.com/jeremylong/DependencyCheck/issues/7072)) ([#7074](https://redirect.github.com/jeremylong/DependencyCheck/issues/7074)) - docs: add missing documentation for the MS Build Analyzer ([#7113](https://redirect.github.com/jeremylong/DependencyCheck/issues/7113)) - docs: Document the breaking change for Maven plugin as reporting plugin ([#7079](https://redirect.github.com/jeremylong/DependencyCheck/issues/7079)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/89?closed=1). ### [`v11.0.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1100-2024-10-21) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v10.0.4...v11.0.0) - **breaking change**: Switch from JMockit to Mockito & build target to Java 11 ([#6922](https://redirect.github.com/jeremylong/DependencyCheck/issues/6922)) - dependency-check now requires a minimum of Java 11.0 to run - **breaking change**: bump com.h2database:h2 from 2.1.214 to 2.3.232 ([#6132](https://redirect.github.com/jeremylong/DependencyCheck/issues/6132)) - H2 databases generated with an older version of ODC will not work with ODC 11.0.0; a new H2 db must be generated - **breaking change**: Maven plugin updated to Doxia 2.x reporting stack - Users of the Maven plugin that configure it as a reporting plugin will need to use maven-site-plugin 3.20.0 or later ([#6959](https://redirect.github.com/jeremylong/DependencyCheck/issues/6959)) - feat: Replace old Downloader by an Apache HTTPClient based downloader - feat: Use Apache HTTPClient for downloads of public resources ([#6949](https://redirect.github.com/jeremylong/DependencyCheck/issues/6949)) - feat: Also make NodeAuditSearch usr our HTTPClient based connections - feat: Also make OSSIndexAnalyzer use our HTTPClient based connections - feat: Migrate CentralSearch to use Apache HTTP-client via Downloader - feat: Extend apache HTTP-client usage to EngineVersionCheck - feat: Remove the need to specify dbDriver for external databases using JDBCv4 ServiceLoader supporting JDBC drivers ([#6938](https://redirect.github.com/jeremylong/DependencyCheck/issues/6938)) - fix: use latest generated suppressions ([#7064](https://redirect.github.com/jeremylong/DependencyCheck/issues/7064)) - fix: Fixup parameter sequence for Dowloader credentials ([#7033](https://redirect.github.com/jeremylong/DependencyCheck/issues/7033)) - fix: Fixup the missing addition of NVD API Datafeed credentials (if configured) - fix: Fixup broken proxy authentication in first attempt; extend to include KEV downloads - fix: store timestamps locally for local resources ([#6936](https://redirect.github.com/jeremylong/DependencyCheck/issues/6936)) - build: Remove the animal-sniffer, propagate java version to plugin-archetype ([#6950](https://redirect.github.com/jeremylong/DependencyCheck/issues/6950)) - build: Update Checkstyle configuration and Suppression DTD references ([#6951](https://redirect.github.com/jeremylong/DependencyCheck/issues/6951)) - chore: Update test db schema ([#7036](https://redirect.github.com/jeremylong/DependencyCheck/issues/7036)) - chore: remove old, unneeded database upgrade script - docs: reformat javadoc ([#7009](https://redirect.github.com/jeremylong/DependencyCheck/issues/7009)) - docs: Fixup javadoc warnings ([#6995](https://redirect.github.com/jeremylong/DependencyCheck/issues/6995)) - chore: Replace use of several deprecated methods/classes by their successors ([#6933](https://redirect.github.com/jeremylong/DependencyCheck/issues/6933)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/87?closed=1). ### [`v10.0.4`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1004-2024-09-01) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v10.0.3...v10.0.4) - build(deps): exclude unused dependency ([#6916](https://redirect.github.com/jeremylong/DependencyCheck/issues/6916)) - fix: improve regex ([#6917](https://redirect.github.com/jeremylong/DependencyCheck/issues/6917)) - fix: correctly handle null values in cpeMatch ([#6915](https://redirect.github.com/jeremylong/DependencyCheck/issues/6915)) - fix(site): Update Fluido skin to resolve broken fork-me-on-github image ([#6914](https://redirect.github.com/jeremylong/DependencyCheck/issues/6914)) - fix: do not report over 100% download complete ([#6899](https://redirect.github.com/jeremylong/DependencyCheck/issues/6899)) - fix: Correct spelling of occurring in NvdApiDataSource.java ([#6883](https://redirect.github.com/jeremylong/DependencyCheck/issues/6883)) - fix: skip blank lines in requirements.txt ([#6867](https://redirect.github.com/jeremylong/DependencyCheck/issues/6867)) - fix: correct percentage calculation ([#6868](https://redirect.github.com/jeremylong/DependencyCheck/issues/6868)) - docs: remove old recommendation ([#6860](https://redirect.github.com/jeremylong/DependencyCheck/issues/6860)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/88?closed=1). ### [`v10.0.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1003-2024-07-16) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v10.0.2...v10.0.3) - feat: Enable configuration of a lower resultsPerPage on NVD API ([#6843](https://redirect.github.com/jeremylong/DependencyCheck/issues/6843)) - build(deps): bump open-vulnerability-clients from 6.1.6 to 6.1.7 ([#6848](https://redirect.github.com/jeremylong/DependencyCheck/issues/6848)) - build(deps): bump JamesIves/github-pages-deploy-action from 4.6.1 to 4.6.3 ([#6814](https://redirect.github.com/jeremylong/DependencyCheck/issues/6814)) - build(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.0 ([#6762](https://redirect.github.com/jeremylong/DependencyCheck/issues/6762)) - build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 ([#6815](https://redirect.github.com/jeremylong/DependencyCheck/issues/6815)) - build(deps): bump golang from 1.22.4-alpine to 1.22.5-alpine ([#6805](https://redirect.github.com/jeremylong/DependencyCheck/issues/6805)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/84?closed=1). ### [`v10.0.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1002-2024-07-06) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v10.0.1...v10.0.2) **Mandatory Upgrade** - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients. - build(deps): bump open-vulnerability-clients ([#6810](https://redirect.github.com/jeremylong/DependencyCheck/issues/6810)) - fix(db): [#6788](https://redirect.github.com/jeremylong/DependencyCheck/issues/6788) removing redundant db index "idxVulnerability" on "vulnerability.cve" ([#6807](https://redirect.github.com/jeremylong/DependencyCheck/issues/6807)) - docs: Further improve formatting and docs of H2 database caching strats ([#6804](https://redirect.github.com/jeremylong/DependencyCheck/issues/6804)) - fix: update_vulnerability in dbStatements_oracle.properties ([#6803](https://redirect.github.com/jeremylong/DependencyCheck/issues/6803)) - fix: fix NPE ([#6778](https://redirect.github.com/jeremylong/DependencyCheck/issues/6778)) - fix: add hint to resolve false negative ([#6802](https://redirect.github.com/jeremylong/DependencyCheck/issues/6802)) - chore: update configure ([#6794](https://redirect.github.com/jeremylong/DependencyCheck/issues/6794)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/86?closed=1). ### [`v10.0.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1001-2024-07-02) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v10.0.0...v10.0.1) - build(deps): bump open-vulnerability-client ([#6772](https://redirect.github.com/jeremylong/DependencyCheck/issues/6772)) - fix: remove debug logging ([#6770](https://redirect.github.com/jeremylong/DependencyCheck/issues/6770)) - fix: postgresql column count error ([#6773](https://redirect.github.com/jeremylong/DependencyCheck/issues/6773)) - fix: mssql column name and version ([#6761](https://redirect.github.com/jeremylong/DependencyCheck/issues/6761)) - docs: update supported versions ([#6771](https://redirect.github.com/jeremylong/DependencyCheck/issues/6771)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/85?closed=1). ### [`v10.0.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1000-2024-07-01) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.2.0...v10.0.0) - **breaking change**: upgrade to dotnet 8.0 ([#6580](https://redirect.github.com/jeremylong/DependencyCheck/issues/6580)) - Users of the AssemblyAnalyzer must upgrade/utilize dotnet 8 to analyze assemblies - feat: fix the NVD API related errors by adding cvssV4 support ([#6756](https://redirect.github.com/jeremylong/DependencyCheck/issues/6756)) - **breaking changes**: anyone utilizing a centralized database will need to upgrade the schema; see changes in [PR #6756](https://redirect.github.com/jeremylong/DependencyCheck/pull/6756/files#diff-ca432c4b41d39caa84d140e06694b09c7e6394c8a2db72ba27516dc77ee3bd67) - fix: avoid escaping unnecessary chars in HTML report suppression regexes ([#6749](https://redirect.github.com/jeremylong/DependencyCheck/issues/6749)) - fix: [#6688](https://redirect.github.com/jeremylong/DependencyCheck/issues/6688) Trim version number when parsin POM ([#6705](https://redirect.github.com/jeremylong/DependencyCheck/issues/6705)) - fix: change request if lockfile is file v3 ([#6690](https://redirect.github.com/jeremylong/DependencyCheck/issues/6690)) - fix: skip pyproject.toml unless it contains `tool.poetry` before ensuring lockfiles ([#6681](https://redirect.github.com/jeremylong/DependencyCheck/issues/6681)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/83?closed=1). ### [`v9.2.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-920-2024-05-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.1.0...v9.2.0) - docs: update logo per intellj ([#6660](https://redirect.github.com/jeremylong/DependencyCheck/issues/6660)) - feat: Carthage analyzer ([#6614](https://redirect.github.com/jeremylong/DependencyCheck/issues/6614)) - fix: Ensure valid JSON output for gitlab report ([#6630](https://redirect.github.com/jeremylong/DependencyCheck/issues/6630)) - feat: Support Package.swift version 3 Specification ([#6578](https://redirect.github.com/jeremylong/DependencyCheck/issues/6578)) - chore: Update the packaged suppressions to include new hosted suppressions ([#6567](https://redirect.github.com/jeremylong/DependencyCheck/issues/6567)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/82?closed=1). ### [`v9.1.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-910-2024-03-31) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.10...v9.1.0) - feat: Add v2 support for maven_install.json ([#6528](https://redirect.github.com/jeremylong/DependencyCheck/issues/6528)) - build(deps): bump open-vulnerability-client ([#6554](https://redirect.github.com/jeremylong/DependencyCheck/issues/6554)) - resolves update issues due to CVSS Metrics 4.0 - build(deps): bump jackson.version from 2.16.0 to 2.16.1 ([#6353](https://redirect.github.com/jeremylong/DependencyCheck/issues/6353)) - build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 ([#6362](https://redirect.github.com/jeremylong/DependencyCheck/issues/6362)) - build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine ([#6506](https://redirect.github.com/jeremylong/DependencyCheck/issues/6506)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/81?closed=1). ### [`v9.0.10`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-9010-2024-03-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.9...v9.0.10) - fix: [#4321](https://redirect.github.com/jeremylong/DependencyCheck/issues/4321) Suppress redis server CVEs for client libraries ([#4321](https://redirect.github.com/jeremylong/DependencyCheck/issues/4321)) ([#6489](https://redirect.github.com/jeremylong/DependencyCheck/issues/6489)) - fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 ([#6492](https://redirect.github.com/jeremylong/DependencyCheck/issues/6492)) - feat: Allow to pass NVD API key via environment variable ([#6454](https://redirect.github.com/jeremylong/DependencyCheck/issues/6454)) - fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block ([#6501](https://redirect.github.com/jeremylong/DependencyCheck/issues/6501)) - docs: document the default data directory ([#6484](https://redirect.github.com/jeremylong/DependencyCheck/issues/6484)) - fix: prevent NPE in bundler audit ([#6462](https://redirect.github.com/jeremylong/DependencyCheck/issues/6462)) - fix: [#6441](https://redirect.github.com/jeremylong/DependencyCheck/issues/6441) Improve suppression rule to not restrict to a single version ([#6442](https://redirect.github.com/jeremylong/DependencyCheck/issues/6442)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/80?closed=1). ### [`v9.0.9`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-909-2024-01-17) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.8...v9.0.9) - fix: for [#6374](https://redirect.github.com/jeremylong/DependencyCheck/issues/6374) to delete non-empty directories ([#6375](https://redirect.github.com/jeremylong/DependencyCheck/issues/6375)) - fix: NoSuchMethodError closeQuietly(java.io.Closeable\[]) ([#6377](https://redirect.github.com/jeremylong/DependencyCheck/issues/6377)) - chore: close stream to prevent possible resource leak ([#6382](https://redirect.github.com/jeremylong/DependencyCheck/issues/6382)) - docs: Document default for CLI --data ([#6359](https://redirect.github.com/jeremylong/DependencyCheck/issues/6359)) - docs: document gradle build ([#6371](https://redirect.github.com/jeremylong/DependencyCheck/issues/6371)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/79?closed=1). ### [`v9.0.8`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-908-2024-01-06) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.7...v9.0.8) - fix: favor stability over performance ([#6349](https://redirect.github.com/jeremylong/DependencyCheck/issues/6349)) - chore: replace commons-io with core java calls ([#6343](https://redirect.github.com/jeremylong/DependencyCheck/issues/6343)) - fix: improve error reporting for invalid H2 database ([#6339](https://redirect.github.com/jeremylong/DependencyCheck/issues/6339)) - fix: rework fix for closing input streams on errors correctly ([#6338](https://redirect.github.com/jeremylong/DependencyCheck/issues/6338)) - fix: reduce chance NVD API block updates due to rate limit ([#6333](https://redirect.github.com/jeremylong/DependencyCheck/issues/6333)) - fix: ensure open handles will not leak on errors ([#6326](https://redirect.github.com/jeremylong/DependencyCheck/issues/6326)) - fix: improve error reporting ([#6324](https://redirect.github.com/jeremylong/DependencyCheck/issues/6324)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/78?closed=1). ### [`v9.0.7`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-907-2023-12-18) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.6...v9.0.7) - docs: document insecure configuration for GHSA-qqhq-8r2c-c3f5 ([#6315](https://redirect.github.com/jeremylong/DependencyCheck/issues/6315)) - fix: improve memory usage on NVD update ([#6321](https://redirect.github.com/jeremylong/DependencyCheck/issues/6321)) - fix: skip pyproject.toml unless it contains `tool.poetry` ([#6316](https://redirect.github.com/jeremylong/DependencyCheck/issues/6316)) - fix: resolve build error that may cause an issue on some JDK versions ([#6312](https://redirect.github.com/jeremylong/DependencyCheck/issues/6312)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/77?closed=1). ### [`v9.0.6`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-906-2023-12-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.5...v9.0.6) - build: bump open-vulnerability-clients@5.1.1 ([#6308](https://redirect.github.com/jeremylong/DependencyCheck/issues/6308)) - fix: mask nvd.api.key in logs; see GHSA-qqhq-8r2c-c3f5 ([#6307](https://redirect.github.com/jeremylong/DependencyCheck/issues/6307)) - fix: update java version check ([#6297](https://redirect.github.com/jeremylong/DependencyCheck/issues/6297)) - fix: more efficient memory usage ([#6299](https://redirect.github.com/jeremylong/DependencyCheck/issues/6299)) - fix: stream NVD data via Jackson to reduce memory footprint ([#6275](https://redirect.github.com/jeremylong/DependencyCheck/issues/6275)) - docs: document github action caching ([#6301](https://redirect.github.com/jeremylong/DependencyCheck/issues/6301)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/76?closed=1). ### [`v9.0.5`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-905-2023-12-13) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.4...v9.0.5) - fix: make NVD API endpoint configurable ([#6287](https://redirect.github.com/jeremylong/DependencyCheck/issues/6287)) - fix: synch last modified timestamp for NVD API ([#6281](https://redirect.github.com/jeremylong/DependencyCheck/issues/6281)) - fix: read NVD cache meta files if cache.properties does not exist ([#6282](https://redirect.github.com/jeremylong/DependencyCheck/issues/6282)) - fix: correct property for nonProxyHosts ([#6285](https://redirect.github.com/jeremylong/DependencyCheck/issues/6285)) - fix: reduce apache http logging ([#6280](https://redirect.github.com/jeremylong/DependencyCheck/issues/6280)) - fix: store last modified timestamp for RetireJS and the Hosted Suppression File in db ([#6271](https://redirect.github.com/jeremylong/DependencyCheck/issues/6271)) - build: bump golang in the docker image ([#6274](https://redirect.github.com/jeremylong/DependencyCheck/issues/6274)) - fix: use temporary files to reduce memory usage during the NVD Update ([#6270](https://redirect.github.com/jeremylong/DependencyCheck/issues/6270)) - fix: use BIT for Oracle DB instead of Boolean when calling prepared statements ([#6264](https://redirect.github.com/jeremylong/DependencyCheck/issues/6264)) - fix: showing all reference tags in reports ([#6259](https://redirect.github.com/jeremylong/DependencyCheck/issues/6259)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/75?closed=1). ### [`v9.0.4`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-904-2023-12-08) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.3...v9.0.4) - fix: utilize maven proxy if present ([#6255](https://redirect.github.com/jeremylong/DependencyCheck/issues/6255)) - fix: allow api key in cli to be quoted ([#6253](https://redirect.github.com/jeremylong/DependencyCheck/issues/6253)) - fix: use correct maven plugin reporting plugin ([#6244](https://redirect.github.com/jeremylong/DependencyCheck/issues/6244)) - fix: correct trailing comma in JSON report ([#6245](https://redirect.github.com/jeremylong/DependencyCheck/issues/6245)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/74?closed=1). ### [`v9.0.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-903-2023-12-06) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.2...v9.0.3) - fix: use Java properties for proxy configuration ([#6238](https://redirect.github.com/jeremylong/DependencyCheck/issues/6238)) - docs: update proxy configuration documentation ([#6237](https://redirect.github.com/jeremylong/DependencyCheck/issues/6237)) - docs: add documentation on caching ([#6204](https://redirect.github.com/jeremylong/DependencyCheck/issues/6204)) - docs: Clarify H2 database caching strategy ([#6220](https://redirect.github.com/jeremylong/DependencyCheck/issues/6220)) - docs: Update list of supported report formats ([#6224](https://redirect.github.com/jeremylong/DependencyCheck/issues/6224)) - docs: example 5 with new nvdDatafeedUrl parameter ([#6215](https://redirect.github.com/jeremylong/DependencyCheck/issues/6215)) - fix: prevent NPEs ([#6232](https://redirect.github.com/jeremylong/DependencyCheck/issues/6232) and [#6206](https://redirect.github.com/jeremylong/DependencyCheck/issues/6206)) - fix: check valid for hours for NVD API ([#6225](https://redirect.github.com/jeremylong/DependencyCheck/issues/6225)) - fix: correct NVD cache last checked logic ([#6218](https://redirect.github.com/jeremylong/DependencyCheck/issues/6218)) - fix: nvd datafeed should process current year ([#6213](https://redirect.github.com/jeremylong/DependencyCheck/issues/6213)) - fix: correct references to cvssv2 and cvssv3 fields in json and xml reports ([#6212](https://redirect.github.com/jeremylong/DependencyCheck/issues/6212)) - fix: correct name on reference links in report ([#6205](https://redirect.github.com/jeremylong/DependencyCheck/issues/6205)) - fix: flaws int the gitlab report ([#6193](https://redirect.github.com/jeremylong/DependencyCheck/issues/6193)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/73?closed=1). ### [`v9.0.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-902-2023-12-01) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.1...v9.0.2) - fix: remove virtual match string on NVD API Request ([#6177](https://redirect.github.com/jeremylong/DependencyCheck/issues/6177)) - fix: correct meta data in report after switching the NVD API ([#6154](https://redirect.github.com/jeremylong/DependencyCheck/issues/6154)) - fix: retry HTTP connections to NVD on 502 and 504 errors ([#6151](https://redirect.github.com/jeremylong/DependencyCheck/issues/6151)) - fix: Gitlab report format needs severity capitalized ([#6182](https://redirect.github.com/jeremylong/DependencyCheck/issues/6182)) - fix: improve JDK update version parsing ([#6163](https://redirect.github.com/jeremylong/DependencyCheck/issues/6163)) - fix: mute JCS logging (again) ([#6153](https://redirect.github.com/jeremylong/DependencyCheck/issues/6153)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/72?closed=1). ### [`v9.0.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-9010-2024-03-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v9.0.0...v9.0.1) - fix: [#4321](https://redirect.github.com/jeremylong/DependencyCheck/issues/4321) Suppress redis server CVEs for client libraries ([#4321](https://redirect.github.com/jeremylong/DependencyCheck/issues/4321)) ([#6489](https://redirect.github.com/jeremylong/DependencyCheck/issues/6489)) - fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 ([#6492](https://redirect.github.com/jeremylong/DependencyCheck/issues/6492)) - feat: Allow to pass NVD API key via environment variable ([#6454](https://redirect.github.com/jeremylong/DependencyCheck/issues/6454)) - fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block ([#6501](https://redirect.github.com/jeremylong/DependencyCheck/issues/6501)) - docs: document the default data directory ([#6484](https://redirect.github.com/jeremylong/DependencyCheck/issues/6484)) - fix: prevent NPE in bundler audit ([#6462](https://redirect.github.com/jeremylong/DependencyCheck/issues/6462)) - fix: [#6441](https://redirect.github.com/jeremylong/DependencyCheck/issues/6441) Improve suppression rule to not restrict to a single version ([#6442](https://redirect.github.com/jeremylong/DependencyCheck/issues/6442)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/80?closed=1). ### [`v9.0.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-900-2023-11-22) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.4.3...v9.0.0) **breaking changes**: See the [upgrade notice](https://redirect.github.com/jeremylong/DependencyCheck#900-upgrade-notice) - feat: Utilize NVD API ([#5978](https://redirect.github.com/jeremylong/DependencyCheck/issues/5978)) - feat: gitlab dependency scanner report format [#5919](https://redirect.github.com/jeremylong/DependencyCheck/issues/5919) ([#5920](https://redirect.github.com/jeremylong/DependencyCheck/issues/5920)) - fix: Use ASCII apostrophe for console message ([#6076](https://redirect.github.com/jeremylong/DependencyCheck/issues/6076)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/68?closed=1). ### [`v8.4.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-843-2023-11-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.4.2...v8.4.3) - fix: bump jcs3 ([#6047](https://redirect.github.com/jeremylong/DependencyCheck/issues/6047)) - docs: Corrected docs on hostedSuppressions ([#6035](https://redirect.github.com/jeremylong/DependencyCheck/issues/6035)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/70?closed=1). ### [`v8.4.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-842-2023-10-22) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.4.1...v8.4.2) - fix: correct log configuration in cli ([#6002](https://redirect.github.com/jeremylong/DependencyCheck/issues/6002)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/69?closed=1). ### [`v8.4.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-841-2023-10-21) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.4.0...v8.4.1) ##### Fixed - fix: upgrade to JCS3 ([#5114](https://redirect.github.com/jeremylong/DependencyCheck/issues/5114)) - fix: Support ~= version specifier in requirements.txt and pipfile ([#5902](https://redirect.github.com/jeremylong/DependencyCheck/issues/5902)) - fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name ([#5901](https://redirect.github.com/jeremylong/DependencyCheck/issues/5901)) - fix: Do not filter out evidences added by hints ([#5900](https://redirect.github.com/jeremylong/DependencyCheck/issues/5900)) - fix: fixes FP [#5925](https://redirect.github.com/jeremylong/DependencyCheck/issues/5925) ([#5927](https://redirect.github.com/jeremylong/DependencyCheck/issues/5927)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/67?closed=1). ### [`v8.4.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-840-2023-08-19) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.3.1...v8.4.0) ##### Added - feat: Add support for Nexus v3 to NexusAnalyzer ([#5849](https://redirect.github.com/jeremylong/DependencyCheck/issues/5849)) ##### Fixed - fix: Hint Analyzer should run before VersionFilter Analyzer ([#5818](https://redirect.github.com/jeremylong/DependencyCheck/issues/5818)) - chore: switch to sha1-pinning as suggested by Semgrep - fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter ([#5845](https://redirect.github.com/jeremylong/DependencyCheck/issues/5845)) - fix: use curl with -L to follow github redirect ([#5808](https://redirect.github.com/jeremylong/DependencyCheck/issues/5808)) - fix: use curl with -L to follow github redirect - fix: [#5671](https://redirect.github.com/jeremylong/DependencyCheck/issues/5671) out of memory error ([#5789](https://redirect.github.com/jeremylong/DependencyCheck/issues/5789)) - fix: [#5671](https://redirect.github.com/jeremylong/DependencyCheck/issues/5671) Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/66?closed=1). ### [`v8.3.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-831-2023-06-12) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.3.0...v8.3.1) Re-release of 8.3.0 as 8.3.1. ### [`v8.3.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-830-2023-06-12) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.2.1...v8.3.0) ##### Added - Add LibmanAnalyzer ([#5652](https://redirect.github.com/jeremylong/DependencyCheck/issues/5652)) - Update HTML report Dependencies header based on display settings ([#5619](https://redirect.github.com/jeremylong/DependencyCheck/issues/5619)) - Add link to suppressed vulnerabilities header in HTML report ([#5620](https://redirect.github.com/jeremylong/DependencyCheck/issues/5620)) - Enable local proxy configuration in maven plugin configuration ([#5696](https://redirect.github.com/jeremylong/DependencyCheck/issues/5696)) ##### Fixed - Fix npm alias present in requires of dependencies ([#5703](https://redirect.github.com/jeremylong/DependencyCheck/issues/5703)) - Make Central URL configurable via CLI ([#5667](https://redirect.github.com/jeremylong/DependencyCheck/issues/5667)) - Ensure support of CVSSv3.1 ([#5602](https://redirect.github.com/jeremylong/DependencyCheck/issues/5602)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/65?closed=1). ### [`v8.2.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-821-2023-03-23) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.2.0...v8.2.1) ##### Fixed - NullPointerException in MSBuildAnalyzer ([#5589](https://redirect.github.com/jeremylong/DependencyCheck/issues/5589)) - SQL Syntax for Oracle ([#5590](https://redirect.github.com/jeremylong/DependencyCheck/issues/5590)) - Use `https://` URLs in report templates ([#5582](https://redirect.github.com/jeremylong/DependencyCheck/issues/5582)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/64?closed=1). ### [`v8.2.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-820-2023-03-22) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.1.2...v8.2.0) ##### Added - Support msbuild Directory.build.props ([#5475](https://redirect.github.com/jeremylong/DependencyCheck/issues/5475)) - better display of NPM audit references - Add CVSS V3 results from NPM Audit results ##### Fixed - Fix several issues on NPM Audit reporting ([#5546](https://redirect.github.com/jeremylong/DependencyCheck/issues/5546)) - Case issue in SQL ([#5557](https://redirect.github.com/jeremylong/DependencyCheck/issues/5557)) - Fix CWE(s) extraction for NPM Audit advisories - Use the stable github_advisory_id instead of the now unstable id in NPM audit results See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/63?closed=1). ### [`v8.1.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-812-2023-02-28) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.1.1...v8.1.2) ##### Fixed - Fix `NullPointerException` in the Jar Analyzer introduced in 8.1.1 ([#5512](https://redirect.github.com/jeremylong/DependencyCheck/issues/5512)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/62?closed=1). ### [`v8.1.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-811-2023-02-27) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.1.0...v8.1.1) ##### Fixed - allow hosted suppressions file to be disabled ([#5509](https://redirect.github.com/jeremylong/DependencyCheck/issues/5509)) - Several FPs not suitable for our automation ([#5504](https://redirect.github.com/jeremylong/DependencyCheck/issues/5504)) - Fix incorrect defaults for nexus and central-analyzer in gradle plugin documentation ([#5503](https://redirect.github.com/jeremylong/DependencyCheck/issues/5503)) - Erroneous error-log for deprecated CLI flag usage when using properyfile based disablement of Node Audit Analyzer ([#5487](https://redirect.github.com/jeremylong/DependencyCheck/issues/5487)) - Prefer pom.properties G/A/V over pom.xml G/A/V to resolve GAV interpolation issues ([#5473](https://redirect.github.com/jeremylong/DependencyCheck/issues/5473)) - Node package dependencies ending up as related dependency of the wrong version of the package ([#5479](https://redirect.github.com/jeremylong/DependencyCheck/issues/5479)) - do not throw error if pyproject.toml is in node_modules ([#5470](https://redirect.github.com/jeremylong/DependencyCheck/issues/5470)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/61?closed=1). ### [`v8.1.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-810-2023-01-26) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.0.2...v8.1.0) ##### Added - `Pipefile.lock` files are now supported ([#5404](https://redirect.github.com/jeremylong/DependencyCheck/pull/5404)). - Python projects with only a `pyproject.toml` but no lock file or requirements will report an error as ODC is unable to analyze the project ([#5409](https://redirect.github.com/jeremylong/DependencyCheck/pull/5409)). ##### Fixed - Some maven projects caused false positives due to bad string interpolation ([#5421](https://redirect.github.com/jeremylong/DependencyCheck/pull/5421)). - Error message from Assembly Analyzer has been updated to emphasize dotnet 6 is required for analysis ([#5408](https://redirect.github.com/jeremylong/DependencyCheck/pull/5408)). - Correct issue where database defrag occurs even when no updates were performed ([#5441](https://redirect.github.com/jeremylong/DependencyCheck/pull/5441)). - Fixed several False Positives and one False Negative. - Fixed the `format` configuration more flexible in the gradle plugin ([dependency-check-gradle/#324](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/324)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/60?closed=1). ### [`v8.0.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-802-2023-01-26) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.0.1...v8.0.2) ##### Fixed - Resolved bug causing an issue with some Maven Extensions ([#5366](https://redirect.github.com/jeremylong/DependencyCheck/pull/5366)). - ArchiveAnalyzer will now correctly throw an exception if it cannot open an Archive ([#5371](https://redirect.github.com/jeremylong/DependencyCheck/pull/5371)). - Updated CSV report so that it no longer has a duplicate `description` column ([#5364](https://redirect.github.com/jeremylong/DependencyCheck/pull/5364)). - Moved several logging statements to trace which should drastically reduce the log size ([#5350](https://redirect.github.com/jeremylong/DependencyCheck/pull/5350)). - Fixed bug with RetireJS' `--retirejsFilterNonVulnerable` and `--retirejsFilter` when used with the CLI ([#5351](https://redirect.github.com/jeremylong/DependencyCheck/pull/5351)). - Fixed the `sarif` report format and added validation ([#5345](https://redirect.github.com/jeremylong/DependencyCheck/pull/5345) and ([#5363](https://redirect.github.com/jeremylong/DependencyCheck/pull/5363)) - Fixed `MalformedPackageException` in the gradle plugin ([dependency-check-gradle/#320](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/320)). - Fixed `MissingMethodException` in the gradle plugin ([dependency-check-gradle/#316](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/316)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/59?closed=1). ### [`v8.0.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-801-2023-01-18) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v8.0.0...v8.0.1) ##### Fixed - Fixed Stack Overflow Exception in the gradle plugin ([dependency-check-gradle/#308](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/308)). - Fixed No Signature of Method Exception in the gradle plugin ([dependency-check-gradle/#305](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/305)). - Updated DB initialization scripts for externally hosted DBs ([#5314](https://redirect.github.com/jeremylong/DependencyCheck/pull/5314) and [#5317](https://redirect.github.com/jeremylong/DependencyCheck/pull/5317)). - Postgres users will need to use the updated init script and 8.0.1. - Resolved NPE in the NodePackageAnalyzer ([#5339](https://redirect.github.com/jeremylong/DependencyCheck/pull/5339)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/58?closed=1). ### [`v8.0.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-800-2023-01-15) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.4.4...v8.0.0) ##### Added - Utilize the hosted suppression file to allow for faster remediation of reported False Positives ([#4723](https://redirect.github.com/jeremylong/DependencyCheck/issues/4723)). - Include the [CISA Known Exploited Vulnerability Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) ([#4878](https://redirect.github.com/jeremylong/DependencyCheck/issues/4878)). - The `gradle` and `maven` plugins now have the capability to scan the build plugins ([#4035](https://redirect.github.com/jeremylong/DependencyCheck/issues/4035)). - The `gradle` and `maven` plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency ([#5001](https://redirect.github.com/jeremylong/DependencyCheck/pull/5001)). - Added `properties.security-severity` to SARIF report for better integration with GitHub Security Code scanning ([#5277](https://redirect.github.com/jeremylong/DependencyCheck/pull/5227)). - Allow for HTTP auth settings for Retire JS repository ([#5209](https://redirect.github.com/jeremylong/DependencyCheck/pull/5209)). - New schema for the XML report was added to support some of the above additions ([#5296](https://redirect.github.com/jeremylong/DependencyCheck/pull/5296)). - Added missing gradle option to only warn on remote errors from the OSS Index Analyzer ([gradle #303](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/303)). ##### Changed - **Breaking:** the database schema updated - if using an external database the update scripts must be run! - The [exit codes](https://tldp.org/LDP/abs/html/exit-status.html) from the CLI have been changed to be in the range from 0-255 ([#4511](https://redirect.github.com/jeremylong/DependencyCheck/pull/4511). - The OSS Index Analyzer will automatically disable itself if a transport error occurs - preventing copious errors from being reported ([#5300](https://redirect.github.com/jeremylong/DependencyCheck/pull/5300])). ##### Fixed - Added an additional check for rejected CVEs to reduce FP ([#5268](https://redirect.github.com/jeremylong/DependencyCheck/pull/5268). - Corrected the analysis of `node_modules` to prevent NPEs ([#5266](https://redirect.github.com/jeremylong/DependencyCheck/pull/5266)). - Fixed error when scanning node packages with local dependencies ([#5235](https://redirect.github.com/jeremylong/DependencyCheck/pull/5235)). - Fixed NPE in the MSBuild Analyzer ([#5293](https://redirect.github.com/jeremylong/DependencyCheck/pull/5293)). - Several False Positives have been resolved. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/46?closed=1). ### [`v7.4.4`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-744-2023-01-06) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.4.3...v7.4.4) ##### Fixed - Resolved issue processing NVD CVE data due to column width ([#5229](https://redirect.github.com/jeremylong/DependencyCheck/issues/5229)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/56?closed=1). ### [`v7.4.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-743-2022-12-29) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.4.2...v7.4.3) ##### Fixed - Fixed NPE when analyzing version ranges in NPM ([#5158](https://redirect.github.com/jeremylong/DependencyCheck/issues/5158) & [#5190](https://redirect.github.com/jeremylong/DependencyCheck/issues/5190)) - Resolved several FP ([#5191](https://redirect.github.com/jeremylong/DependencyCheck/issues/5191)) See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/55?closed=1). ### [`v7.4.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-742-2022-12-28) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.4.1...v7.4.2) ##### Fixed - Fixes maven 3.1 compatibility issue ([#5152](https://redirect.github.com/jeremylong/DependencyCheck/issues/5152)) - Fixed issue with invalid `node_module` paths in some scans ([#5135](https://redirect.github.com/jeremylong/DependencyCheck/issues/5135)) - Fixed missing option to disable the Poetry Analyzer in the CLI ([#5160](https://redirect.github.com/jeremylong/DependencyCheck/issues/5160)) - Fixed missing option to configure the OSS Index URL in the CLI ([#5180](https://redirect.github.com/jeremylong/DependencyCheck/issues/5180)) - Fixed NPE when analyzing version ranges in NPM ([#5158](https://redirect.github.com/jeremylong/DependencyCheck/issues/5158)) - Fixed issue with non-proxy host in the gradle plugin ([https://github.com/dependency-check/dependency-check-gradle/pull/298](https://redirect.github.com/dependency-check/dependency-check-gradle/pull/298)) - Resolved several FP See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/54?closed=1). ### [`v7.4.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-741-2022-12-09) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.4.0...v7.4.1) ##### Fixed - Fixed bug when setting the proxy port in gradle ([#5123](https://redirect.github.com/jeremylong/DependencyCheck/issues/5123)) - Fixed issue with invalid `node_module` paths in some scans ([#5127](https://redirect.github.com/jeremylong/DependencyCheck/issues/5127)) - Resolved several FP See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/53?closed=1). ### [`v7.4.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-740-2022-12-04) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.3.2...v7.4.0) ##### Added - Add support for npm package lock v2 and v3 ([#5078](https://redirect.github.com/jeremylong/DependencyCheck/issues/5078)) - Added experimental support for Python Poetry ([#5025](https://redirect.github.com/jeremylong/DependencyCheck/issues/5025)) - Added a vanilla HTML report for use in Jenkins ([#5053](https://redirect.github.com/jeremylong/DependencyCheck/issues/5053)) ##### Changed - Renamed `RELEASE_NOTES.md` to `CHANGELOG.md` to be more conventional - Optimized checksum calculation to improve performance ([#5112](https://redirect.github.com/jeremylong/DependencyCheck/issues/5112)) - Added support for scanning .NET assemblies when only the dotnet runtime is installed ([#5087](https://redirect.github.com/jeremylong/DependencyCheck/issues/5087)) - Bumped several dependencies ##### Fixed - Fixed bug when setting the proxy port ([#5076](https://redirect.github.com/jeremylong/DependencyCheck/issues/5076)) - Resolved several FP and FN See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/52?closed=1). ### [`v7.3.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-732-2022-11-18) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.3.1...v7.3.2) ##### Changed - Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1. - Resolved several false positives and false negatives. - Use Jackson Afterburner if still on Java 8 ([#4966](https://redirect.github.com/jeremylong/DependencyCheck/issues/4966)). - Exclude `node_modules` from the Maven plugin's scan path ([#4974](https://redirect.github.com/jeremylong/DependencyCheck/issues/4974)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/51?closed=1). ### [`v7.3.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-731-2022-11-16) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.3.0...v7.3.1) ##### Changed - Resolved several false positives and false negatives. - Use Jackson Afterburner if still on Java 8 ([#4966](https://redirect.github.com/jeremylong/DependencyCheck/issues/4966)). - Exclude `node_modules` from the Maven plugin's scan path ([#4974](https://redirect.github.com/jeremylong/DependencyCheck/issues/4974)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/51?closed=1). ### [`v7.3.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-730-2022-10-19) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.2.1...v7.3.0) ##### Added - Added an experimental Dart analyzer ([#4869](https://redirect.github.com/jeremylong/DependencyCheck/issues/4869)). ##### Changed - Migrated from Jackson Afterburner to Blackbird ([#4905](https://redirect.github.com/jeremylong/DependencyCheck/issues/4905)). ##### Fixed - Fixed issue with the Maven plugin that caused concurrent modification exceptions ([#4935](https://redirect.github.com/jeremylong/DependencyCheck/issues/4935)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/50?closed=1). ### [`v7.2.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-721-2022-09-20) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.2.0...v7.2.1) ##### Fixed - Fixed logging issue ([#4846](https://redirect.github.com/jeremylong/DependencyCheck/issues/4846)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/49?closed=1). ### [`v7.2.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-720-2022-09-14) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.1.2...v7.2.0) ##### Changed - Add support for Bazel's pinned `maven_install.json` ([#4772](https://redirect.github.com/jeremylong/DependencyCheck/issues/4772)). - Fixed bug preventing the use of custom report templates ([#4800](https://redirect.github.com/jeremylong/DependencyCheck/issues/4800)). - Updated several dependencies including upgrades for dependencies with CVEs. - Several bug fixes made and suppression rules were added. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/48?closed=1). ### [`v7.1.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-712-2022-08-20) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.1.1...v7.1.2) ##### Changed - The maven plugin now includes pnpm and yarn lock files in the scan by default ([#4753](https://redirect.github.com/jeremylong/DependencyCheck/issues/4753)). - If a suppression rule is no longer used a log entry will be written ([#4685](https://redirect.github.com/jeremylong/DependencyCheck/issues/4685)). - Several bug fixes made and suppression rules added. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/47?closed=1). ### [`v7.1.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-711-2022-06-12) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.1.0...v7.1.1) ##### Fixed - Minor bug fixes. - Resolved several false positives. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/45?closed=1). ### [`v7.1.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-710-2022-04-23) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.0.4...v7.1.0) ##### Changed - Improved sorting in the HTML report ([see #4112](https://redirect.github.com/jeremylong/DependencyCheck/issues/4112)). - Improved support for Swift ([see #4265](https://redirect.github.com/jeremylong/DependencyCheck/pull/4265)). - Resolved several false positives. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/45?closed=1). ### [`v7.0.4`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-704-2022-03-30) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.0.3...v7.0.4) ##### Changed - Update to `jackson-databind` (see [#4285](https://redirect.github.com/jeremylong/DependencyCheck/issues/4285)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/43?closed=1). ### [`v7.0.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-703-2022-03-29) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.0.2...v7.0.3) ##### Changed - Update to `jackson-databind` (see [#4285](https://redirect.github.com/jeremylong/DependencyCheck/issues/4285)). See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/42?closed=1). ### [`v7.0.2`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-702-2022-03-28) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.0.1...v7.0.2) ##### Changed - General project maintenance, bug fixes, and false positive and false negative reductions. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/41?closed=1). ### [`v7.0.1`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-701-2022-03-23) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v7.0.0...v7.0.1) ##### Changed - General project maintenance, bug fixes, and false positive reductions. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/40?closed=1). ### [`v7.0.0`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-700-2022-02-28) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v6.5.3...v7.0.0) ##### Changed - **Breaking:** The H2 database version has been upgraded. - if you use the `dataDirectory` option you will need to run a purge after upgrading. - **Breaking:** Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available. - The Sarif report format has been fixed and can now be imported into GitHub if desired (See [#3993](https://redirect.github.com/jeremylong/DependencyCheck/issues/3993)). - Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports. - [Create New FP Report Issue](https://redirect.github.com/jeremylong/DependencyCheck/issues/new?assignees=\&labels=FP+Report\&template=false-positive-report.yml\&title=%5BFP%5D%3A+). - When analyzing Java projects ODC now includes data from the developers section. - This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly. - General project maintenance, bug fixes, and false positive reductions. See the full listing of [changes](https://redirect.github.com/jeremylong/DependencyCheck/milestone/28?closed=1). ### [`v6.5.3`](https://redirect.github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-653-2022-01-12) [Compare Source](https://redirect.github.com/jeremylong/DependencyCheck/compare/v6.5.2...v6.5.3) ##### Changed - Performance improvements for some Maven projects (see [#3923](https://redirect.github.com/jeremylong/DependencyCheck/issues/3923) and [#3931](https://redirect.git

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

entur / gbfs-validator-java

chore(deps): update dependency org.owasp:dependency-check-maven from v5.3.2 to v11 #70

Release Notes

Configuration

Quality Gate passed

Quality Gate passed

Quality Gate passed

Quality Gate passed