search

entur / schema2proto

XSD to proto descriptor conversion tool capable of manipulating proto files as well
European Union Public License 1.2
39 stars 20 forks source link

Update dependency org.owasp:dependency-check-maven from v9.2.0 to v10 #596

Closed renovate[bot] closed 1 month ago

renovate[bot] commented 1 month ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 9.2.0 -> 10.0.3 age adoption passing confidence

Release Notes

jeremylong/DependencyCheck (org.owasp:dependency-check-maven) ### [`v10.0.3`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1003-2024-07-16) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v10.0.2...v10.0.3) - feat: Enable configuration of a lower resultsPerPage on NVD API ([#​6843](https://togithub.com/jeremylong/DependencyCheck/issues/6843)) - build(deps): bump open-vulnerability-clients from 6.1.6 to 6.1.7 ([#​6848](https://togithub.com/jeremylong/DependencyCheck/issues/6848)) - build(deps): bump JamesIves/github-pages-deploy-action from 4.6.1 to 4.6.3 ([#​6814](https://togithub.com/jeremylong/DependencyCheck/issues/6814)) - build(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.0 ([#​6762](https://togithub.com/jeremylong/DependencyCheck/issues/6762)) - build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 ([#​6815](https://togithub.com/jeremylong/DependencyCheck/issues/6815)) - build(deps): bump golang from 1.22.4-alpine to 1.22.5-alpine ([#​6805](https://togithub.com/jeremylong/DependencyCheck/issues/6805)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/84?closed=1). ### [`v10.0.2`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1002-2024-07-06) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v10.0.1...v10.0.2) **Mandatory Upgrade** - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients. - build(deps): bump open-vulnerability-clients ([#​6810](https://togithub.com/jeremylong/DependencyCheck/issues/6810)) - fix(db): [#​6788](https://togithub.com/jeremylong/DependencyCheck/issues/6788) removing redundant db index "idxVulnerability" on "vulnerability.cve" ([#​6807](https://togithub.com/jeremylong/DependencyCheck/issues/6807)) - docs: Further improve formatting and docs of H2 database caching strats ([#​6804](https://togithub.com/jeremylong/DependencyCheck/issues/6804)) - fix: update_vulnerability in dbStatements_oracle.properties ([#​6803](https://togithub.com/jeremylong/DependencyCheck/issues/6803)) - fix: fix NPE ([#​6778](https://togithub.com/jeremylong/DependencyCheck/issues/6778)) - fix: add hint to resolve false negative ([#​6802](https://togithub.com/jeremylong/DependencyCheck/issues/6802)) - chore: update configure ([#​6794](https://togithub.com/jeremylong/DependencyCheck/issues/6794)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/86?closed=1). ### [`v10.0.1`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1001-2024-07-02) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v10.0.0...v10.0.1) - build(deps): bump open-vulnerability-client ([#​6772](https://togithub.com/jeremylong/DependencyCheck/issues/6772)) - fix: remove debug logging ([#​6770](https://togithub.com/jeremylong/DependencyCheck/issues/6770)) - fix: postgresql column count error ([#​6773](https://togithub.com/jeremylong/DependencyCheck/issues/6773)) - fix: mssql column name and version ([#​6761](https://togithub.com/jeremylong/DependencyCheck/issues/6761)) - docs: update supported versions ([#​6771](https://togithub.com/jeremylong/DependencyCheck/issues/6771)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/85?closed=1). ### [`v10.0.0`](https://togithub.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1000-2024-07-01) [Compare Source](https://togithub.com/jeremylong/DependencyCheck/compare/v9.2.0...v10.0.0) - **breaking change**: upgrade to dotnet 8.0 ([#​6580](https://togithub.com/jeremylong/DependencyCheck/issues/6580)) - Users of the AssemblyAnalyzer must upgrade/utilize dotnet 8 to analyze assemblies - feat: fix the NVD API related errors by adding cvssV4 support ([#​6756](https://togithub.com/jeremylong/DependencyCheck/issues/6756)) - **breaking changes**: anyone utilizing a centralized database will need to upgrade the schema; see changes in [PR #​6756](https://togithub.com/jeremylong/DependencyCheck/pull/6756/files#diff-ca432c4b41d39caa84d140e06694b09c7e6394c8a2db72ba27516dc77ee3bd67) - fix: avoid escaping unnecessary chars in HTML report suppression regexes ([#​6749](https://togithub.com/jeremylong/DependencyCheck/issues/6749)) - fix: [#​6688](https://togithub.com/jeremylong/DependencyCheck/issues/6688) Trim version number when parsin POM ([#​6705](https://togithub.com/jeremylong/DependencyCheck/issues/6705)) - fix: change request if lockfile is file v3 ([#​6690](https://togithub.com/jeremylong/DependencyCheck/issues/6690)) - fix: skip pyproject.toml unless it contains `tool.poetry` before ensuring lockfiles ([#​6681](https://togithub.com/jeremylong/DependencyCheck/issues/6681)) See the full listing of [changes](https://togithub.com/jeremylong/DependencyCheck/milestone/83?closed=1).

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.