Update `dependency-check` library support to version 9.0.x

agilepoodle commented 7 months ago

Description

There is a mandatory upgrade notice due to the taking NVD API into use within dependency-check -library. This is a breaking change wrt. to version 8.x so changes to nvd-clojure are required.

Version

v3.6.0

Java version

$ java -version
openjdk version "17.0.8" 2023-07-18
OpenJDK Runtime Environment (Red_Hat-17.0.8.0.7-1.fc39) (build 17.0.8+7)
OpenJDK 64-Bit Server VM (Red_Hat-17.0.8.0.7-1.fc39) (build 17.0.8+7, mixed mode, sharing)

Installation compliance

[X] I have read again and made sure that I'm following exactly the instructions for my tool of choice (Leiningen, Clojure CLI, Clojure CLI Tool).
[X] I understand that false positives can be skipped locally and should be reported to DependencyCheck.

vemv commented 7 months ago

Thanks! I'm aware of this. The 9.x rollout was bumpy from NVD's side, as reflected in https://github.com/jeremylong/DependencyCheck/issues/6149

Looks like it's finally stable by now. I'll give it a shot. It might not as easy as bumping deps - there's been Java-level changes as well.

Cheers - V

vemv commented 7 months ago

I've got this working. I was holding off since there was one upstream bugfix release every few days.

I'll make the definitive release when https://github.com/jeremylong/DependencyCheck/milestone/78 is cut.

vemv commented 6 months ago

https://github.com/rm-hull/nvd-clojure/blob/dabe2b/CHANGELOG.md#changes-from-360-to-400 https://github.com/rm-hull/nvd-clojure#configuration-options

rm-hull / nvd-clojure