chore(deps): update dependency org.owasp:dependency-check-maven to v6.5.0
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.owasp:dependency-check-maven |
6.3.1 -> 6.5.0
|
Release Notes
jeremylong/DependencyCheck
v6.5.0
Changes
- Updated build configuration to create reproducible builds.
- Updated automated release process to work with branch protection.
- Resolved several false positives in the Java ecosystem.
- Enabled the Swift Resolved analyzer per #3735
- Improved iOS support per #3168 and #3765
- Added the a new pnpm Analyzer
- Fixed issue with some npm and yarn analysis failing due to large audit output
- See the full listing of changes.
v6.4.1
Changes
- Added download attempts with increasing wait time for
CVE meta
files from the NVD to prevent rate limiting issues (see #3725). - See the full listing of changes.
v6.4.0
Changes
- Increased timeout between downloads from the NVD to prevent rate limiting issues (see #3722).
-
cveStartYear
is now configurable and can be set to any year from 2002 to present. -
cveWaitTime
is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #3690). - The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
-
- Fixed NPE in the ODC maven plugin (see #3702.
- See the full listing of changes.
v6.3.2
Changes
Configuration
-
If you want to rebase/retry this MR, check this box.
This MR has been generated by Renovate Bot.