chore(deps): update dependency org.owasp:dependency-check-maven to v7
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.owasp:dependency-check-maven |
6.5.2 -> 7.0.0
|
Release Notes
jeremylong/DependencyCheck
v7.0.0
Breaking Changes
- The H2 database version has been upgraded.
- if you use the
dataDirectory
option you will need to run a purge after upgrading.
- if you use the
- Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.
Changes
- The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
- Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
- When analyzing Java projects ODC now includes data from the developers section.
- This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
- General project maintenance, bug fixes, and false positive reductions.
- See the full listing of changes.
v6.5.3
Changes
- Performance improvements for some Maven projects (see #3923 and #3931).
- Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
- Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
- General code maintenance and false positive reductions.
- See the full listing of changes.
Configuration
-
If you want to rebase/retry this MR, check this box.
This MR has been generated by Renovate Bot.