chore(deps): update dependency org.owasp:dependency-check-maven to v7.4.4
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.owasp:dependency-check-maven |
7.1.0 -> 7.4.4
|
Release Notes
jeremylong/DependencyCheck
v7.4.4
Fixed
- Resolved issue processing NVD CVE data due to column width (#5229)
See the full listing of changes.
v7.4.3
Fixed
See the full listing of changes.
v7.4.2
Fixed
- Fixes maven 3.1 compatibility issue (#5152)
- Fixed issue with invalid
node_module
paths in some scans (#5135) - Fixed missing option to disable the Poetry Analyzer in the CLI (#5160)
- Fixed missing option to configure the OSS Index URL in the CLI (#5180)
- Fixed NPE when analyzing version ranges in NPM (#5158)
- Fixed issue with non-proxy host in the gradle plugin (https://github.com/dependency-check/dependency-check-gradle/pull/298)
- Resolved several FP
See the full listing of changes.
v7.4.1
Fixed
- Fixed bug when setting the proxy port in gradle (#5123)
- Fixed issue with invalid
node_module
paths in some scans (#5127) - Resolved several FP
See the full listing of changes.
v7.4.0
Added
- Add support for npm package lock v2 and v3 (#5078)
- Added experimental support for Python Poetry (#5025)
- Added a vanilla HTML report for use in Jenkins (#5053)
Changed
- Renamed
RELEASE_NOTES.md
toCHANGELOG.md
to be more conventional - Optimized checksum calculation to improve performance (#5112)
- Added support for scanning .NET assemblies when only the dotnet runtime is installed (#5087)
- Bumped several dependencies
Fixed
- Fixed bug when setting the proxy port (#5076)
- Resolved several FP and FN
See the full listing of changes.
v7.3.2
Changed
- Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
- Resolved several false positives and false negatives.
- Use Jackson Afterburner if still on Java 8 (#4966).
- Exclude
node_modules
from the Maven plugin's scan path (#4974).
See the full listing of changes.
v7.3.1
Changed
- Resolved several false positives and false negatives.
- Use Jackson Afterburner if still on Java 8 (#4966).
- Exclude
node_modules
from the Maven plugin's scan path (#4974).
See the full listing of changes.
v7.3.0
Added
- Added an experimental Dart analyzer (#4869).
Changed
- Migrated from Jackson Afterburner to Blackbird (#4905).
Fixed
- Fixed issue with the Maven plugin that caused concurrent modification exceptions (#4935).
See the full listing of changes.
v7.2.1
Fixed
- Fixed logging issue (#4846).
See the full listing of changes.
v7.2.0
Changed
- Add support for Bazel's pinned
maven_install.json
(#4772). - Fixed bug preventing the use of custom report templates (#4800).
- Updated several dependencies including upgrades for dependencies with CVEs.
- Several bug fixes made and suppression rules were added.
See the full listing of changes.
v7.1.2
Changed
- The maven plugin now includes pnpm and yarn lock files in the scan by default (#4753).
- If a suppression rule is no longer used a log entry will be written (#4685).
- Several bug fixes made and suppression rules added.
See the full listing of changes.
v7.1.1
Fixed
- Minor bug fixes.
- Resolved several false positives.
See the full listing of changes.
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.