chore(deps): update dependency org.owasp:dependency-check-maven to v6.5.3
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.owasp:dependency-check-maven |
6.4.1 -> 6.5.3
|
Release Notes
jeremylong/DependencyCheck
v6.5.3
Changes
- Performance improvements for some Maven projects (see #3923 and #3931).
- Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
- Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
- General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.2
Changes
- Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
- Bug fix when processing NPM lock files (#3893).
- Added missing
pnpm
argmument to the CLI (#3916). - General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.1
Changes
- Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#3787).
- Improved the analysis of Swift package manager (package.resolved - see #3813).
- General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.0
Changes
- Updated build configuration to create reproducible builds.
- Updated automated release process to work with branch protection.
- Resolved several false positives in the Java ecosystem.
- Enabled the Swift Resolved analyzer per #3735
- Improved iOS support per #3168 and #3765
- Added the a new pnpm Analyzer
- Fixed issue with some npm and yarn analysis failing due to large audit output
- See the full listing of changes.
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.