chore(deps): update dependency org.owasp:dependency-check-maven to v7
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.owasp:dependency-check-maven |
6.4.1 -> 7.3.2
|
Release Notes
jeremylong/DependencyCheck
v7.3.2
Changes
- Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
- Resolved several false positives and false negatives.
- Use Jackson Afterburner if still on Java 8 (#4966).
- Exclude
node_modules
from the Maven plugin's scan path (#4974). - See the full listing of changes.
v7.3.1
Changes
- Resolved several false positives and false negatives.
- Use Jackson Afterburner if still on Java 8 (#4966).
- Exclude
node_modules
from the Maven plugin's scan path (#4974). - See the full listing of changes.
v7.3.0
Changes
- Fixed issue with the Maven plugin that caused concurrent modification exceptions (#4935).
- Migrated from Jackson Afterburner to Blackbird (#4905).
- Added an experimental Dart analyzer (#4869).
- See the full listing of changes.
v7.2.1
Changes
v7.2.0
Changes
- Add support for Bazel's pinned
maven_install.json
(#4772). - Fixed bug preventing the use of custom report templates (#4800).
- Updated several dependencies including upgrades for dependencies with CVEs.
- Several bug fixes made and suppression rules were added.
- See the full listing of changes.
v7.1.2
Changes
- The maven plugin now includes pnpm and yarn lock files in the scan by default (#4753).
- If a suppression rule is no longer used a log entry will be written (#4685).
- Several bug fixes made and suppression rules added.
- See the full listing of changes.
v7.1.1
Changes
- Minor bug fixes.
- Resolved several false positives.
- See the full listing of changes.
v7.1.0
Changes
- Improved sorting in the HTML report (see #4112).
- Improved support for Swift (see #4265).
- Resolved several false positives.
- See the full listing of changes.
v7.0.4
Changes
v7.0.3
Changes
v7.0.2
Changes
- General project maintenance, bug fixes, and false positive and false negative reductions.
- See the full listing of changes.
v7.0.1
Changes
- General project maintenance, bug fixes, and false positive reductions.
- See the full listing of changes.
v7.0.0
Breaking Changes
- The H2 database version has been upgraded.
- if you use the
dataDirectory
option you will need to run a purge after upgrading.
- if you use the
- Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.
Changes
- The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
- Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
- When analyzing Java projects ODC now includes data from the developers section.
- This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
- General project maintenance, bug fixes, and false positive reductions.
- See the full listing of changes.
v6.5.3
Changes
- Performance improvements for some Maven projects (see #3923 and #3931).
- Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
- Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
- General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.2
Changes
- Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
- Bug fix when processing NPM lock files (#3893).
- Added missing
pnpm
argmument to the CLI (#3916). - General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.1
Changes
- Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#3787).
- Improved the analysis of Swift package manager (package.resolved - see #3813).
- General code maintenance and false positive reductions.
- See the full listing of changes.
v6.5.0
Changes
- Updated build configuration to create reproducible builds.
- Updated automated release process to work with branch protection.
- Resolved several false positives in the Java ecosystem.
- Enabled the Swift Resolved analyzer per #3735
- Improved iOS support per #3168 and #3765
- Added the a new pnpm Analyzer
- Fixed issue with some npm and yarn analysis failing due to large audit output
- See the full listing of changes.
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.