Mentions légales du service

Skip to content

chore(deps): update dependency org.owasp:dependency-check-maven to v7

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven 6.4.1 -> 7.3.2 age adoption passing confidence

Release Notes

jeremylong/DependencyCheck

v7.3.2

Compare Source

Changes

  • Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
  • Resolved several false positives and false negatives.
  • Use Jackson Afterburner if still on Java 8 (#​4966).
  • Exclude node_modules from the Maven plugin's scan path (#​4974).
  • See the full listing of changes.

v7.3.1

Compare Source

Changes

  • Resolved several false positives and false negatives.
  • Use Jackson Afterburner if still on Java 8 (#​4966).
  • Exclude node_modules from the Maven plugin's scan path (#​4974).
  • See the full listing of changes.

v7.3.0

Compare Source

Changes

  • Fixed issue with the Maven plugin that caused concurrent modification exceptions (#​4935).
  • Migrated from Jackson Afterburner to Blackbird (#​4905).
  • Added an experimental Dart analyzer (#​4869).
  • See the full listing of changes.

v7.2.1

Compare Source

Changes

v7.2.0

Compare Source

Changes

  • Add support for Bazel's pinned maven_install.json (#​4772).
  • Fixed bug preventing the use of custom report templates (#​4800).
  • Updated several dependencies including upgrades for dependencies with CVEs.
  • Several bug fixes made and suppression rules were added.
  • See the full listing of changes.

v7.1.2

Compare Source

Changes

  • The maven plugin now includes pnpm and yarn lock files in the scan by default (#​4753).
  • If a suppression rule is no longer used a log entry will be written (#​4685).
  • Several bug fixes made and suppression rules added.
  • See the full listing of changes.

v7.1.1

Compare Source

Changes

  • Minor bug fixes.
  • Resolved several false positives.
  • See the full listing of changes.

v7.1.0

Compare Source

Changes

  • Improved sorting in the HTML report (see #​4112).
  • Improved support for Swift (see #​4265).
  • Resolved several false positives.
  • See the full listing of changes.

v7.0.4

Compare Source

Changes

  • Update to jackson-databind (see #​4285).
  • See the full listing of changes.

v7.0.3

Compare Source

Changes

  • Update to jackson-databind (see #​4285).
  • See the full listing of changes.

v7.0.2

Compare Source

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.

v7.0.1

Compare Source

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

v7.0.0

Compare Source

Breaking Changes

  • The H2 database version has been upgraded.
    • if you use the dataDirectory option you will need to run a purge after upgrading.
  • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

Changes

  • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #​3993).
  • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
  • When analyzing Java projects ODC now includes data from the developers section.
    • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

v6.5.3

Compare Source

Changes

  • Performance improvements for some Maven projects (see #​3923 and #​3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #​3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #​3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.2

Compare Source

Changes

  • Fixed false positives around log4j-api and Log4j-web (#​3910 & #​3937).
  • Bug fix when processing NPM lock files (#​3893).
  • Added missing pnpm argmument to the CLI (#​3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.1

Compare Source

Changes

  • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#​3787).
  • Improved the analysis of Swift package manager (package.resolved - see #​3813).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.0

Compare Source

Changes

  • Updated build configuration to create reproducible builds.
  • Updated automated release process to work with branch protection.
  • Resolved several false positives in the Java ecosystem.
  • Enabled the Swift Resolved analyzer per #​3735
  • Improved iOS support per #​3168 and #​3765
  • Added the a new pnpm Analyzer
  • Fixed issue with some npm and yarn analysis failing due to large audit output
  • See the full listing of changes.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Edited by Renovate Tac

Merge request reports

Loading