Mentions légales du service

Skip to content

chore(deps): update dependency org.owasp:dependency-check-maven to v6.5.3 - autoclosed

Renovate Tac requested to merge renovate/org.owasp-dependency-check-maven-6.x into develop

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven 6.3.1 -> 6.5.3 age adoption passing confidence

Release Notes

jeremylong/DependencyCheck

v6.5.3

Compare Source

Changes
  • Performance improvements for some Maven projects (see #​3923 and #​3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #​3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #​3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.2

Compare Source

Changes
  • Fixed false positives around log4j-api and Log4j-web (#​3910 & #​3937).
  • Bug fix when processing NPM lock files (#​3893).
  • Added missing pnpm argmument to the CLI (#​3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.1

Compare Source

Changes
  • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#​3787).
  • Improved the analysis of Swift package manager (package.resolved - see #​3813).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.0

Compare Source

Changes
  • Updated build configuration to create reproducible builds.
  • Updated automated release process to work with branch protection.
  • Resolved several false positives in the Java ecosystem.
  • Enabled the Swift Resolved analyzer per #​3735
  • Improved iOS support per #​3168 and #​3765
  • Added the a new pnpm Analyzer
  • Fixed issue with some npm and yarn analysis failing due to large audit output
  • See the full listing of changes.

v6.4.1

Compare Source

Changes
  • Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #​3725).
  • See the full listing of changes.

v6.4.0

Compare Source

Changes
  • Increased timeout between downloads from the NVD to prevent rate limiting issues (see #​3722).
    • cveStartYear is now configurable and can be set to any year from 2002 to present.
    • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #​3690).
    • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
  • Fixed NPE in the ODC maven plugin (see #​3702.
  • See the full listing of changes.

v6.3.2

Compare Source

Changes
  • Reduced chance of rate limiting when download files from NVD (see #​2670).
  • Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #​3627).
  • See the full listing of changes.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Edited by Renovate Tac

Merge request reports