Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.owasp:dependency-check-maven to v6.5.3 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency org.owasp:dependency-check-maven to v6.5.3 #10

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 27, 2021
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven 6.1.3 -> 6.5.3 age adoption passing confidence

Release Notes

jeremylong/DependencyCheck

v6.5.3

Compare Source

Changes

  • Performance improvements for some Maven projects (see #​3923 and #​3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #​3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #​3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.2

Compare Source

Changes

  • Fixed false positives around log4j-api and Log4j-web (#​3910 & #​3937).
  • Bug fix when processing NPM lock files (#​3893).
  • Added missing pnpm argmument to the CLI (#​3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.1

Compare Source

Changes

  • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#​3787).
  • Improved the analysis of Swift package manager (package.resolved - see #​3813).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.0

Compare Source

Changes

  • Updated build configuration to create reproducible builds.
  • Updated automated release process to work with branch protection.
  • Resolved several false positives in the Java ecosystem.
  • Enabled the Swift Resolved analyzer per #​3735
  • Improved iOS support per #​3168 and #​3765
  • Added the a new pnpm Analyzer
  • Fixed issue with some npm and yarn analysis failing due to large audit output
  • See the full listing of changes.

v6.4.1

Compare Source

Changes

  • Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #​3725).
  • See the full listing of changes.

v6.4.0

Compare Source

Changes

  • Increased timeout between downloads from the NVD to prevent rate limiting issues (see #​3722).
    • cveStartYear is now configurable and can be set to any year from 2002 to present.
    • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #​3690).
    • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
  • Fixed NPE in the ODC maven plugin (see #​3702.
  • See the full listing of changes.

v6.3.2

Compare Source

Changes

  • Reduced chance of rate limiting when download files from NVD (see #​2670).
  • Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #​3627).
  • See the full listing of changes.

v6.3.1

Compare Source

Changes

v6.3.0

Compare Source

Changes

  • Many updates were made to improve performance on large scans, reduce false positives, and other bug fixes.
  • Increased the width of four columns in the database; if you use a an external database you should also update the width (see upgrade_5.1.sql).
  • See the full listing of changes.

v6.2.2

Compare Source

Changes

v6.2.1

Compare Source

Changes

v6.2.0

Compare Source

Changes

  • Added an experimental Perl CPAN analyzer #​3378
    • Note that the full DSL of the CPAN is not yet supported so any required dependency is analyzed (i.e. there is no way to exclude development requirements)
  • Improved database performance #​3206
  • The archive analyzer now extracts files from RPM archives #​3226
  • Ensure ordered output in reports #​3243
  • Several minor bug fixes and updates to reduce false positives
  • See the full listing of changes.

v6.1.6

Compare Source

Changes

  • Resolved issue with Sarif report (#​3243)
  • Resolved issue with Ruby Bundle Audit (#​3256)
  • Several minor bug fixes and updates to reduce false positives
  • See the full listing of changes.

v6.1.5

Compare Source

Changes

  • Fixed a second NPE introduced in 6.1.3 (see #​3246)
  • See the full listing of changes.

v6.1.4

Compare Source

Changes

  • Fixed an NPE introduced in 6.1.3 (see #​3212)
  • See the full listing of changes.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.2.2 Update dependency org.owasp:dependency-check-maven to v6.3.0 Aug 31, 2021
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-6.x branch 2 times, most recently from c73bbce to b339c8d Compare September 1, 2021 13:14
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.0 Update dependency org.owasp:dependency-check-maven to v6.3.1 Sep 1, 2021
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-6.x branch from b339c8d to 3622536 Compare September 29, 2021 14:22
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.1 Update dependency org.owasp:dependency-check-maven to v6.3.2 Sep 29, 2021
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-6.x branch from 3622536 to fec83e5 Compare October 11, 2021 19:15
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.2 Update dependency org.owasp:dependency-check-maven to v6.4.0 Oct 11, 2021
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.0 Update dependency org.owasp:dependency-check-maven to v6.4.1 Oct 11, 2021
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-6.x branch from fec83e5 to 7979279 Compare October 11, 2021 22:27
@renovate renovate bot force-pushed the renovate/org.owasp-dependency-check-maven-6.x branch from 7979279 to 840501e Compare March 7, 2022 17:53
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.1 Update dependency org.owasp:dependency-check-maven to v6.5.3 Mar 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot