-
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency org.owasp:dependency-check-maven to v8 #257
Update dependency org.owasp:dependency-check-maven to v8 #257
Conversation
Hey! Changelogs info seems to be missing or might be in incorrect format. |
Pull request by bot. No need to analyze |
aa95872
to
d3cda57
Compare
d3cda57
to
bd5636e
Compare
bd5636e
to
4937c9c
Compare
4937c9c
to
e69baf3
Compare
1a901d8
to
a9b39ec
Compare
c5ee431
to
39b4759
Compare
39b4759
to
3c203f6
Compare
3c203f6
to
89caa6c
Compare
89caa6c
to
363d69a
Compare
363d69a
to
f1c015f
Compare
f1c015f
to
c300bac
Compare
c300bac
to
909fd4f
Compare
909fd4f
to
840edb0
Compare
Stale pull request message |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
6.0.2
->8.2.1
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
jeremylong/DependencyCheck
v8.2.1
Compare Source
Fixed
https://
URLs in report templates (#5582)See the full listing of changes.
v8.2.0
Compare Source
Added
Fixed
See the full listing of changes.
v8.1.2
Compare Source
Fixed
NullPointerException
in the Jar Analyzer introduced in 8.1.1 (#5512)See the full listing of changes.
v8.1.1
Compare Source
Fixed
See the full listing of changes.
v8.1.0
Compare Source
Added
Pipefile.lock
files are now supported (#5404).pyproject.toml
but no lock file or requirements will report an error as ODC is unable to analyze the project (#5409).Fixed
format
configuration more flexible in the gradle plugin (dependency-check-gradle/#324).See the full listing of changes.
v8.0.2
Compare Source
Fixed
description
column (#5364).--retirejsFilterNonVulnerable
and--retirejsFilter
when used with the CLI (#5351).sarif
report format and added validation (#5345 and (#5363)MalformedPackageException
in the gradle plugin (dependency-check-gradle/#320).MissingMethodException
in the gradle plugin (dependency-check-gradle/#316).See the full listing of changes.
v8.0.1
Compare Source
Fixed
See the full listing of changes.
v8.0.0
Compare Source
Added
gradle
andmaven
plugins now have the capability to scan the build plugins (#4035).gradle
andmaven
plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency (#5001).properties.security-severity
to SARIF report for better integration with GitHub Security Code scanning (#5277).Changed
Fixed
node_modules
to prevent NPEs (#5266).See the full listing of changes.
v7.4.4
Compare Source
Fixed
See the full listing of changes.
v7.4.3
Compare Source
Fixed
See the full listing of changes.
v7.4.2
Compare Source
Fixed
node_module
paths in some scans (#5135)See the full listing of changes.
v7.4.1
Compare Source
Fixed
node_module
paths in some scans (#5127)See the full listing of changes.
v7.4.0
Compare Source
Added
Changed
RELEASE_NOTES.md
toCHANGELOG.md
to be more conventionalFixed
See the full listing of changes.
v7.3.2
Compare Source
Changed
node_modules
from the Maven plugin's scan path (#4974).See the full listing of changes.
v7.3.1
Compare Source
Changed
node_modules
from the Maven plugin's scan path (#4974).See the full listing of changes.
v7.3.0
Compare Source
Added
Changed
Fixed
See the full listing of changes.
v7.2.1
Compare Source
Fixed
See the full listing of changes.
v7.2.0
Compare Source
Changed
maven_install.json
(#4772).See the full listing of changes.
v7.1.2
Compare Source
Changed
See the full listing of changes.
v7.1.1
Compare Source
Fixed
See the full listing of changes.
v7.1.0
Compare Source
Changed
See the full listing of changes.
v7.0.4
Compare Source
Changed
jackson-databind
(see #4285).See the full listing of changes.
v7.0.3
Compare Source
Changed
jackson-databind
(see #4285).See the full listing of changes.
v7.0.2
Compare Source
Changed
See the full listing of changes.
v7.0.1
Compare Source
Changed
See the full listing of changes.
v7.0.0
Compare Source
Changed
dataDirectory
option you will need to run a purge after upgrading.See the full listing of changes.
v6.5.3
Compare Source
Changed
See the full listing of changes.
v6.5.2
Compare Source
Changed
pnpm
argmument to the CLI (#3916).See the full listing of changes.
v6.5.1
Compare Source
Changed
See the full listing of changes.
v6.5.0
Compare Source
Changed
See the full listing of changes.
v6.4.1
Compare Source
Added
CVE meta
files from the NVD to prevent rate limiting issues (see #3725).See the full listing of changes.
v6.4.0
Compare Source
Changed
cveStartYear
is now configurable and can be set to any year from 2002 to present.cveWaitTime
is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #3690).See the full listing of changes.
v6.3.2
Compare Source
Changed
See the full listing of changes.
v6.3.1
Compare Source
Fixed
See the full listing of changes.
v6.3.0
Compare Source
Changed
See the full listing of changes.
v6.2.2
Compare Source
Fixed
See the full listing of changes.
v6.2.1
Compare Source
Fixed
See the full listing of changes.
v6.2.0
Compare Source
Changed
See the full listing of changes.
v6.1.6
Compare Source
Fixed
See the full listing of changes.
v6.1.5
Compare Source
Fixed
See the full listing of changes.
v6.1.4
Compare Source
Changed
See the full listing of changes.
v6.1.3
Compare Source
Changed
See the full listing of changes.
v6.1.2
Compare Source
Changed
See the full listing of changes.
v6.1.1
Compare Source
Changed
See the full listing of changes.
v6.1.0
Compare Source
Changed
See the full listing of changes.
v6.0.5
Compare Source
Changed
See the full listing of changes.
v6.0.4
Compare Source
Changed
See the full listing of changes.
v6.0.3
Compare Source
Changed
Added a bash command completion script (see #2916); to add completion to your shell
completion-for-dependency-check.sh
can be found in the bin directory of the CLI:$ source completion-for-dependency-check.sh
An experimental PIP File Analyzer was added (see #2877).
Analysis of Node JS produced several false positives (see #2796); the analysis has
been updated to reduce the number of false positives.
and solely rely on the Node Audit Analyzer. There are plans to rework Node JS analysis
in a future release.
Support for external Oracle databases has been add for the 6.x releases (see #2899)
Resolved several reported false positives.
See the full listing of changes.
Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.