Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.owasp:dependency-check-maven to v6.5.4-SNAPSHOT #91

Merged
merged 1 commit into from
Sep 25, 2022
Merged

Update dependency org.owasp:dependency-check-maven to v6.5.4-SNAPSHOT #91

merged 1 commit into from
Sep 25, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 4, 2020
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.owasp:dependency-check-maven (source) 6.0.2 -> 6.5.4-SNAPSHOT age adoption passing confidence

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

jeremylong/DependencyCheck

v6.5.3

Compare Source

Changes

  • Performance improvements for some Maven projects (see #​3923 and #​3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #​3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #​3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.2

Compare Source

Changes

  • Fixed false positives around log4j-api and Log4j-web (#​3910 & #​3937).
  • Bug fix when processing NPM lock files (#​3893).
  • Added missing pnpm argmument to the CLI (#​3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.1

Compare Source

Changes

  • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#​3787).
  • Improved the analysis of Swift package manager (package.resolved - see #​3813).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.

v6.5.0

Compare Source

Changes

  • Updated build configuration to create reproducible builds.
  • Updated automated release process to work with branch protection.
  • Resolved several false positives in the Java ecosystem.
  • Enabled the Swift Resolved analyzer per #​3735
  • Improved iOS support per #​3168 and #​3765
  • Added the a new pnpm Analyzer
  • Fixed issue with some npm and yarn analysis failing due to large audit output
  • See the full listing of changes.

v6.4.1

Compare Source

Changes

  • Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #​3725).
  • See the full listing of changes.

v6.4.0

Compare Source

Changes

  • Increased timeout between downloads from the NVD to prevent rate limiting issues (see #​3722).
    • cveStartYear is now configurable and can be set to any year from 2002 to present.
    • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #​3690).
    • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
  • Fixed NPE in the ODC maven plugin (see #​3702.
  • See the full listing of changes.

v6.3.2

Compare Source

Changes

  • Reduced chance of rate limiting when download files from NVD (see #​2670).
  • Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #​3627).
  • See the full listing of changes.

v6.3.1

Compare Source

Changes

v6.3.0

Compare Source

Changes

  • Many updates were made to improve performance on large scans, reduce false positives, and other bug fixes.
  • Increased the width of four columns in the database; if you use a an external database you should also update the width (see upgrade_5.1.sql).
  • See the full listing of changes.

v6.2.2

Compare Source

Changes

v6.2.1

Compare Source

Changes

v6.2.0

Compare Source

Changes

  • Added an experimental Perl CPAN analyzer #​3378
    • Note that the full DSL of the CPAN is not yet supported so any required dependency is analyzed (i.e. there is no way to exclude development requirements)
  • Improved database performance #​3206
  • The archive analyzer now extracts files from RPM archives #​3226
  • Ensure ordered output in reports #​3243
  • Several minor bug fixes and updates to reduce false positives
  • See the full listing of changes.

v6.1.6

Compare Source

Changes

  • Resolved issue with Sarif report (#​3243)
  • Resolved issue with Ruby Bundle Audit (#​3256)
  • Several minor bug fixes and updates to reduce false positives
  • See the full listing of changes.

v6.1.5

Compare Source

Changes

  • Fixed a second NPE introduced in 6.1.3 (see #​3246)
  • See the full listing of changes.

v6.1.4

Compare Source

Changes

  • Fixed an NPE introduced in 6.1.3 (see #​3212)
  • See the full listing of changes.

v6.1.3

Compare Source

Changes

  • Modified the new CPE matching strategy to be more performant (#​3207)
  • Upgraded a vulnerable dependency (velocity-engine-core/CVE-2020-13936) (#​3205)
  • See the full listing of changes.

v6.1.2

Compare Source

Changes

  • Fixed a bug in the Sarif report generation.
  • Fixed a bug with the Ant task not being able to read the dependency-check properties file in 6.1.1.
  • Added a new CPE matching strategy to reduce false negatives.
  • CLI and Ant task will no longer be published to bintray.
  • Several minor bug fixes.
  • See the full listing of changes.

v6.1.1

Compare Source

Changes

  • Added missing configuration options for yarn and msbuild.
  • Several bug fixes.
  • See the full listing of changes.

v6.1.0

Compare Source

Changes

  • Added SARIF file format per #​3081.
  • Added support for Yarn per #​3063.
  • False positive reduction and minor bug fixes.
  • See the full listing of changes.

v6.0.5

Compare Source

Changes

  • Added missing command line arguments per #​3028 and #​3035.
  • False positive reduction and minor bug fixes.
  • See the full listing of changes.

v6.0.4

Compare Source

Changes

  • Minor bug fixes and reduction of false positives.
  • See the full listing of changes.

v6.0.3

Compare Source

Changes

  • Added a bash command completion script (see #​2916); to add completion to your shell
    completion-for-dependency-check.sh can be found in the bin directory of the CLI:

    $ source completion-for-dependency-check.sh

  • An experimental PIP File Analyzer was added (see #​2877).

  • Analysis of Node JS produced several false positives (see #​2796); the analysis has
    been updated to reduce the number of false positives.

    • If analyzing Node JS projects it is highly recommended to disable the Node JS Analyzer
      and solely rely on the Node Audit Analyzer. There are plans to rework Node JS analysis
      in a future release.

  • Support for external Oracle databases has been add for the 6.x releases (see #​2899)

  • Resolved several reported false positives.

  • Several other bug fixes have been implemented; see the full listing of changes.

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Contributor Author

renovate bot commented Nov 4, 2020

Branch automerge failure

This PR was configured for branch automerge, however this is not possible so it has been raised as a PR instead.

  • Branch has one or more failed status checks

@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 8 times, most recently from 72b1b05 to f431198 Compare November 21, 2020 01:43
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 4 times, most recently from d41be12 to 5185e30 Compare November 28, 2020 19:17
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 4 times, most recently from f740a60 to 901053d Compare December 9, 2020 00:39
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 3 times, most recently from a7806d7 to 6b2c13b Compare December 17, 2020 01:49
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 2 times, most recently from b25b60d to f860507 Compare December 24, 2020 02:22
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 2 times, most recently from a345428 to 3ab44f1 Compare January 1, 2021 20:10
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.0.3 Update dependency org.owasp:dependency-check-maven to v6.0.4 Jan 1, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 3 times, most recently from 53da79b to 9fed143 Compare January 6, 2021 01:21
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch 5 times, most recently from 7c86a04 to a3b99d7 Compare August 31, 2021 13:12
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.2.2 Update dependency org.owasp:dependency-check-maven to v6.3.0 Aug 31, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from a3b99d7 to e5d773a Compare September 1, 2021 13:11
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.0 Update dependency org.owasp:dependency-check-maven to v6.3.1 Sep 1, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from e5d773a to 56df11f Compare September 29, 2021 14:01
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.1 Update dependency org.owasp:dependency-check-maven to v6.3.2 Sep 29, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from 56df11f to ae6ed3c Compare October 11, 2021 15:07
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.3.2 Update dependency org.owasp:dependency-check-maven to v6.4.0-SNAPSHOT Oct 11, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from ae6ed3c to 65081a1 Compare October 11, 2021 19:12
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.0-SNAPSHOT Update dependency org.owasp:dependency-check-maven to v6.4.0 Oct 11, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from 65081a1 to d1e9c4f Compare October 11, 2021 22:40
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.0 Update dependency org.owasp:dependency-check-maven to v6.4.1 Oct 11, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from d1e9c4f to 370eeab Compare October 15, 2021 13:27
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.1 Update dependency org.owasp:dependency-check-maven to v6.4.2-SNAPSHOT Oct 15, 2021
@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from 370eeab to ba06276 Compare October 25, 2021 12:18
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.4.2-SNAPSHOT Update dependency org.owasp:dependency-check-maven to v6.5.0-SNAPSHOT Oct 25, 2021
@sonarcloud
Copy link

sonarcloud bot commented Oct 25, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from ba06276 to 09dc93b Compare March 7, 2022 11:37
@renovate renovate bot changed the title Update dependency org.owasp:dependency-check-maven to v6.5.0-SNAPSHOT Update dependency org.owasp:dependency-check-maven to v6.5.4-SNAPSHOT Mar 7, 2022
@viezly
Copy link

viezly bot commented Mar 7, 2022

Pull request by bot. No need to analyze

@sonarcloud
Copy link

sonarcloud bot commented Mar 7, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot force-pushed the renovate/maven-dependency-check-plugin.version branch from 09dc93b to 1896c22 Compare September 25, 2022 16:11
@renovate renovate bot merged commit 346c7bf into master Sep 25, 2022
@renovate renovate bot deleted the renovate/maven-dependency-check-plugin.version branch September 25, 2022 16:11
@sonarcloud
Copy link

sonarcloud bot commented Sep 25, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants