Update dependency org.owasp:dependency-check-maven to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.owasp:dependency-check-maven	5.3.2 -> 6.1.1

---

Release Notes

jeremylong/DependencyCheck

v6.1.1

Compare Source

Changes

• Added missing configuration options for yarn and msbuild.
• Several bug fixes.
• See the full listing of changes.

v6.1.0

Compare Source

Changes

• Added SARIF file format per #​3081.
• Added support for Yarn per #​3063.
• False positive reduction and minor bug fixes.
• See the full listing of changes.

v6.0.5

Compare Source

Changes

• Added missing command line arguments per #​3028 and #​3035.
• False positive reduction and minor bug fixes.
• See the full listing of changes.

v6.0.4

Compare Source

Changes

• Minor bug fixes and reduction of false positives.
• See the full listing of
  changes.

v6.0.3

Compare Source

Changes

• Added a bash command completion script (see #​2916); to add completion to your shell
  completion-for-dependency-check.sh can be found in the bin directory of the CLI:

  $ source completion-for-dependency-check.sh

• An experimental PIP File Analyzer was added (see #​2877).
• Analysis of Node JS produced several false positives (see #​2796); the analysis has
  been updated to reduce the number of false positives.
  • If analyzing Node JS projects it is highly recommended to disable the Node JS Analyzer
    and solely rely on the Node Audit Analyzer. There are plans to rework Node JS analysis
    in a future release.
• Support for external Oracle databases has been add for the 6.x releases (see #​2899)
• Resolved several reported false positives.
• Several other bug fixes have been implemented; see the full listing of
  changes.

v6.0.2

Compare Source

Changes

• The project is migrating from hosting the release archives on Bintray and moving them to Github under the assets for each release

  • Please update any automation you have to point to the new location.

• Npm Audit Analyzer now correctly skips dev dependencies (--nodeAuditSkipDevDependencies); see #​2482.

• GoLang Analyzer now scans transitive dependencies; see #​2680.

• Several bug fixes found in 6.0.1.

• Full listing of changes.

v6.0.1

Compare Source

Changes

• Improved error messages when upgrading from 5.x to 6.x; due to breaking database changes if the old
  database schema is detected an error message is produced indicating that the old database should be purged.

• Fixed the database path for the Ant and Gradle plugins.

• Added locking around the RetireJS updates to resolve read/write conflicts in CI environments.

• Full listing of changes.

v6.0.0

Compare Source

Changes

• Updated database schema; this is a breaking change and anyone using an external database or those whom
  specify the data directory will need recreate the database (including users of the docker image). The schema
  changes were made to:

  • Improve the CVSS data, when available, per #​2547
  • Improve the way that ecosystems are determined
  • Improve the update performance of external databases

• Users with an external Oracle database will not be able to upgrade as #​2755
  has not been resolved - as such, version 6.0.0 does not support Oracle.

• Users mirroring the NVD - ODC 6.0.0 requires the use of the version 1.1 data feeds -
  please ensure you are using 1.1 not the 1.0 data feed.

• Full listing of changes.

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.