Bump dependency-check-maven from 7.4.3 to 8.0.0

[dependabot]

Bumps dependency-check-maven from 7.4.3 to 8.0.0.

Release notes

Sourced from dependency-check-maven's releases.

Version 8.0.0

Added

• Utilize the hosted suppression file to allow for faster remediation of reported False Positives (#4723).
• Include the CISA Known Exploited Vulnerability Catalog (#4878).
• The gradle and maven plugins now have the capability to scan the build plugins (#4035).
• The gradle and maven plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency (#5001).
• Added properties.security-severity to SARIF report for better integration with GitHub Security Code scanning (#5277).
• Allow for HTTP auth settings for Retire JS respository (#5209).
• New schema for the XML report was added to support some of the above additions (#5296).
• Added missing gradle option to only warn on remote errors from the OSS Index Analyzer ([gradle #303](dependency-check/dependency-check-gradle#303)).

Changed

• Breaking: the database schema updated - if using an external database the update scripts must be run!
• The exit codes from the CLI have been changed to be in the range from 0-255 (#4511.
• The OSS Index Analyzer will automatically disable itself if a transport error occurs - preventing copious errors from being reported (#5300).

Fixed

• Added an additional check for rejected CVEs to reduce FP (#5268.
• Corrected the analysis of node_modules to prevent NPEs (#5266).
• Fixed error when scanning node packages with local dependencies (#5235).
• Fixed NPE in the MSBuild Analyzer (#5293).
• Several False Positives have been resolved.

See the full listing of changes.

Version 7.4.4

Fixed

• Resolved issue processing NVD CVE data due to column width (#5229)

See the full listing of changes.

Changelog

Sourced from dependency-check-maven's changelog.

Version 8.0.0 (2023-01-15)

Added

• Utilize the hosted suppression file to allow for faster remediation of reported False Positives (#4723).
• Include the CISA Known Exploited Vulnerability Catalog (#4878).
• The gradle and maven plugins now have the capability to scan the build plugins (#4035).
• The gradle and maven plugins, for transitive dependencies, will report the root dependency in the project that included the transitive dependency (#5001).
• Added properties.security-severity to SARIF report for better integration with GitHub Security Code scanning (#5277).
• Allow for HTTP auth settings for Retire JS respository (#5209).
• New schema for the XML report was added to support some of the above additions (#5296).
• Added missing gradle option to only warn on remote errors from the OSS Index Analyzer ([gradle #303](dependency-check/dependency-check-gradle#303)).

Changed

• Breaking: the database schema updated - if using an external database the update scripts must be run!
• The exit codes from the CLI have been changed to be in the range from 0-255 (#4511.
• The OSS Index Analyzer will automatically disable itself if a transport error occurs - preventing copious errors from being reported (#5300).

Fixed

• Added an additional check for rejected CVEs to reduce FP (#5268.
• Corrected the analysis of node_modules to prevent NPEs (#5266).
• Fixed error when scanning node packages with local dependencies (#5235).
• Fixed NPE in the MSBuild Analyzer (#5293).
• Several False Positives have been resolved.

See the full listing of changes.

Version 7.4.4 (2023-01-06)

Fixed

• Resolved issue processing NVD CVE data due to column width (#5229)

See the full listing of changes.

Commits

• f3d806d build:prepare release v8.0.0
• 990bbbf docs: prep 8.0.0 release
• 5b65fa2 fix(fp): transfer generated suppressions
• 7e36522 docs: updates for 8.0.0 (#5299)
• 5c1c07a fix: correct supported versions
• 8df6208 fix: Add hosted suppressions args to completion, fixup CLI documentation of a...
• 465b942 fix: add CISA Known Exploited Vulnerability Catalog to report credits (#5301)
• 4947c56 fix: disable OSS Index Analyzer when transport errors occur (#5300)
• 345337f fix: add missing hostedSuppressions args to completion
• d3bad35 fix: Fixup copy/paste error in CLI argument documentation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #3591 (17a64ac) into master (89c4006) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #3591      +/-   ##
============================================
- Coverage     44.05%   44.04%   -0.02%     
+ Complexity     6300     6297       -3     
============================================
  Files          1590     1590              
  Lines         39936    39936              
  Branches       3653     3653              
============================================
- Hits          17594    17589       -5     
- Misses        20986    20988       +2     
- Partials       1356     1359       +3     

Impacted Files	Coverage Δ
...thentication/consumer/RSAConsumerTokenManager.java	70.96% <0.00%> (-6.46%)	⬇️
.../servicecomb/registry/discovery/DiscoveryTree.java	80.32% <0.00%> (-3.28%)	⬇️
...ecomb/foundation/common/utils/SPIServiceUtils.java	83.92% <0.00%> (-1.79%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more