Bump dependency-check-maven from 5.2.1 to 5.3.1

[dependabot-preview]

Bumps dependency-check-maven from 5.2.1 to 5.3.1.

Changelog

Sourced from dependency-check-maven's changelog.

Version 5.3.1 (2020-03-10)

Changes

• Added an experimental PE Analyzer that reads the PE headersof DLL and EXE files; see #2448 and #2446.
• Lots of bug fixes and updates to false positives and false negatives
  • You may see a large one time performance hit when updating the database after updating to 5.3.1
• Full listing of changes.

Version 5.3.0 (2020-01-15)

Changes

• Updated the JSON report to include a new field for unscored vulnerabilities (see #2392).
• Updated the XML report to include a new attribute to flag unscored vulnerabilities (see #2392)
  • see https://github.com/jeremylong/DependencyCheck/blob/master/core/src/main/resources/schema/dependency-check.2.3.xsd
• Added an experimental analyzer that will lookup Node libraries in the NVD data feeds (see #1249)
  • NpmCPEAnalyzer, experimental analyzers must be enabled, controlled via property analyzer.npm.cpe.enabled which will be exposed as a configuration option in the next release.
• Full listing of changes.

Version 5.2.4 (2019-11-12)

Changes

• Reverted a in 5.2.3 that caused the dependency-check.sh script to fail on some systems (including the docker image).
• Fixed issue with pretty printing the XML report.
• Full listing of resolved issues.

Version 5.2.3 (2019-11-11)

Changes

• Updated to use the NVD JSON 1.1 schema (see #2273).
  • This update is 100% backward compatible with the 1.0 schema if you are mirroring the 1.0 JSON files.
• Added nonProxyHosts to the CLI and gradle plugin.
• False positive corrections.
• General code cleanup/bug fix.
• Full listing of resolved issues and pull requests.

Version 5.2.2 (2019-09-22)

Changes

• False positive corrections
• General code cleanup/bug fix
• Full listing of resolved issues.

Commits

• 17451f8 updated for version 5.3.1
• 34c01d6 version 5.3.1
• 435ef1f checkstyle corrections
• 1e3ef48 Merge branch 'master' of github.com:jeremylong/DependencyCheck
• 6454b63 version 5.3.1
• eb85ce7 Bump groovy-all from 2.4.18 to 2.4.19 (#2508)
• 3c05f6d updated per jeremylong/dependency-check-gradle#175
• 585d560 updated FP per #2395, #2433, #2453, #2464, #2489, #2498, and #2499
• 6b5bb42 Merge branch 'master' of github.com:jeremylong/DependencyCheck
• ba5a5f4 Bump jsoup from 1.12.2 to 1.13.1 (#2506)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #40.