Bug ( skip ) npm vulnerabilities

[thib3113]

Describe the bug
Using a report from a node.js project, doesn't report all vulnerabilities ( node.js checker add some vulnerabilities from NVD, or from npm, and NPM doesn't use the same format )

To Reproduce
Steps to reproduce the behavior:

1. Run dependency-checker on a node project, with vulnerability
2. Run sonarqubescanner
3. See the vulnerabilities coming from npm are skipped

Current behavior
Vulnerabilities reported by NPM are skipped

Expected behavior
The plugin send npm vulnerabilities to sonarqube

Versions (please complete the following information):

• dependency-check : 5.0.0-M2
• sonarqube : 7.7
• dependency-check-sonar-plugin : 1.2.3

Additional context
I'll push a merge request, containing :

• failing test ( just loading the report )
• complete report.xml ( 6MB, unreadable by human, can be used for bench test )
• short report.xml ( containing a vulnerability from nvd, one from npm, and one without vulnerability) .
  ( the project is not so big, So I think report.xml can be really huge ) .

[Reamer]

Can you check the Snapshot-Build if this issue is still present?

[Reamer]

Fixed with 1.2.4