chore(deps): update dependency org.owasp:dependency-check-maven to v12.1.9 (master) - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.owasp:dependency-check-maven (source)	12.1.3 → 12.1.9

---

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.1.9

Compare Source

• fix: correct bundle audit gem in Dockerfile (#​8121)
• fix: normalization during comparisons (#​8046)
• docs: document multiple configurations for gradle (#​8111)
• docs: fix typos in some files (#​8106)
• docs: Update SBT plugin link; fix dead report link (#​8086)
• chore: Replace deprecated lucene methods (#​8079)
• docs: fix #​8076 - Error in documentation "Suppressing False Positives" (#​8077)
• fix(fp): Improve false positive suppression for matches against golang web_project (#​8059)
• fix(fp): Consolidate/update icu4j suppressions for false positives (#​8062)
• fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#​8063)
• fix(fp): Suppress false positive CPEs for protobuf-java per #​7854 (#​8064)

See the full listing of changes

v12.1.8

Compare Source

• fix: improve VulnerableSoftware comparison (#​8031)
• build: fix flaky central test (#​8039)
• docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#​8036)
• docs: add note about central analyzer for gradle (#​8038)

See the full listing of changes

v12.1.7

Compare Source

• fix: disable central analyzer after failures (#​7993)
• fix: Suppress JVM warnings from Lucene within CLI (#​8003)
• fix: Clean up Apache Lucene logging via SLF4j redirect (#​7979)
• fix: Correct Archive Analyzer behaviour on certain tgz archives (#​7986)
• fix: Update NVD CPE search URLs in generated reports to match new search interface (#​7970)
• fix: improve OSS Index Error Reporting (#​7977)
• fix(fp): Consolidate false positive suppression for false positives on Redis client libs (#​8017)
• fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#​7994)
• docs: improve slack notification documentation (#​8026)
• docs: Documentation artifactory settings fix (#​7999)
• docs: Clarify Nexus Analyzer requirements and usage (#​8000)
• build: Build amd64 and arm64 multi-platform Docker image (#​7952)

See the full listing of changes

v12.1.6

Compare Source

• fix: Disable OSS Index if its credentials are missing (#​7963)
• fix: Correct CVSSv4 parsing for low precision OSSIndex values (#​7935)
• fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#​7942)
• docs: Fix legacy GitHub links within docs and CHANGELOG (#​7944)
• chore: fix version typo in security policy (#​7936)

See the full listing of changes

v12.1.5

Compare Source

• fix: Update to support OSS Index Authentication Requirements (#​7920)
  • Note: OSS Index will require authentication starting 9/22/2025. Users must configure a free account to continue using the OSS Index Analyzer.
• fix: add CVSSv4 to suppressed entries in JSON report (#​7900)
• fix: correctly utilize CVSSv4 from ossindex (#​7899)
• fix: npe when processing cve with empty configuration (#​7888)
• fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod (#​7848)
• fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod
• fix: class loading problem with fat jars (#​7786) (#​7787)
• fix: Improve Artifactory handler log message (#​7838)
• fix: classloading problem with fat jars (#​7786)
• fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. (#​7784)
• fix(fp): resolves several false positives related to CVE-2021-41033 (#​7736)
• docs: Clarify format of exclude patterns (#​7879)
• docs: Document poetry-based analysis behaviour in Python analyzer (#​7855)
• docs: request FP reporters use the latest version of ODC. (#​7820)
• docs: update development pre-reqs (#​7792)
• docs: fix minor typos in false positive issue template (#​7763)

See the full listing of changes

v12.1.4

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.