Merge 85ac339 into f84616f

CHANGELOG.md

@@ -1,9 +1,12 @@
+## Changes from 2.4.0 to 2.5.0
+
+* Update `dependency-check-core`.
+
 ## Changes from 2.3.0 to 2.4.0
 
 * [#123](https://github.com/rm-hull/nvd-clojure/issues/123): Explicitly only analyze dependencies/artifacts that are relevant to JVM projects.
   * i.e. the internal analyzers that are specialized in other ecosystems e.g. .NET, Ruby, Node.js, etc will not be run at all, improving performance and accuracy.
   * The nvd-clojure implementation never allowed non-jar files to be analyzed, so in practice no behavior has possibly been changed.  
-  * ([Read more](https://github.com/rm-hull/nvd-clojure/tree/v2.4.0#configuration-options))
 * Update `dependency-check-core`.
 * Misc cosmetic improvements for what is printed during execution.
 

Makefile

@@ -2,7 +2,7 @@
 
 # Example usage:
 # copy a temporary Clojars token to your clipboard
-# GIT_TAG=v2.4.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
+# GIT_TAG=v2.5.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
 # (recommended) delete said token.
 
 deploy: check-env

README.md

@@ -26,12 +26,12 @@ dependencies and passes them to a library called [Dependency-Check](https://gith
 
 <details>
 
-Please create a separate project consisting of `[nvd-clojure/nvd-clojure "2.4.0"]`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting of `[nvd-clojure/nvd-clojure "2.5.0"]`. Said project can be located inside the targeted repo's Git repository.
 
 ```
 (defproject nvd-helper "local"
   :description "nvd-clojure helper project"
-  :dependencies [[nvd-clojure "2.4.0"]])
+  :dependencies [[nvd-clojure "2.5.0"]])
 ```
 
 Please do not add nvd-clojure as a dependency or plugin in the project.clj of the project to be analysed.
@@ -54,7 +54,7 @@ If you are using a multi-modules solution (e.g. `lein-monolith`), you should ens
 
 <details>
 
-Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "2.4.0"}`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "2.5.0"}`. Said project can be located inside the targeted repo's Git repository.
 
 Please do not add nvd-clojure as a dependency in the deps.edn of the project to be analysed.
 

deps.edn

@@ -4,7 +4,7 @@
         clansi/clansi {:mvn/version "1.0.0"}
         org.clojure/data.json {:mvn/version "2.4.0"}
         org.slf4j/slf4j-simple {:mvn/version "2.0.0-alpha1"}
-        org.owasp/dependency-check-core {:mvn/version "7.0.2"}
+        org.owasp/dependency-check-core {:mvn/version "7.0.4"}
         rm-hull/table {:mvn/version "0.7.1"}
         trptcolin/versioneer {:mvn/version "0.2.0"}}
  :mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"}

project.clj

@@ -1,4 +1,4 @@
-(defproject nvd-clojure "2.4.0"
+(defproject nvd-clojure "2.5.0"
   :description "National Vulnerability Database dependency checker"
   :url "https://github.com/rm-hull/nvd-clojure"
   :license {:name "The MIT License (MIT)"
@@ -7,7 +7,7 @@
                  [clansi "1.0.0"]
                  [org.clojure/data.json "2.4.0"]
                  [org.slf4j/slf4j-simple "2.0.0-alpha1"]
-                 [org.owasp/dependency-check-core "7.0.2"]
+                 [org.owasp/dependency-check-core "7.0.4"]
                  [rm-hull/table "0.7.1"]
                  [trptcolin/versioneer "0.2.0"]
                  ;; Explicitly depend on a certain Jackson, consistently.
@@ -18,7 +18,7 @@
                  [com.fasterxml.jackson.module/jackson-module-afterburner "2.13.2"]
                  [org.apache.maven.resolver/maven-resolver-transport-http "1.7.3" #_"Fixes a CVE"]
                  [org.apache.maven/maven-core "3.8.5" #_"Fixes a CVE"]
-                 [org.eclipse.jetty/jetty-client "11.0.8" #_"Fixes a CVE" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-client "11.0.9" #_"Fixes a CVE" :exclusions [org.slf4j/slf4j-api]]
                  [org.apache.maven.resolver/maven-resolver-spi "1.7.3" #_"Satisfies :pedantic?"]
                  [org.apache.maven.resolver/maven-resolver-api "1.7.3" #_"Satisfies :pedantic?"]
                  [org.apache.maven.resolver/maven-resolver-util "1.7.3" #_"Satisfies :pedantic?"]

test/nvd/config_test.clj

@@ -27,7 +27,7 @@
    [clojure.test :refer [deftest is]]
    [nvd.config :refer [app-name with-config]]))
 
-(def dependency-check-version "7.0.2")
+(def dependency-check-version "7.0.4")
 
 (deftest check-app-name
   (is (= "stdin" (app-name {:nome "hello-world" :version "0.0.1"})))