Update dependency org.owasp:dependency-check-maven to v6.5.0

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
org.owasp:dependency-check-maven	minor	6.1.3 -> 6.5.0

---

Release Notes

jeremylong/DependencyCheck

v6.5.0

Compare Source

Changes

• Updated build configuration to create reproducible builds.
• Updated automated release process to work with branch protection.
• Resolved several false positives in the Java ecosystem.
• Enabled the Swift Resolved analyzer per #​3735
• Improved iOS support per #​3168 and #​3765
• Added the a new pnpm Analyzer
• Fixed issue with some npm and yarn analysis failing due to large audit output
• See the full listing of changes.

v6.4.1

Compare Source

Changes

• Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #​3725).
• See the full listing of changes.

v6.4.0

Compare Source

Changes

• Increased timeout between downloads from the NVD to prevent rate limiting issues (see #​3722).
  • cveStartYear is now configurable and can be set to any year from 2002 to present.
  • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #​3690).
  • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
• Fixed NPE in the ODC maven plugin (see #​3702.
• See the full listing of changes.

v6.3.2

Compare Source

Changes

• Reduced chance of rate limiting when download files from NVD (see #​2670).
• Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #​3627).
• See the full listing of changes.

v6.3.1

Compare Source

Changes

• Fixed ConcurrentModificationException
• See the full listing of changes.

v6.3.0

Compare Source

Changes

• Many updates were made to improve performance on large scans, reduce false positives, and other bug fixes.
• Increased the width of four columns in the database; if you use a an external database you should also update the width (see upgrade_5.1.sql).
• See the full listing of changes.

v6.2.2

Compare Source

Changes

• Resolved issue with database connections introduced in 6.2.0 (see #3408 reusing the same connection before returning it to the pool jeremylong/DependencyCheck#3432).
• See the full listing of changes.

v6.2.1

Compare Source

Changes

• Resolved issue with database connections introduced in 6.2.0 (see org.owasp:dependency-check-maven:6.2.0 DatabaseException: Unable to connect to the database jeremylong/DependencyCheck#3416).
• See the full listing of changes.

v6.2.0

Compare Source

Changes

• Added an experimental Perl CPAN analyzer #​3378
  • Note that the full DSL of the CPAN is not yet supported so any required dependency is analyzed (i.e. there is no way to exclude development requirements)
• Improved database performance #​3206
• The archive analyzer now extracts files from RPM archives #​3226
• Ensure ordered output in reports #​3243
• Several minor bug fixes and updates to reduce false positives
• See the full listing of changes.

v6.1.6

Compare Source

Changes

• Resolved issue with Sarif report (#​3243)
• Resolved issue with Ruby Bundle Audit (#​3256)
• Several minor bug fixes and updates to reduce false positives
• See the full listing of changes.

v6.1.5

Compare Source

Changes

• Fixed a second NPE introduced in 6.1.3 (see #​3246)
• See the full listing of changes.

v6.1.4

Compare Source

Changes

• Fixed an NPE introduced in 6.1.3 (see #​3212)
• See the full listing of changes.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.