Bump dependency-check-maven from 4.0.0 to 4.0.2

[dependabot-preview]

Bumps dependency-check-maven from 4.0.0 to 4.0.2.

Changelog

Sourced from dependency-check-maven's changelog.

Version 4.0.2 (2019-01-01)

Enhancements

• Added the ability for the dependency-check-maven plugin to scan the dependencyManagement section
  of the pom.xml. Note that in the default configuration the dependency management section is skipped.
  To enable this feature set <skipDependencyManagement>false</skipDependencyManagement>.
• If using a local Nexus server (v2 or v3 pro) it is now possible to provide authentication credentials.
  • Previous versions only worked with anonymous/unauthenticated access.
  • See issue #977

Bug Fixes

• Updated fix for transitive dependencies with known vulnerabilities (guava and commons-collections)
  so that the upgrade occurs correctly in other integrations that utilize core; see
  issue #1562.
• Resolved several false positives

Version 4.0.1 (2018-12-17)

Bug Fixes

• Fixed issue with false positives due to Lucene upgrade. See #1531.
• Resolved several false positives.
• Resolved typo in documentation.

Commits

• 0c39611 added version 4.0.2 release notes
• b355855 version 4.0.2
• 5cf9206 checkstyle/cleanup
• 60d2d86 Merge pull request #1552 from guidoschreuder/enable-dependency-management-sca...
• 969c046 Merge pull request #1647 from jeremylong/fixScanAgentTest
• 0742e3d fix the scan agent test case as reported https://groups.google.com/forum/#!to...
• 4dce03c suppression rules for #1620, #1621, #1622, #1624, #1626, #1627, #1629, #1630,...
• 0865362 enable tests
• bfd472f proper fix for #1561
• 94dd6b8 make test case more flexible
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[whiskeysierra]

👍

[whiskeysierra]

👍