exist icon indicating copy to clipboard operation
exist copied to clipboard

Published 20 hours ago verified publisher icon eXist-db

Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps org.owasp:dependency-check-maven from 10.0.4 to 11.0.0.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 11.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 11.0.0 (2024-10-21)

  • breaking change: Switch from JMockit to Mockito & build target to Java 11 (#6922)
    • dependency-check now requires a minimum of Java 11.0 to run
  • breaking change: bump com.h2database:h2 from 2.1.214 to 2.3.232 (#6132)
    • H2 databases generated with an older version of ODC will not work with ODC 11.0.0; a new H2 db must be generated
  • feat: Replace old Downloader by an Apache HTTPClient based downloader
  • feat: Use Apache HTTPClient for downloads of public resources (#6949)
  • feat: Also make NodeAuditSearch usr our HTTPClient based connections
  • feat: Also make OSSIndexAnalyzer use our HTTPClient based connections
  • feat: Migrate CentralSearch to use Apache HTTP-client via Downloader
  • feat: Extend apache HTTP-client usage to EngineVersionCheck
  • feat: Remove the need to specify dbDriver for external databases using JDBCv4 ServiceLoader supporting JDBC drivers (#6938)
  • fix: use latest generated suppressions (#7064)
  • fix: Fixup parameter sequence for Dowloader credentials (#7033)
  • fix: Fixup the missing addition of NVD API Datafeed credentials (if configured)
  • fix: Fixup broken proxy authentication in first attempt; extend to include KEV downloads
  • fix: store timestamps locally for local resources (#6936)
  • build: Remove the animal-sniffer, propagate java version to plugin-archetype (#6950)
  • build: Update Checkstyle configuration and Suppression DTD references (#6951)
  • chore: Update test db schema (#7036)
  • chore: remove old, unneeded database upgrade script
  • docs: reformat javadoc (#7009)
  • docs: Fixup javadoc warnings (#6995)
  • chore: Replace use of several deprecated methods/classes by their successors (#6933)

See the full listing of changes.

Commits
  • db79571 build: prepare release v11.0.0
  • ab479cf docs: update release notes
  • 2b36c82 fix: use latest generated suppressions (#7064)
  • 30eb04e chore: Remove unnecessary mysql-connector suppressions (#7059)
  • 26bd04c build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.8.5 to 4.8....
  • bc1cc54 build(deps): bump org.apache.maven.plugins:maven-surefire-report-plugin from ...
  • 3734db6 build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.3.1 to...
  • b126e35 build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to ...
  • 46f1c72 build(deps): bump org.apache.maven.plugins:maven-deploy-plugin
  • d0d169e build(deps): bump org.apache.httpcomponents.client5:httpclient5
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Oct 22 '24 04:10 dependabot[bot]