Skip to content

Bump dependency-check-maven from 6.2.2 to 7.1.1

Ruben van Dijk requested to merge dependabot-maven-org.owasp-dependency-check-maven-7.1.1 into master

Bumps dependency-check-maven from 6.2.2 to 7.1.1.

Release notes

Sourced from dependency-check-maven's releases.

Version 7.1.1

Changes

  • Minor bug fixes.
  • Resolved several false positives.
  • See the full listing of changes.

Version 7.1.0

Changes

Version 7.0.4

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.3

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.2

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.

Version 7.0.1

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 7.0.0

Breaking Changes

  • The H2 database version has been upgraded.
    • if you use the dataDirectory option you will need to run a purge after upgrading.
  • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

Changes

  • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
  • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
  • When analyzing Java projects ODC now includes data from the developers section.
    • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 6.5.3

Changes in this Release

... (truncated)

Changelog

Sourced from dependency-check-maven's changelog.

Version 7.1.1 (2022-06-12)

Changes

  • Minor bug fixes.
  • Resolved several false positives.
  • See the full listing of changes.

Version 7.1.0 (2022-04-23)

Changes

Version 7.0.4 (2022-03-30)

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.3 (2022-03-29)

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.

Version 7.0.2 (2022-03-28)

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.

Version 7.0.1 (2022-03-23)

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.

Version 7.0.0 (2022-02-28)

Breaking Changes

  • The H2 database version has been upgraded.

... (truncated)

Commits
  • e52aea2 [maven-release-plugin] prepare release v7.1.1
  • 82b4e7a prepare release notes
  • cd8449c Merge pull request #4584 from jeremylong/fp-fixes
  • 85908a3 Merge pull request #4588 from jeremylong/dependabot/maven/org.postgresql-post...
  • c9bdd16 Bump postgresql from 42.3.6 to 42.4.0
  • 823e71a Merge branch 'main' into fp-fixes
  • 69339b0 Merge pull request #4583 from hpoettker/spring-cloud-dataflow-rest
  • 9ea003e Suppress false CPE match for spring-ws library
  • 4449409 Suppress FP CPE match for activemq-artemis-native
  • b014fff Suppress FP CPE for Spring Cloud Dataflow REST artifacts
  • Additional commits viewable in compare view

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports