From 3f1b558dd3e3e5e296b26e7bad010564ff90fe7e Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 31 Mar 2024 07:35:40 -0400 Subject: [PATCH 1/4] docs: prepare release 9.1.0 --- CHANGELOG.md | 9 +++++++++ README.md | 4 ++-- SECURITY.md | 2 +- ant/pom.xml | 2 +- archetype/pom.xml | 2 +- cli/pom.xml | 2 +- core/pom.xml | 2 +- maven/pom.xml | 2 +- pom.xml | 2 +- utils/pom.xml | 2 +- 10 files changed, 19 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 733e07823a9..07fcb995a51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Change Log +## [Version 9.1.0](https://github.com/jeremylong/DependencyCheck/releases/tag/v9.1.0) (2024-03-31) + +- feat: Add v2 support for maven_install.json (#6528) +- build(deps): bump open-vulnerability-client (#6554) + - resolves update issues due to CVSS Metrics 4.0 +- build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353) +- build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362) +- build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506) + ## [Version 9.0.10](https://github.com/jeremylong/DependencyCheck/releases/tag/v9.0.10) (2024-03-15) - fix: #4321 Suppress redis server CVEs for client libraries (#4321) (#6489) diff --git a/README.md b/README.md index db68da84001..58faaf7a960 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ the transitive dependencies of dependency-check to specific versions. For exampl dependencies { constraints { // org.owasp.dependencycheck needs at least this version of jackson. Other plugins pull in older versions.. - add("implementation", "com.fasterxml.jackson:jackson-bom:2.16.0") + add("implementation", "com.fasterxml.jackson:jackson-bom:2.16.1") // org.owasp.dependencycheck needs these versions. Other plugins pull in older versions.. add("implementation", "org.apache.commons:commons-lang3:3.14.0") @@ -356,7 +356,7 @@ Dependency-Check makes use of several other open source libraries. Please see th This product uses the NVD API but is not endorsed or certified by the NVD. -Copyright (c) 2012-2023 Jeremy Long. All Rights Reserved. +Copyright (c) 2012-2024 Jeremy Long. All Rights Reserved. [wiki]: https://github.com/jeremylong/DependencyCheck/wiki [notices]: https://github.com/jeremylong/DependencyCheck/blob/main/NOTICE.txt diff --git a/SECURITY.md b/SECURITY.md index a1b9d65547e..089e555cbde 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ | Version | Supported | | ---------|--------------------| -| 9.0.0+ | :white_check_mark: | +| 9.1.0+ | :white_check_mark: | | <= 8.4.3 | :x: | ## Reporting a Vulnerability diff --git a/ant/pom.xml b/ant/pom.xml index 479d283ee67..13d6752a850 100644 --- a/ant/pom.xml +++ b/ant/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-ant diff --git a/archetype/pom.xml b/archetype/pom.xml index 690c94657af..cefc597b02e 100644 --- a/archetype/pom.xml +++ b/archetype/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-plugin Dependency-Check Plugin Archetype diff --git a/cli/pom.xml b/cli/pom.xml index 7f7588c2c82..24c44db7be2 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-cli diff --git a/core/pom.xml b/core/pom.xml index 406cab0eb44..33e767ef45a 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-core diff --git a/maven/pom.xml b/maven/pom.xml index 5bec2e11736..bac84cc581c 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-maven maven-plugin diff --git a/pom.xml b/pom.xml index 227eea8edf1..1f6b6b7c77c 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT pom diff --git a/utils/pom.xml b/utils/pom.xml index 4ca5b7c10b8..2af5dbe1bf4 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.0.11-SNAPSHOT + 9.1.0-SNAPSHOT dependency-check-utils From e0b9397ed392ebcf39f10b4d1c94cac475367824 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 31 Mar 2024 07:36:57 -0400 Subject: [PATCH 2/4] build: prepare release v9.1.0 --- ant/pom.xml | 4 ++-- archetype/pom.xml | 6 +++--- cli/pom.xml | 4 ++-- core/pom.xml | 4 ++-- maven/pom.xml | 4 ++-- pom.xml | 6 +++--- utils/pom.xml | 4 ++-- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ant/pom.xml b/ant/pom.xml index 13d6752a850..27883a7cad7 100644 --- a/ant/pom.xml +++ b/ant/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-ant @@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/ant scm:git:git@github.com:jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 diff --git a/archetype/pom.xml b/archetype/pom.xml index cefc597b02e..fae33cb47d3 100644 --- a/archetype/pom.xml +++ b/archetype/pom.xml @@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-plugin Dependency-Check Plugin Archetype jar - 2024-03-15T09:52:32Z + 2024-03-31T11:36:08Z scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/archetype scm:git:git@github.com:jeremylong/DependencyCheck.git - HEAD + v9.1.0 diff --git a/cli/pom.xml b/cli/pom.xml index 24c44db7be2..7a0890f98ca 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-cli @@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/cli scm:git:git@github.com:jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 dependency-check-${project.version} diff --git a/core/pom.xml b/core/pom.xml index 33e767ef45a..fedbae3ff20 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-core @@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/core scm:git:git@github.com:jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 diff --git a/maven/pom.xml b/maven/pom.xml index bac84cc581c..aece925b8a0 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-maven maven-plugin @@ -35,7 +35,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/master/maven scm:git:git@github.com:jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 3.1.0 diff --git a/pom.xml b/pom.xml index 1f6b6b7c77c..5cfef3edf5c 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 pom @@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck scm:git:https://github.com/jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 github @@ -112,7 +112,7 @@ Copyright (c) 2012 - Jeremy Long - 2024-03-15T09:52:32Z + 2024-03-31T11:36:08Z UTF-8 UTF-8 github diff --git a/utils/pom.xml b/utils/pom.xml index 2af5dbe1bf4..70ae95d7c56 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0-SNAPSHOT + 9.1.0 dependency-check-utils @@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/utils scm:git:git@github.com:jeremylong/DependencyCheck.git - v6.4.1 + v9.1.0 org.owasp.dependencycheck.utils.* From be3fcc836340dc92ee39f5277d48a573584802e4 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 31 Mar 2024 07:36:57 -0400 Subject: [PATCH 3/4] build: prepare for next development iteration --- ant/pom.xml | 4 ++-- archetype/pom.xml | 6 +++--- cli/pom.xml | 4 ++-- core/pom.xml | 4 ++-- maven/pom.xml | 4 ++-- pom.xml | 6 +++--- utils/pom.xml | 4 ++-- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ant/pom.xml b/ant/pom.xml index 27883a7cad7..3571a387c7c 100644 --- a/ant/pom.xml +++ b/ant/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-ant @@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/ant scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 diff --git a/archetype/pom.xml b/archetype/pom.xml index fae33cb47d3..ded3deeaf37 100644 --- a/archetype/pom.xml +++ b/archetype/pom.xml @@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-plugin Dependency-Check Plugin Archetype jar - 2024-03-31T11:36:08Z + 2024-03-31T11:36:57Z scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/archetype scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + HEAD diff --git a/cli/pom.xml b/cli/pom.xml index 7a0890f98ca..a597ac96c15 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-cli @@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/cli scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 dependency-check-${project.version} diff --git a/core/pom.xml b/core/pom.xml index fedbae3ff20..d2cf8d2cfd5 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-core @@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/core scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 diff --git a/maven/pom.xml b/maven/pom.xml index aece925b8a0..42ec64c12e7 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-maven maven-plugin @@ -35,7 +35,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/master/maven scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 3.1.0 diff --git a/pom.xml b/pom.xml index 5cfef3edf5c..399017c7605 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT pom @@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck scm:git:https://github.com/jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 github @@ -112,7 +112,7 @@ Copyright (c) 2012 - Jeremy Long - 2024-03-31T11:36:08Z + 2024-03-31T11:36:57Z UTF-8 UTF-8 github diff --git a/utils/pom.xml b/utils/pom.xml index 70ae95d7c56..9e98af9716c 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 9.1.0 + 9.1.1-SNAPSHOT dependency-check-utils @@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. scm:git:https://github.com/jeremylong/DependencyCheck.git https://github.com/jeremylong/DependencyCheck/tree/main/utils scm:git:git@github.com:jeremylong/DependencyCheck.git - v9.1.0 + v6.4.1 org.owasp.dependencycheck.utils.* From f90db71947f5f43e9c24706bc9573505da3a6ed0 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 31 Mar 2024 07:39:24 -0400 Subject: [PATCH 4/4] docs: Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07fcb995a51..44a5245fa73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ - build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362) - build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506) +See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/81?closed=1). + ## [Version 9.0.10](https://github.com/jeremylong/DependencyCheck/releases/tag/v9.0.10) (2024-03-15) - fix: #4321 Suppress redis server CVEs for client libraries (#4321) (#6489)