Sourced from org.owasp:dependency-check-maven's releases.

Version 11.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Sourced from org.owasp:dependency-check-maven's changelog.

Version 11.0.0 (2024-10-21)

• breaking change: Switch from JMockit to Mockito & build target to Java 11 (#6922)
  • dependency-check now requires a minimum of Java 11.0 to run
• breaking change: bump com.h2database:h2 from 2.1.214 to 2.3.232 (#6132)
  • H2 databases generated with an older version of ODC will not work with ODC 11.0.0; a new H2 db must be generated
• feat: Replace old Downloader by an Apache HTTPClient based downloader
• feat: Use Apache HTTPClient for downloads of public resources (#6949)
• feat: Also make NodeAuditSearch usr our HTTPClient based connections
• feat: Also make OSSIndexAnalyzer use our HTTPClient based connections
• feat: Migrate CentralSearch to use Apache HTTP-client via Downloader
• feat: Extend apache HTTP-client usage to EngineVersionCheck
• feat: Remove the need to specify dbDriver for external databases using JDBCv4 ServiceLoader supporting JDBC drivers (#6938)
• fix: use latest generated suppressions (#7064)
• fix: Fixup parameter sequence for Dowloader credentials (#7033)
• fix: Fixup the missing addition of NVD API Datafeed credentials (if configured)
• fix: Fixup broken proxy authentication in first attempt; extend to include KEV downloads
• fix: store timestamps locally for local resources (#6936)
• build: Remove the animal-sniffer, propagate java version to plugin-archetype (#6950)
• build: Update Checkstyle configuration and Suppression DTD references (#6951)
• chore: Update test db schema (#7036)
• chore: remove old, unneeded database upgrade script
• docs: reformat javadoc (#7009)
• docs: Fixup javadoc warnings (#6995)
• chore: Replace use of several deprecated methods/classes by their successors (#6933)

See the full listing of changes.

• db79571 build: prepare release v11.0.0
• ab479cf docs: update release notes
• 2b36c82 fix: use latest generated suppressions (#7064)
• 30eb04e chore: Remove unnecessary mysql-connector suppressions (#7059)
• 26bd04c build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.8.5 to 4.8....
• bc1cc54 build(deps): bump org.apache.maven.plugins:maven-surefire-report-plugin from ...
• 3734db6 build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.3.1 to...
• b126e35 build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to ...
• 46f1c72 build(deps): bump org.apache.maven.plugins:maven-deploy-plugin
• d0d169e build(deps): bump org.apache.httpcomponents.client5:httpclient5
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)