Update dependency org.owasp:dependency-check-maven to v11

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.owasp:dependency-check-maven (source)	9.2.0 -> 11.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

jeremylong/DependencyCheck (org.owasp:dependency-check-maven)

v11.0.0

Compare Source

• breaking change: Switch from JMockit to Mockito & build target to Java 11 (#​6922)
  • dependency-check now requires a minimum of Java 11.0 to run
• breaking change: bump com.h2database:h2 from 2.1.214 to 2.3.232 (#​6132)
  • H2 databases generated with an older version of ODC will not work with ODC 11.0.0; a new H2 db must be generated
• breaking change: Maven plugin updated to Doxia 2.x reporting stack
  • Users of the Maven plugin that configure it as a reporting plugin will need to use maven-site-plugin 3.20.0 or later (#​6959)
• feat: Replace old Downloader by an Apache HTTPClient based downloader
• feat: Use Apache HTTPClient for downloads of public resources (#​6949)
• feat: Also make NodeAuditSearch usr our HTTPClient based connections
• feat: Also make OSSIndexAnalyzer use our HTTPClient based connections
• feat: Migrate CentralSearch to use Apache HTTP-client via Downloader
• feat: Extend apache HTTP-client usage to EngineVersionCheck
• feat: Remove the need to specify dbDriver for external databases using JDBCv4 ServiceLoader supporting JDBC drivers (#​6938)
• fix: use latest generated suppressions (#​7064)
• fix: Fixup parameter sequence for Dowloader credentials (#​7033)
• fix: Fixup the missing addition of NVD API Datafeed credentials (if configured)
• fix: Fixup broken proxy authentication in first attempt; extend to include KEV downloads
• fix: store timestamps locally for local resources (#​6936)
• build: Remove the animal-sniffer, propagate java version to plugin-archetype (#​6950)
• build: Update Checkstyle configuration and Suppression DTD references (#​6951)
• chore: Update test db schema (#​7036)
• chore: remove old, unneeded database upgrade script
• docs: reformat javadoc (#​7009)
• docs: Fixup javadoc warnings (#​6995)
• chore: Replace use of several deprecated methods/classes by their successors (#​6933)

See the full listing of changes.

v10.0.4

Compare Source

• build(deps): exclude unused dependency (#​6916)
• fix: improve regex (#​6917)
• fix: correctly handle null values in cpeMatch (#​6915)
• fix(site): Update Fluido skin to resolve broken fork-me-on-github image (#​6914)
• fix: do not report over 100% download complete (#​6899)
• fix: Correct spelling of occurring in NvdApiDataSource.java (#​6883)
• fix: skip blank lines in requirements.txt (#​6867)
• fix: correct percentage calculation (#​6868)
• docs: remove old recommendation (#​6860)

See the full listing of changes.

v10.0.3

Compare Source

• feat: Enable configuration of a lower resultsPerPage on NVD API (#​6843)
• build(deps): bump open-vulnerability-clients from 6.1.6 to 6.1.7 (#​6848)
• build(deps): bump JamesIves/github-pages-deploy-action from 4.6.1 to 4.6.3 (#​6814)
• build(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.0 (#​6762)
• build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 (#​6815)
• build(deps): bump golang from 1.22.4-alpine to 1.22.5-alpine (#​6805)

See the full listing of changes.

v10.0.2

Compare Source

Mandatory Upgrade - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients.

• build(deps): bump open-vulnerability-clients (#​6810)
• fix(db): #​6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (#​6807)
• docs: Further improve formatting and docs of H2 database caching strats (#​6804)
• fix: update_vulnerability in dbStatements_oracle.properties (#​6803)
• fix: fix NPE (#​6778)
• fix: add hint to resolve false negative (#​6802)
• chore: update configure (#​6794)

See the full listing of changes.

v10.0.1

Compare Source

• build(deps): bump open-vulnerability-client (#​6772)
• fix: remove debug logging (#​6770)
• fix: postgresql column count error (#​6773)
• fix: mssql column name and version (#​6761)
• docs: update supported versions (#​6771)

See the full listing of changes.

v10.0.0

Compare Source

• breaking change: upgrade to dotnet 8.0 (#​6580)
  • Users of the AssemblyAnalyzer must upgrade/utilize dotnet 8 to analyze assemblies
• feat: fix the NVD API related errors by adding cvssV4 support (#​6756)
  • breaking changes: anyone utilizing a centralized database will need to upgrade the schema; see changes in PR #​6756
• fix: avoid escaping unnecessary chars in HTML report suppression regexes (#​6749)
• fix: #​6688 Trim version number when parsin POM (#​6705)
• fix: change request if lockfile is file v3 (#​6690)
• fix: skip pyproject.toml unless it contains tool.poetry before ensuring lockfiles (#​6681)

See the full listing of changes.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[yegor256]

@rultor please, try to merge, since 14 checks have passed

[rultor]

@rultor please, try to merge, since 14 checks have passed

@yegor256 OK, I'll try to merge now. You can check the progress of the merge here.

[rultor]

@rultor please, try to merge, since 14 checks have passed

@yegor256 Done! FYI, the full log is here (took me 9min).