build(deps): bump org.owasp:dependency-check-maven from 10.0.1 to 10.0.2

[dependabot]

Bumps org.owasp:dependency-check-maven from 10.0.1 to 10.0.2.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 10.0.2

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 10.0.2 (2024-07-06)

Mandatory Upgrade - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients.

• build(deps): bump open-vulnerability-clients (#6810)
• fix(db): #6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (#6807)
• docs: Further improve formatting and docs of H2 database caching strats (#6804)
• fix: update_vulnerability in dbStatements_oracle.properties (#6803)
• fix: fix NPE (#6778)
• fix: add hint to resolve false negative (#6802)
• chore: update configure (#6794)

See the full listing of changes.

Commits

• b7b030c build: prepare release v10.0.2
• f22ebf1 docs: mandatory upgrade notice
• bcbbe1c docs: release 10.0.2
• 1b3398d build(deps): bump open-vulnerability-clients (#6810)
• 06e39fc fix(db): #6788 removing redundant db index "idxVulnerability" on "vulnerabili...
• 4926cd2 build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.0...
• 3bfb398 docs: Further improve formatting and docs of H2 database caching strats (#6804)
• 51f84ff fix: update_vulnerability in dbStatements_oracle.properties (#6803)
• 3f0ffa9 fix: fix NPE (#6778)
• 9fbb996 fix: add hint to resolve false negative (#6802)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 97b9473.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.owasp:dependency-check-maven	10.0.2	🟢 6.2	Details Check Score Reason Code-Review 🟢 3 Found 5/16 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 434 existing vulnerabilities detected
maven/org.owasp:dependency-check-maven	10.0.1	🟢 6.2	Details Check Score Reason Code-Review 🟢 3 Found 5/16 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 434 existing vulnerabilities detected

Scanned Manifest Files

parent-pom/pom.xml

• org.owasp:[email protected]
• org.owasp:[email protected]

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud