From 1d200bd8ec57a5bc0968e635de685ac4d48bdf0f Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Thu, 23 Dec 2021 06:09:51 -0500 Subject: [PATCH 1/4] fix pnpm CLI arg --- cli/src/main/java/org/owasp/dependencycheck/CliParser.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java index 2bf712bcfd0..26c0197da3d 100644 --- a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java +++ b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java @@ -386,6 +386,8 @@ private void addAdvancedOptions(final Options options) { "The path to the `go` executable.")) .addOption(newOptionWithArg(ARGUMENT.PATH_TO_YARN, "path", "The path to the `yarn` executable.")) + .addOption(newOptionWithArg(ARGUMENT.PATH_TO_PNPM, "path", + "The path to the `pnpm` executable.")) .addOption(newOptionWithArg(ARGUMENT.CVE_VALID_FOR_HOURS, "hours", "The number of hours to wait before checking for new updates from the NVD.")) .addOption(newOptionWithArg(ARGUMENT.CVE_START_YEAR, "year", From b07da1bb070deed95497365a51d4587da5fff9e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Dec 2021 01:01:41 +0000 Subject: [PATCH 2/4] Bump logback.version from 1.2.9 to 1.2.10 Bumps `logback.version` from 1.2.9 to 1.2.10. Updates `logback-core` from 1.2.9 to 1.2.10 Updates `logback-classic` from 1.2.9 to 1.2.10 --- updated-dependencies: - dependency-name: ch.qos.logback:logback-core dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fa73f98e7e2..7048b69ee10 100644 --- a/pom.xml +++ b/pom.xml @@ -120,7 +120,7 @@ Copyright (c) 2012 - Jeremy Long 8.11.1 1.10.12 1.7.32 - 1.2.9 + 1.2.10 3.1.0 3.1.2 From e66a1bd056243b300f4f1cf57a7e71a8d9be3880 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Dec 2021 01:02:24 +0000 Subject: [PATCH 3/4] Bump checkstyle from 9.2 to 9.2.1 Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 9.2 to 9.2.1. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-9.2...checkstyle-9.2.1) --- updated-dependencies: - dependency-name: com.puppycrawl.tools:checkstyle dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7048b69ee10..bd8a933ea7e 100644 --- a/pom.xml +++ b/pom.xml @@ -124,7 +124,7 @@ Copyright (c) 2012 - Jeremy Long 3.1.0 3.1.2 - 9.2 + 9.2.1 1.9.1 3.0.0 3.2.0 From 242df3c561016e0b7bfa140d16e4b33bcaaba17e Mon Sep 17 00:00:00 2001 From: "Arend v. Reinersdorff" Date: Tue, 28 Dec 2021 13:47:05 +0100 Subject: [PATCH 4/4] Suppress false positive for vorbis-java-tika Fixes #3918 --- core/src/main/resources/dependencycheck-base-suppression.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/src/main/resources/dependencycheck-base-suppression.xml b/core/src/main/resources/dependencycheck-base-suppression.xml index 5c81c4fd869..d88b733720c 100644 --- a/core/src/main/resources/dependencycheck-base-suppression.xml +++ b/core/src/main/resources/dependencycheck-base-suppression.xml @@ -1867,10 +1867,11 @@ ^pkg:maven/org\.gagravarr/vorbis\-java\-tika@.*$ cpe:/a:apache:tika + cpe:/a:flac_project:flac