3.6.0 (#168)

Co-authored-by: vemv <vemv@users.noreply.github.com>
rm-hull · Nov 16, 2023 · 49124d0 · 49124d0
1 parent e284167
commit 49124d0
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 20 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
@@ -48,8 +48,8 @@ body:
       label: Installation compliance
       description: 
       options:
-        - label: I have read again and made sure that I'm following **exactly** the instructions for my tool of choice ([Leiningen](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#leiningen), [Clojure CLI](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#clojure-cli), [Clojure CLI Tool](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#clojure-cli-tool)).
+        - label: I have read again and made sure that I'm following **exactly** the instructions for my tool of choice ([Leiningen](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#leiningen), [Clojure CLI](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#clojure-cli), [Clojure CLI Tool](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#clojure-cli-tool)).
           required: true
-        - label: I understand that false positives [can be skipped locally](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#configuration-options) and should be reported to [DependencyCheck](https://github.com/jeremylong/DependencyCheck).
+        - label: I understand that false positives [can be skipped locally](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#configuration-options) and should be reported to [DependencyCheck](https://github.com/jeremylong/DependencyCheck).
           required: false
 
diff --git a/.github/ISSUE_TEMPLATE/issue.yml b/.github/ISSUE_TEMPLATE/issue.yml
@@ -32,8 +32,8 @@ body:
       label: Installation compliance
       description: 
       options:
-        - label: I have read again and made sure that I'm following **exactly** the instructions for my tool of choice ([Leiningen](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#leiningen), [Clojure CLI](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#clojure-cli), [Clojure CLI Tool](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#clojure-cli-tool)).
+        - label: I have read again and made sure that I'm following **exactly** the instructions for my tool of choice ([Leiningen](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#leiningen), [Clojure CLI](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#clojure-cli), [Clojure CLI Tool](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#clojure-cli-tool)).
           required: true
-        - label: I understand that false positives [can be skipped locally](https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#configuration-options) and should be reported to [DependencyCheck](https://github.com/jeremylong/DependencyCheck).
+        - label: I understand that false positives [can be skipped locally](https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#configuration-options) and should be reported to [DependencyCheck](https://github.com/jeremylong/DependencyCheck).
           required: false
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Changes from 3.5.0 to 3.6.0
+
+* Update `dependency-check-core`.
+
 ## Changes from 3.4.0 to 3.5.0
 
 * Update `dependency-check-core`.

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 
 # Example usage:
 # copy a one-off Clojars token to your clipboard
-# GIT_TAG=v3.3.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
+# GIT_TAG=v3.6.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
 
 deploy: check-env
 	lein clean

diff --git a/README.md b/README.md
@@ -18,18 +18,18 @@ will be checked for known security vulnerabilities. `nvd-clojure` passes them to
 
 ### Installation and basic usage
 
-> _Please see also:_ [Avoiding classpath interference](https://github.com/rm-hull/nvd-clojure/blob/v3.5.0/FAQ.md#what-is-classpath-interference)
+> _Please see also:_ [Avoiding classpath interference](https://github.com/rm-hull/nvd-clojure/blob/v3.6.0/FAQ.md#what-is-classpath-interference)
 
 #### Leiningen
 
 <details>
 
-Please create a separate project consisting of `[nvd-clojure/nvd-clojure "3.5.0"]`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting of `[nvd-clojure/nvd-clojure "3.6.0"]`. Said project can be located inside the targeted repo's Git repository.
 
 ```clj
 (defproject nvd-helper "local"
   :description "nvd-clojure helper project"
-  :dependencies [[nvd-clojure "3.5.0"]
+  :dependencies [[nvd-clojure "3.6.0"]
                  [org.clojure/clojure "1.11.1"]]
   :jvm-opts ["-Dclojure.main.report=stderr"])
 ```
@@ -54,7 +54,7 @@ If you are using a multi-modules solution (e.g. `lein-monolith`), you should ens
 
 <details>
 
-Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "3.5.0"}`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "3.6.0"}`. Said project can be located inside the targeted repo's Git repository.
 
 Please do not add nvd-clojure as a dependency in the deps.edn of the project to be analysed.
 
@@ -155,7 +155,7 @@ dependency relationships are:
 dependencies, and suggest upgraded versions, and can optionally be configured
 to update the project file.
 
-(Note that that is only one of the multiple ways of remediating a given vulnerability, please see [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v3.5.0/FAQ.md#how-to-remediate-a-cve-is-it-a-good-idea-to-automate-remediation))
+(Note that that is only one of the multiple ways of remediating a given vulnerability, please see [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v3.6.0/FAQ.md#how-to-remediate-a-cve-is-it-a-good-idea-to-automate-remediation))
 
 ## Configuration
 
@@ -209,7 +209,7 @@ You can also set logging properties directly through Java system properties (the
 clojure -J-Dclojure.main.report=stderr -J-Dorg.slf4j.simpleLogger.log.org.apache.commons=error -Tnvd nvd.task/check # ...
 ```
 
-## [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v3.5.0/FAQ.md)
+## [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v3.6.0/FAQ.md)
 
 ## Attribution
 

diff --git a/deps.edn b/deps.edn
@@ -4,7 +4,7 @@
         clansi/clansi {:mvn/version "1.0.0"}
         org.clojure/data.json {:mvn/version "2.4.0"}
         org.slf4j/slf4j-simple {:mvn/version "2.0.9"}
-        org.owasp/dependency-check-core {:mvn/version "8.4.2"}
+        org.owasp/dependency-check-core {:mvn/version "8.4.3"}
         rm-hull/table {:mvn/version "0.7.1"}
         trptcolin/versioneer {:mvn/version "0.2.0"}}
  :mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"}

diff --git a/project.clj b/project.clj
@@ -1,4 +1,4 @@
-(defproject nvd-clojure "3.5.0"
+(defproject nvd-clojure "3.6.0"
   :description "National Vulnerability Database dependency checker"
   :url "https://github.com/rm-hull/nvd-clojure"
   :license {:name "The MIT License (MIT)"
@@ -7,19 +7,19 @@
                  [clansi "1.0.0"]
                  [org.clojure/data.json "2.4.0"]
                  [org.slf4j/slf4j-simple "2.0.9"]
-                 [org.owasp/dependency-check-core "8.4.2"]
+                 [org.owasp/dependency-check-core "8.4.3"]
                  [rm-hull/table "0.7.1"]
                  [trptcolin/versioneer "0.2.0"]
                  ;; Explicitly depend on a certain Jackson, consistently.
                  ;; (See also: https://github.com/jeremylong/DependencyCheck/issues/3441)
-                 [com.fasterxml.jackson.core/jackson-databind "2.15.3"]
-                 [com.fasterxml.jackson.core/jackson-annotations "2.15.3"]
-                 [com.fasterxml.jackson.core/jackson-core "2.15.3"]
-                 [com.fasterxml.jackson.module/jackson-module-afterburner "2.15.3"]
+                 [com.fasterxml.jackson.core/jackson-databind "2.16.0"]
+                 [com.fasterxml.jackson.core/jackson-annotations "2.16.0"]
+                 [com.fasterxml.jackson.core/jackson-core "2.16.0"]
+                 [com.fasterxml.jackson.module/jackson-module-afterburner "2.16.0"]
                  [org.apache.maven.resolver/maven-resolver-transport-http "1.9.16" #_"Fixes a CVE"]
                  [org.yaml/snakeyaml "2.2" #_"Fixes a CVE"]
                  [org.apache.maven/maven-core "3.9.5" #_"Fixes a CVE"]
-                 [org.eclipse.jetty/jetty-client "12.0.2" #_"Fixes a CVE" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-client "12.0.3" #_"Fixes a CVE" :exclusions [org.slf4j/slf4j-api]]
                  [org.apache.maven.resolver/maven-resolver-spi "1.9.16" #_"Satisfies :pedantic?"]
                  [org.apache.maven.resolver/maven-resolver-api "1.9.16" #_"Satisfies :pedantic?"]
                  [org.apache.maven.resolver/maven-resolver-util "1.9.16" #_"Satisfies :pedantic?"]

diff --git a/resources/nvd_clojure/default_config_content.edn b/resources/nvd_clojure/default_config_content.edn
@@ -6,7 +6,7 @@
 
 ;; Feel free to tweak it, version-control it and remove any comment.
 
-;; Configuration reference: https://github.com/rm-hull/nvd-clojure/tree/v3.5.0#configuration-options
+;; Configuration reference: https://github.com/rm-hull/nvd-clojure/tree/v3.6.0#configuration-options
 
 {;; You can use the `:suppression-file` in order to silence false positives.
  ;; This file will be automatically created, with whatever filename is specified here, if it didn't exist already.