Bump org.owasp:dependency-check-maven from 10.0.4 to 11.1.0

[dependabot]

Bumps org.owasp:dependency-check-maven from 10.0.4 to 11.1.0.

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 11.1.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 11.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 11.1.0 (2024-10-30)

• feat: PHP Composer Analyzer now scans packages-dev by default (#7114)
  • Users can configure if packages-dev should be skipped
• fix(regression): re-add h2 database driver name (#7115)
• fix(regression): Make the Downloader honour the proxy.nonproxyhosts ODC Setting (#7077)
• fix: do not set legacy proxy from maven or env (#7072) (#7074)
• docs: add missing documentation for the MS Build Analyzer (#7113)
• docs: Document the breaking change for Maven plugin as reporting plugin (#7079)

See the full listing of changes.

Version 11.0.0 (2024-10-21)

• breaking change: Switch from JMockit to Mockito & build target to Java 11 (#6922)
  • dependency-check now requires a minimum of Java 11.0 to run
• breaking change: bump com.h2database:h2 from 2.1.214 to 2.3.232 (#6132)
  • H2 databases generated with an older version of ODC will not work with ODC 11.0.0; a new H2 db must be generated
• breaking change: Maven plugin updated to Doxia 2.x reporting stack
  • Users of the Maven plugin that configure it as a reporting plugin will need to use maven-site-plugin 3.20.0 or later (#6959)
• feat: Replace old Downloader by an Apache HTTPClient based downloader
• feat: Use Apache HTTPClient for downloads of public resources (#6949)
• feat: Also make NodeAuditSearch usr our HTTPClient based connections
• feat: Also make OSSIndexAnalyzer use our HTTPClient based connections
• feat: Migrate CentralSearch to use Apache HTTP-client via Downloader
• feat: Extend apache HTTP-client usage to EngineVersionCheck
• feat: Remove the need to specify dbDriver for external databases using JDBCv4 ServiceLoader supporting JDBC drivers (#6938)
• fix: use latest generated suppressions (#7064)
• fix: Fixup parameter sequence for Dowloader credentials (#7033)
• fix: Fixup the missing addition of NVD API Datafeed credentials (if configured)
• fix: Fixup broken proxy authentication in first attempt; extend to include KEV downloads
• fix: store timestamps locally for local resources (#6936)
• build: Remove the animal-sniffer, propagate java version to plugin-archetype (#6950)
• build: Update Checkstyle configuration and Suppression DTD references (#6951)
• chore: Update test db schema (#7036)
• chore: remove old, unneeded database upgrade script
• docs: reformat javadoc (#7009)
• docs: Fixup javadoc warnings (#6995)
• chore: Replace use of several deprecated methods/classes by their successors (#6933)

See the full listing of changes.

Commits

• 91ba878 build: prepare release v11.1.0
• a610dbd build: bump minor semantic version number to 11.1.0
• f8505fb docs: update release notes
• 519707a fix: re-add h2 database driver name (#7115)
• 08d7657 feat: PHP Composer Analyzer Scans packages-dev by default (#7114)
• 910570d docs: add missing documentation for the MS Build Analyzer (#7113)
• 4c2fcef build(deps): bump jackson.version from 2.18.0 to 2.18.1 (#7111)
• 5f3061d build(deps): bump io.github.jeremylong:open-vulnerability-clients from 7.0.0 ...
• 116a63f fix(regression): Make the Downloader honour the proxy.nonproxyhosts ODC Setti...
• c87d3cf docs: Document the breaking change for Maven plugin as reporting plugin (#7079)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.