Bump org.owasp:dependency-check-core from 8.3.1 to 8.4.3

[dependabot]

Bumps org.owasp:dependency-check-core from 8.3.1 to 8.4.3.

Release notes

Sourced from org.owasp:dependency-check-core's releases.

Version 8.4.3

• fix: bump jcs3 (#6047)
• docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

Version 8.4.2

• fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1

• fix: upgrade to JCS3 (#5114)
• fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
• fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
• fix: Do not filter out evidences added by hints (#5900)
• fix: fixes FP #5925 (#5927)

See the full listing of changes.

Version 8.4.0

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

Changelog

Sourced from org.owasp:dependency-check-core's changelog.

Version 8.4.3 (2023-11-15)

• fix: bump jcs3 (#6047)
• docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

Version 8.4.2 (2023-10-22)

• fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1 (2023-10-21)

Fixed

• fix: upgrade to JCS3 (#5114)
• fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
• fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
• fix: Do not filter out evidences added by hints (#5900)
• fix: fixes FP #5925 (#5927)

See the full listing of changes.

Version 8.4.0 (2023-08-19)

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

See the full listing of changes.

Commits

• 3406274 build: prepare release v8.4.3
• 7b19383 docs: prepare 8.4.3
• 45dc137 build(deps): bump org.apache.maven.plugins:maven-surefire-report-plugin from ...
• 3877317 build(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (#6...
• 7a45227 build: remove failing action (#6049)
• 1ff8a54 fix: bump jcs3 (#6047)
• 6165b43 build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 t...
• 7d987bf build(deps): bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 (#6024)
• da4796f docs: Corrected docs on hostedSuppressions (#6035)
• ab31be9 build(deps): bump org.apache.commons:commons-dbcp2 from 2.10.0 to 2.11.0 (#6022)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)