chore(deps): update dependency org.owasp:dependency-check-maven to v12.2.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.owasp:dependency-check-maven (source)	12.1.7 → 12.2.1

---

Release Notes

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.2.1

Compare Source

• build: improve GHA workflow experience for forks (#​8285)

• build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#​8292)

• chore: avoid use of parent pom and maven properties where unnecessary (#​8322)

• chore: bump java development to 25.0 (#​8365)

• chore: fix Charset warnings; preferring typed charsets (#​8326)

• chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#​8265)

• chore: pin GitHub actions to specific SHAs rather than mutable tags (#​8381)

• chore: remove unused properties and schemas (#​8378)

• docs: define schema locations in XML examples (#​8254)

• docs: document external data sources and hostnames (#​8219)

• docs: ensure OSS Index URL override is consistently documented (#​8338)

• docs: fix minor typo in README (#​8246)

• fix(core): correct xml schema validation handling without needing external access (#​8272)

• fix(deps): upgrade slf4j and logback (#​8306)

• fix(test): disable pnpm analyzer during test (#​8305)

• fix: Correct published/hosted suppressions namespace header and indent (#​8258)

• fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#​8248)

• fix: #​8140 AssemblyAnalyzer version resolution issue (#​8352)

• fix: #​8140 fix version resolution

• fix: #​8140 hint azure_identity_library_for_.net

• fix: #​8356 narrow down VersionFilterAnalyzer scope to JAR files (#​8358)

• fix: correct parsing for CVSSv4 strings with Provider Urgency (#​8377)

• fix: evidence source in Retire JS analyzer (#​8303)

• fix: exclude deprecations from Yarn Berry audit results (#​8380)

• fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#​8245)

• fix: improve configuration consistency (casing) (#​8355)

• fix: improve logging of unexpected Java Errors during processing of NVD (#​8250)

• fix: raw type warning in ProcessReader (#​8324)

• fix: suppress false positives for zabbix-utils #​8087 (#​8218)

• fix: update docs (#​8405)

• fix: warn if deprecated configs are used (#​8366)

• test: Make tests locale independent (#​8328)

• test: #​8140 reproduce current behavior

• test: avoid polluting test classpaths with sample dependencies to be scanned (#​8267)

• See the full listing of changes

v12.2.0

Compare Source

• feat: package and utilize generated suppression file (#​8116)

• feat: override pnpm audit registry parameter (#​8158)

• feat: support multiple cvssBelow thresholds per version (#​2563) (#​8024)

• feat: usage telemetry via scarf (#​8066)

• feat: add new suppression xsd allowing grouping of suppressions (#​7957)

• fix(ant): resolve relative paths against basedir (#​8202)

• fix: add hint for Elastic APM Java agent CPE mapping (#​8200)

• fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#​8205)

• fix(ant): resolve paths relative to basedir for suppression and output

• fix: correct XML/JSON report CVSS field & HTML report URL mappings (#​8156)

• fix: log GrokAssembly output when dotnet invocation fails (#​8141)

• fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#​8117)

• docs: Update & correct README (#​8166)

• docs: update suppression schema version (#​8136)

• docs: fix typos in some files (#​8135)

• chore: remove duplicate suppression rules from base that are in the generated branch (#​8138)

• chore: remove suppression rules that were deleted from the generatedSuppression branch (#​8119)

• build: transition dependency to org.eclipse.parsson groupId (#​8128)

• See the full listing of changes

v12.1.9

Compare Source

• fix: correct bundle audit gem in Dockerfile (#​8121)
• fix: normalization during comparisons (#​8046)
• docs: document multiple configurations for gradle (#​8111)
• docs: fix typos in some files (#​8106)
• docs: Update SBT plugin link; fix dead report link (#​8086)
• chore: Replace deprecated lucene methods (#​8079)
• docs: fix #​8076 - Error in documentation "Suppressing False Positives" (#​8077)
• fix(fp): Improve false positive suppression for matches against golang web_project (#​8059)
• fix(fp): Consolidate/update icu4j suppressions for false positives (#​8062)
• fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#​8063)
• fix(fp): Suppress false positive CPEs for protobuf-java per #​7854 (#​8064)

See the full listing of changes

v12.1.8

Compare Source

• fix: improve VulnerableSoftware comparison (#​8031)
• build: fix flaky central test (#​8039)
• docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#​8036)
• docs: add note about central analyzer for gradle (#​8038)

See the full listing of changes

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.