Merge branch 'main' into dependabot/maven/slf4j.version-2.0.17

Author: nhumblot

.gitattributes

@@ -1,8 +1,13 @@
 *.html linguist-documentation
-(^|/)site/) linguist-documentation
-src/test/resources/* linguist-vendored
-cli/src/test/resources/* linguist-vendored
-core/src/test/resources/* linguist-vendored
-maven/src/test/resources/* linguist-vendored
-ant/src/test/resources/* linguist-vendored
-utils/src/test/resources/* linguist-vendored
+src/site/** linguist-documentation
+cli/src/site/** linguist-documentation
+core/src/site/** linguist-documentation
+maven/src/site/** linguist-documentation
+ant/src/site/** linguist-documentation
+utils/src/site/** linguist-documentation
+src/test/resources/** linguist-vendored
+cli/src/test/resources/** linguist-vendored
+core/src/test/resources/** linguist-vendored
+maven/src/test/resources/** linguist-vendored
+ant/src/test/resources/** linguist-vendored
+utils/src/test/resources/** linguist-vendored

.github/workflows/build.yml

@@ -74,14 +74,14 @@ jobs:
       - name: Archive IT test logs
         id: archive-logs
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: it-test-logs
           retention-days: 7
           path: maven/target/it/**/build.log
       - name: Archive code coverage results
         id: archive-coverage
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: code-coverage-report
           retention-days: 7
@@ -90,7 +90,7 @@ jobs:
             **/target/jacoco-results/**/*.html
       - name: Archive Snapshot
         id: archive-snapshot
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: archive-snapshot
           retention-days: 7
@@ -107,7 +107,7 @@ jobs:
 #    needs: build
 #    steps:
 #      - name: Download coverage reports
-#        uses: actions/download-artifact@v5
+#        uses: actions/download-artifact@v6
 #        with:
 #          name: code-coverage-report
 #      - name: Run codacy-coverage-reporter
@@ -138,7 +138,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Download release build
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: archive-snapshot
       - name: Set up Docker

.github/workflows/false-positive-approvals.yml

@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v5
         with:
           ref: generatedSuppressions
-      - uses: actions/setup-node@v5.0.0
+      - uses: actions/setup-node@v6.0.0
       - run: |
           npm install [email protected]
           npm install fs

.github/workflows/false-positive-ops.yml

@@ -41,7 +41,7 @@ jobs:
         with:
           issue-body: ${{ github.event.issue.body }}
           template-path: odc/.github/ISSUE_TEMPLATE/false-positive-report.yml
-      - uses: actions/setup-node@v5.0.0
+      - uses: actions/setup-node@v6.0.0
         with:
           node-version: 14
       - name: Initialize npm
@@ -144,7 +144,7 @@ jobs:
             --ossIndexPassword ${{ secrets.OSS_INDEX_API_TOKEN }}
       - name: Upload FP Report
         if: steps.check_files.outputs.files_exists == 'true'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
            name: FP Report
            path: ${{github.workspace}}/reports

.github/workflows/publish-suppressions.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v5
         with:
           ref: generatedSuppressions
-      - uses: actions/setup-node@v5.0.0
+      - uses: actions/setup-node@v6.0.0
       - run: |
           npm install fs
       - name: Create Generated Suppressions XML

.github/workflows/pull_requests.yml

@@ -66,7 +66,7 @@ jobs:
           category: spotbugs-core
       - name: Archive Snapshot
         id: archive-snapshot
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: archive-snapshot
           retention-days: 1
@@ -114,7 +114,7 @@ jobs:
       - name: Archive IT test logs
         id: archive-logs
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: it-test-logs
           retention-days: 7
@@ -176,7 +176,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Download release build
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: archive-snapshot
       - name: Set up Docker

.github/workflows/release.yml

@@ -80,7 +80,7 @@ jobs:
           mvn -V -s settings.xml -Prelease clean package source:jar javadoc:jar gpg:sign deploy site site:stage -DreleaseTesting --no-transfer-progress --batch-mode
       - name: Archive code coverage results
         id: archive-coverage
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: code-coverage-report
           retention-days: 7
@@ -89,7 +89,7 @@ jobs:
             **/target/jacoco-results/**/*.html
       - name: Archive Release
         id: archive-release
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: archive-release
           retention-days: 7
@@ -102,7 +102,7 @@ jobs:
             target/*.buildinfo
       - name: Archive Site
         id: archive-site
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: archive-site
           retention-days: 7
@@ -114,7 +114,7 @@ jobs:
 #    needs: build
 #    steps:
 #      - name: Download coverage reports
-#        uses: actions/download-artifact@v5
+#        uses: actions/download-artifact@v6
 #        with:
 #          name: code-coverage-report
 #      - name: Run codacy-coverage-reporter
@@ -146,7 +146,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
       - name: Download release build
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: archive-release
       - name: Set up Docker
@@ -185,7 +185,7 @@ jobs:
           VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout )
           echo "VERSION=$VERSION" >> $GITHUB_ENV
       - name: Download release build
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: archive-release
       - name: Create Release
@@ -260,7 +260,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
       - name: Download Site
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: archive-site
           path: target/staging

core/src/main/java/org/owasp/dependencycheck/data/cpe/AbstractMemoryIndex.java

@@ -39,7 +39,6 @@
 import org.apache.lucene.index.IndexWriterConfig;
 import org.apache.lucene.queryparser.classic.ParseException;
 import org.apache.lucene.queryparser.classic.QueryParser;
-import org.apache.lucene.search.BooleanQuery;
 import org.apache.lucene.search.IndexSearcher;
 import org.apache.lucene.search.Query;
 import org.apache.lucene.search.TopDocs;
@@ -282,15 +281,15 @@ public synchronized Query parseQuery(String searchString) throws ParseException,
         Query query;
         try {
             query = queryParser.parse(searchString);
-        } catch (BooleanQuery.TooManyClauses ex) {
-            BooleanQuery.setMaxClauseCount(Integer.MAX_VALUE);
+        } catch (IndexSearcher.TooManyClauses ex) {
+            IndexSearcher.setMaxClauseCount(Integer.MAX_VALUE);
             query = queryParser.parse(searchString);
         } catch (ParseException ex) {
             if (ex.getMessage() != null && ex.getMessage().contains("too many boolean clauses")) {
-                BooleanQuery.setMaxClauseCount(Integer.MAX_VALUE);
+                IndexSearcher.setMaxClauseCount(Integer.MAX_VALUE);
                 query = queryParser.parse(searchString);
             } else {
-                LOGGER.debug("Parse Excepction", ex);
+                LOGGER.debug("Parse Exception", ex);
                 throw ex;
             }
         }
@@ -325,7 +324,7 @@ public synchronized TopDocs search(Query query, int maxQueryResults) throws Corr
      */
     @Override
     public synchronized Document getDocument(int documentId) throws IOException {
-        return indexSearcher.doc(documentId);
+        return indexSearcher.storedFields().document(documentId);
     }
 
     /**

core/src/main/java/org/owasp/dependencycheck/dependency/VulnerableSoftware.java

@@ -157,10 +157,10 @@ public int hashCode() {
         // ideally different for each class
         return new HashCodeBuilder(13, 59)
                 .appendSuper(super.hashCode())
-                .append(versionEndExcluding)
-                .append(versionEndIncluding)
-                .append(versionStartExcluding)
-                .append(versionStartIncluding)
+                .append(normalizeForComparison(versionEndExcluding))
+                .append(normalizeForComparison(versionEndIncluding))
+                .append(normalizeForComparison(versionStartExcluding))
+                .append(normalizeForComparison(versionStartIncluding))
                 .toHashCode();
     }
 
@@ -175,10 +175,10 @@ public boolean equals(Object obj) {
         final VulnerableSoftware rhs = (VulnerableSoftware) obj;
         return new EqualsBuilder()
                 .appendSuper(super.equals(obj))
-                .append(versionEndExcluding, rhs.versionEndExcluding)
-                .append(versionEndIncluding, rhs.versionEndIncluding)
-                .append(versionStartExcluding, rhs.versionStartExcluding)
-                .append(versionStartIncluding, rhs.versionStartIncluding)
+                .append(normalizeForComparison(versionEndExcluding), normalizeForComparison(rhs.versionEndExcluding))
+                .append(normalizeForComparison(versionEndIncluding), normalizeForComparison(rhs.versionEndIncluding))
+                .append(normalizeForComparison(versionStartExcluding), normalizeForComparison(rhs.versionStartExcluding))
+                .append(normalizeForComparison(versionStartIncluding), normalizeForComparison(rhs.versionStartIncluding))
                 .isEquals();
     }