fix: use client 9.0.2, remove delay, etc.

jeremylong · jeremylong · commit fccccd4d8f5e · 2025-11-18T14:42:37.000-05:00
diff --git a/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java b/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java
@@ -315,13 +315,11 @@ private boolean processApi() throws UpdateException {
         if (key != null) {
             //using a higher delay as the system may not be able to process these faster.
             builder.withApiKey(key)
-                    .withDelay(5000)
                     .withrequestsPerThirtySeconds(settings.getInt(Settings.KEYS.NVD_API_REQUESTS_PER_30_SECONDS_WITH_API_KEY, 50));
         } else {
             LOGGER.warn("An NVD API Key was not provided - it is highly recommended to use "
                     + "an NVD API key as the update can take a VERY long time without an API Key");
-            builder.withDelay(10000)
-                    .withrequestsPerThirtySeconds(settings.getInt(Settings.KEYS.NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY, 5));
+            builder.withrequestsPerThirtySeconds(settings.getInt(Settings.KEYS.NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY, 5));
         }
 
         final int resultsPerPage = Math.min(settings.getInt(Settings.KEYS.NVD_API_RESULTS_PER_PAGE, RESULTS_PER_PAGE), RESULTS_PER_PAGE);
diff --git a/core/src/main/resources/dependencycheck.properties b/core/src/main/resources/dependencycheck.properties
@@ -56,8 +56,12 @@ nvd.api.check.validforhours=4
 nvd.api.datafeed.validfordays=7
 nvd.api.max.retry.count=30
 nvd.api.delay=0
+
+# these are the default NVD API request limits - these can be set lower,
+# but the client used will not let you exceed these values
 nvd.api.requestsperthirtysecondswithoutapikey=5
 nvd.api.requestsperthirtysecondswithapikey=50
+
 #nvd.api.datafeed.url=https://example.com/nvd-cache/
 #nvd.api.datafeed.user=
 #nvd.api.datafeed.password=
diff --git a/pom.xml b/pom.xml
@@ -924,7 +924,7 @@ Copyright (c) 2012 - Jeremy Long
             <dependency>
                 <groupId>io.github.jeremylong</groupId>
                 <artifactId>open-vulnerability-clients</artifactId>
-                <version>9.0.1</version>
+                <version>9.0.2</version>
             </dependency>
             <dependency>
                 <groupId>org.anarres.jdiagnostics</groupId>
