Bump dependency-check-maven from 3.0.2 to 3.3.1

[dependabot-preview]

Bumps dependency-check-maven from 3.0.2 to 3.3.1.

Changelog

Sourced from dependency-check-maven's changelog.

Version 3.3.1 (2018-08-06)

Bug Fixes

• Fixed error handling with regard to invalid manifest files contained within JAR files; see #1024.
• Fixed parsing of pom.xml files, in some cases a SAX Exception would be thrown; see #1400.
• Fixed bug that caused dependency-check to crash if the temporary directory and data directory were on different drives; see #1394.
• Fixed bug in dependency-check-maven where an aggregate analysis did not scan all files defined in the ScanSet; see #1421.
• Fixed NPE in dependency-check-gradle that occurred when artifacts where included using implementation files("./lib/some.jar"); see #91.

Enhancements

• An Nuget Packages.config Analyzer was added; see #1412.

Version 3.3.0 (2018-07-22)

Bug Fixes

• The dependency-check-gradle plugin can now analyze multi-project android builds. See [PR #09](https://github-redirect.dependabot.com/jeremylong/dependency-check-gradle/pull/90) for more information.
• In some cases extremely large project may cause dependency-check to fail due to the analysis time. Previously, the analysis was capped at 10 minutes; the timeout was increased to 20 minutes and made configurable if this continues to be an issue for some users. See [issue #936](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/936) for more information.
• Some pom.xml files could not be analyzed because they contained a doctype definition. The parser has been enhanced to strip the doctype definitions.
• Fixed issue where, in some cases, temporary files were not correctly cleaned up in Jenkins and gradle builds.
• Fixed issue where, in some cases, files were retrieved from Maven Central using HTTP instead of HTTPS. See [issue #1325](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1325) for more information.
  • Additionally, a retry count was added when attempting to download pom.xml files during analysis.
• Fixed issue where nodejs dependencies were not correctly analyzed. See [issue #1355](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1355) for more information.
• Fixed issue where the CWE was not written to the CSV report.
• In addition, general bug fixes, code cleanup, and false positive/negatives updates were made.

Enhancements

• An Artifactory Analyzer was added that can be used to in-place of the Central Analyzer for organizations that use Artifactory.
  • Note, for maven and gradle builds the Artifactory analyzer will not improve the analysis. The information gained by using the Central, Artifactory, or Nexus Analyzers is already obtained from the build system.
• An experimental Retire JS analyzer has been added to analyze client side JavaScript.
  • This utilizes information from the RetireJS repo on github. If you have a proxy that prevents access you will either need to have access granted to https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json or host the file internally, update the environment variable analyzer.retirejs.repo.js.ur, and periodically update the file.
  • This analyzer is considered experimental, but the team expects this to be promoted quickly.
• NuGet dependencies contained in MSBuild files are now included in the scan. See [Issue #1131](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/issues/1131) for more details.
• Cocoapod's Podfile.lock is now analyzed when present. See [PR #1324](https://github-redirect.dependabot.com/jeremylong/DependencyCheck/pull/1324) for more information.

Version 3.2.1 (2018-05-28)

Bug Fixes

• In some cases when using the Maven or Gradle plugins the GAV coordinates were not being added as an Identifier causing suppression rules to fail; this has been resolved (#1298)
• Documentation Update (SCM links in the maven site were broken) (#1297)
• False positive reduction (#1290)
• Enhanced logging output for TLS failures to better assist with debugging (#1269)
• Resolved a Null Pointer Exception (#1296)

... (truncated)

Commits

• b428d7b v3.3.1
• 51e39e2 checkstyle correction
• d85e780 Merge pull request #1422 from jeremylong/fixAggregateScanSet
• 4ae2374 assignment is never used
• ffd6051 Merge pull request #1419 from MrBerg/patch-1
• a0c6b11 assignment is never used
• bbab5da remove todo
• 9e6c9f6 patch and test for #1421
• d0581d1 Merge branch 'master' into fixAggregateScanSet
• dbb97e4 replace accidentally removed file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[mystamps-bot]

	2 Warnings
⚠️	danger check: pull request description doesn’t contain a link to original issue. Consider adding a comment in the following format: Addressed to #XXX where XXX is an issue number
⚠️	danger check: branch dependabot/maven/org.owasp-dependency-check-maven-3.3.1 does not comply with our best practices. Branch name should use the following scheme: ghXXX_meaningful-name where XXX is an issue number. Next time, please, use this scheme :)

Generated by 🚫 Danger

[codecov]

Codecov Report

Merging #937 into master will increase coverage by 0.07%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master     #937      +/-   ##
============================================
+ Coverage      75.6%   75.68%   +0.07%     
- Complexity      403      404       +1     
============================================
  Files            28       28              
  Lines          1275     1275              
  Branches        162      162              
============================================
+ Hits            964      965       +1     
  Misses          288      288              
+ Partials         23       22       -1

Impacted Files	Coverage Δ	Complexity Δ
.../mystamps/web/service/SeriesImportServiceImpl.java	96.77% <0%> (+1.07%)	29% <0%> (+1%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e08783b...40dfbd0. Read the comment docs.

[php-coder]

This plugin was removed in 22945ee (#799)