v9.0.4

What's Changed

• build(deps): bump com.diffplug.spotless from 8.2.0 to 8.2.1 by @dependabot[bot] in #89
• build(deps): bump jvm from 2.3.0 to 2.3.10 by @dependabot[bot] in #91
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 by @dependabot[bot] in #93
• build(deps): bump gradle-wrapper from 8.14.3 to 9.3.1 by @dependabot[bot] in #90
• build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #94
• build(deps): bump com.diffplug.spotless from 8.2.1 to 8.3.0 by @dependabot[bot] in #95
• build(deps): bump org.junit:junit-bom from 5.14.2 to 5.14.3 by @dependabot[bot] in #92
• fix: Correct parsing of Provider Urgency from CVSSv4 vector strings by @chadlwilson in #101
• build: test across Java versions while continuing to target Java 11 by @chadlwilson in #102
• fix: refactor CVSS vector string lookups for efficiency and correctness by @chadlwilson in #104
• build(deps): bump com.diffplug.spotless from 8.3.0 to 8.4.0 by @dependabot[bot] in #98
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 by @dependabot[bot] in #103
• build(deps): bump jvm from 2.3.10 to 2.3.20 by @dependabot[bot] in #97
• build(deps): bump gradle-wrapper from 9.3.1 to 9.4.1 by @dependabot[bot] in #99

Full Changelog: v9.0.3...v9.0.4

v9.0.3

What's Changed

• fix: Ensure async clients use a thread factory that SLF4J-logs on uncaught Errors by @chadlwilson in #82
• docs: spotless apply to update copyright by @jeremylong in #81
• build(deps): bump com.github.spotbugs from 6.4.5 to 6.4.7 by @dependabot[bot] in #72
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #70
• build(deps): bump com.diffplug.spotless from 8.0.0 to 8.1.0 by @dependabot[bot] in #69
• build(deps): bump com.github.spotbugs from 6.4.7 to 6.4.8 by @dependabot[bot] in #73
• build(deps): bump org.junit:junit-bom from 5.13.4 to 5.14.1 by @dependabot[bot] in #68
• build(deps): bump jvm from 2.2.21 to 2.3.0 by @dependabot[bot] in #75
• build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #74
• build(deps): bump com.gradleup.nmcp from 1.2.0 to 1.4.0 by @dependabot[bot] in #78
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6 by @dependabot[bot] in #77
• build(deps): bump org.junit:junit-bom from 5.14.1 to 5.14.2 by @dependabot[bot] in #84
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0 by @dependabot[bot] in #85
• build(deps): bump com.gradleup.nmcp from 1.4.0 to 1.4.4 by @dependabot[bot] in #87
• build(deps): bump com.diffplug.spotless from 8.1.0 to 8.2.0 by @dependabot[bot] in #86

New Contributors

• @chadlwilson made their first contribution in #82

Full Changelog: v9.0.2...v9.0.3

v9.0.2

What's Changed

• fix: follow best practices for GHSA rate limiting by @jeremylong in #65
• docs: cleanup build warnings by adding javadoc by @jeremylong in #66
• build: create gradle tasks to generate mustache templates for GHSA graphql queries by @jeremylong in #37

Dependency Upgrades

• build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.4 by @dependabot[bot] in #41
• build(deps): bump com.github.spotbugs from 6.3.0 to 6.4.1 by @dependabot[bot] in #45
• build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 by @dependabot[bot] in #46
• build(deps): bump org.apache.httpcomponents.client5:httpclient5-cache from 5.5 to 5.5.1 by @dependabot[bot] in #52
• build(deps): bump jvm from 2.0.21 to 2.2.20 by @dependabot[bot] in #48
• build(deps): bump com.gradleup.nmcp from 1.1.0 to 1.2.0 by @dependabot[bot] in #56
• build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.6 to 4.9.8 by @dependabot[bot] in #55
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #59
• build(deps): bump jvm from 2.2.20 to 2.2.21 by @dependabot[bot] in #58
• build(deps): bump com.github.spotbugs from 6.4.1 to 6.4.4 by @dependabot[bot] in #54
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 by @dependabot[bot] in #60
• build(deps): bump com.diffplug.spotless from 7.2.1 to 8.0.0 by @dependabot[bot] in #51
• build(deps): bump com.graphql-java:graphql-java from 23.1 to 24.3 by @dependabot[bot] in #50
• build(deps): bump com.github.spotbugs from 6.4.4 to 6.4.5 by @dependabot[bot] in #63
• build(deps): bump com.graphql-java:graphql-java from 24.3 to 25.0 by @dependabot[bot] in #62

Full Changelog: v9.0.1...v9.0.2

v9.0.1

What's Changed

• fix: compile to Java 11 by @jeremylong in #42
• Fix typo by @re3turn in #38

Full Changelog: v9.0.0...v9.0.1

v9.0.0

What's Changed

• breaking change: Remove deprecated cvss field from GHSA by @re3turn in #32
• feat: add epss support for GHSA by @jeremylong in #36
• fix: avoid NPE for response logging in NvdCveClient by @hendrikstill in #28
• build: utilize central publishing by @jeremylong in #35

New Contributors

• @hendrikstill made their first contribution in #28
• @re3turn made their first contribution in #32

Full Changelog: v8.0.0...v9.0.0

v8.0.0

What's Changed

• BREAKING CHANGE: The NVD Client's thread count has been removed and replaced with a new parameter to set the number of requests allowed per 30-second rolling window by @jeremylong in #14
  • Matches the NVD API usage guide regarding rate limits.
  • Resolves incorrect implementation of rate metering.
• BREAKING CHANGE: correct alias vs property in CvssV4Data by @jeremylong in #16
  • The generated JSON for CvssV4Data in the NVD client can still read previously cached JSON. However, newely generated JSON will utilize the correct field names documented in the NVD Schema documentation.
• test: Cleanup test code by @strangelookingnerd in #20
• build(deps): bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.3 by @dependabot in #13
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4 by @dependabot in #17
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.0 by @dependabot in #19

New Contributors

• @strangelookingnerd made their first contribution in #20

Full Changelog: v7.3.2...v8.0.0

v7.3.2

What's Changed

• feat:Specify nullability for the NVD CVE API dataclasses using jSpecify annotations by @aikebah in #11
• fix: allow trailing commas in JSON arrays by @jeremylong in #12

Full Changelog: v7.3.1...v7.3.2

v7.3.1

What's Changed

• fix: Prevent index-out-of-bound on too short API key by @aikebah in #6
• build(deps): bump org.slf4j:slf4j-simple from 2.0.16 to 2.0.17 by @dependabot in #7
• build(deps): bump org.apache.httpcomponents.client5:httpclient5-cache from 5.4.2 to 5.4.3 by @dependabot in #8
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.4.3 by @dependabot in #10
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 by @dependabot in #9

New Contributors

• @dependabot made their first contribution in #7

Full Changelog: v7.3.0...v7.3.1

v7.3.0

What's Changed

• fix: Add explicit time-outs to the HTTP Clients by @aikebah in #3
• feat: implement http client caching of NVD API requests by @jeremylong in #4

New Contributors

• @aikebah made their first contribution in #3

Full Changelog: v7.2.2...v7.3.0

v7.2.2

What's Changed

• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2 by https://github.com/dependabot in jeremylong/open-vulnerability-cli#262
• fix: use correct types for modifiedSubAvailabilityImpact, modifiedSubIntegrityImpact, and modifiedSubConfidentialityImpact by @jeremylong in jeremylong/open-vulnerability-cli#274

Full Changelog: v7.2.1...v7.2.2