From f81909fff7a894f99d483733d31242829652a822 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 01:51:01 +0000 Subject: [PATCH 1/3] build(deps): bump io.github.jeremylong:open-vulnerability-clients Bumps [io.github.jeremylong:open-vulnerability-clients](https://github.com/jeremylong/vuln-tools) from 7.3.2 to 8.0.0. - [Release notes](https://github.com/jeremylong/vuln-tools/releases) - [Commits](https://github.com/jeremylong/vuln-tools/commits/v8.0.0) --- updated-dependencies: - dependency-name: io.github.jeremylong:open-vulnerability-clients dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3a2f03e3b15..167371822ad 100644 --- a/pom.xml +++ b/pom.xml @@ -931,7 +931,7 @@ Copyright (c) 2012 - Jeremy Long io.github.jeremylong open-vulnerability-clients - 7.3.2 + 8.0.0 org.anarres.jdiagnostics From 8cc9ade82b8e1b354b269cb96c315f1069832499 Mon Sep 17 00:00:00 2001 From: Nicolas Humblot Date: Wed, 7 May 2025 07:31:43 +0200 Subject: [PATCH 2/3] fix!: adjust public API changes --- .../dependencycheck/data/update/NvdApiDataSource.java | 5 +++-- core/src/main/resources/dependencycheck.properties | 2 ++ core/src/test/resources/dependencycheck.properties | 2 ++ .../java/org/owasp/dependencycheck/utils/Settings.java | 8 ++++++++ utils/src/test/resources/dependencycheck.properties | 2 ++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java b/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java index 45d558d68b8..6b169438ac4 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java @@ -316,11 +316,12 @@ private boolean processApi() throws UpdateException { //using a higher delay as the system may not be able to process these faster. builder.withApiKey(key) .withDelay(5000) - .withThreadCount(4); + .withrequestsPerThirtySeconds(settings.getInt(Settings.KEYS.NVD_API_REQUESTS_PER_30_SECONDS_WITH_API_KEY, 50)); } else { LOGGER.warn("An NVD API Key was not provided - it is highly recommended to use " + "an NVD API key as the update can take a VERY long time without an API Key"); - builder.withDelay(10000); + builder.withDelay(10000) + .withrequestsPerThirtySeconds(settings.getInt(Settings.KEYS.NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY, 5)); } final int resultsPerPage = Math.min(settings.getInt(Settings.KEYS.NVD_API_RESULTS_PER_PAGE, RESULTS_PER_PAGE), RESULTS_PER_PAGE); diff --git a/core/src/main/resources/dependencycheck.properties b/core/src/main/resources/dependencycheck.properties index 0b14242596b..fcf8d1bab6a 100644 --- a/core/src/main/resources/dependencycheck.properties +++ b/core/src/main/resources/dependencycheck.properties @@ -56,6 +56,8 @@ nvd.api.check.validforhours=4 nvd.api.datafeed.validfordays=7 nvd.api.max.retry.count=30 nvd.api.delay=0 +nvd.api.requestsperthirtysecondswithoutapikey=5 +nvd.api.requestsperthirtysecondswithapikey=50 #nvd.api.datafeed.url=https://example.com/nvd-cache/ #nvd.api.datafeed.user= #nvd.api.datafeed.password= diff --git a/core/src/test/resources/dependencycheck.properties b/core/src/test/resources/dependencycheck.properties index 7635618f990..5a635954366 100644 --- a/core/src/test/resources/dependencycheck.properties +++ b/core/src/test/resources/dependencycheck.properties @@ -52,6 +52,8 @@ nvd.api.check.validforhours=4 nvd.api.datafeed.validfordays=7 nvd.api.max.retry.count=30 nvd.api.delay=0 +nvd.api.requestsperthirtysecondswithoutapikey=5 +nvd.api.requestsperthirtysecondswithapikey=50 #nvd.api.datafeed.url=https://example.com/nvd-cache/ #nvd.api.datafeed.user= #nvd.api.datafeed.password= diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index ab332881caf..54fdfcd1da3 100644 --- a/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -173,6 +173,14 @@ public static final class KEYS { * The delay between requests for the NVD API. */ public static final String NVD_API_DELAY = "nvd.api.delay"; + /** + * The number of requests made to the NVD API per 30 seconds when no API KEY is provided. + */ + public static final String NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY = "nvd.api.requestsperthirtysecondswithoutapikey"; + /** + * The number of requests made to the NVD API per 30 seconds when an API KEY is provided. + */ + public static final String NVD_API_REQUESTS_PER_30_SECONDS_WITH_API_KEY = "nvd.api.requestsperthirtysecondswithapikey"; /** * The maximum number of retry requests for a single call to the NVD * API. diff --git a/utils/src/test/resources/dependencycheck.properties b/utils/src/test/resources/dependencycheck.properties index 8220a95a3dc..990835036e5 100644 --- a/utils/src/test/resources/dependencycheck.properties +++ b/utils/src/test/resources/dependencycheck.properties @@ -52,6 +52,8 @@ nvd.api.check.validforhours=4 nvd.api.datafeed.validfordays=7 nvd.api.max.retry.count=30 nvd.api.delay=0 +nvd.api.requestsperthirtysecondswithoutapikey=5 +nvd.api.requestsperthirtysecondswithapikey=50 #nvd.api.datafeed.url=https://example.com/nvd-cache/ #nvd.api.datafeed.user= #nvd.api.datafeed.password= From 10de1bbe30f84a267738d9cec5f864e230cd2937 Mon Sep 17 00:00:00 2001 From: Nicolas Humblot Date: Tue, 7 Oct 2025 16:24:57 +0200 Subject: [PATCH 3/3] build(deps): upgrade io.github.jeremylong:open-vulnerability-clients to 9.0.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bbd75ab114e..24da6a7a43f 100644 --- a/pom.xml +++ b/pom.xml @@ -924,7 +924,7 @@ Copyright (c) 2012 - Jeremy Long io.github.jeremylong open-vulnerability-clients - 8.0.0 + 9.0.1 org.anarres.jdiagnostics