Prep for 5.2.0 release

tobias · tobias · commit 21b4a930ff92 · 2025-09-26T14:06:46.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# Changes from 5.1.0 to 5.2.0
+
+* Update `dependency-check-core` from 12.1.3 to [12.1.6](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md#version-1216-2025-09-24).
+* Support [setting user & password for OSS Index analyzer](https://github.com/rm-hull/nvd-clojure/tree/v5.2.0#configuration-options), as OSS Index [now requires authentication](https://ossindex.sonatype.org/doc/auth-required) 
+
 # Changes from 5.0.0 to 5.1.0
 
 * Update `dependency-check-core` from 12.1.0 to [12.1.3](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md#version-1213-2025-06-10).
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 
 # Example usage:
 # copy a one-off Clojars token to your clipboard
-# GIT_TAG=v5.1.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
+# GIT_TAG=v5.2.0 CLOJARS_USERNAME=$USER CLOJARS_PASSWORD=$(pbpaste) make deploy
 
 deploy: check-env
 	lein clean
diff --git a/README.md b/README.md
@@ -18,19 +18,19 @@ will be checked for known security vulnerabilities. `nvd-clojure` passes them to
 
 ### Installation and basic usage
 
-> _Please see also:_ [Avoiding classpath interference](https://github.com/rm-hull/nvd-clojure/blob/v5.1.0/FAQ.md#what-is-classpath-interference)
+> _Please see also:_ [Avoiding classpath interference](https://github.com/rm-hull/nvd-clojure/blob/v5.2.0/FAQ.md#what-is-classpath-interference)
 
 #### Leiningen
 
 <details>
 
-Please create a separate project consisting of `[nvd-clojure/nvd-clojure "5.1.0"]`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting of `[nvd-clojure/nvd-clojure "5.2.0"]`. Said project can be located inside the targeted repo's Git repository.
 
 ```clj
 (defproject nvd-helper "local"
   :description "nvd-clojure helper project"
-  :dependencies [[nvd-clojure "5.1.0"]
-                 [org.clojure/clojure "1.12.0"]]
+  :dependencies [[nvd-clojure "5.2.0"]
+                 [org.clojure/clojure "1.12.3"]]
   :jvm-opts ["-Dclojure.main.report=stderr"])
 ```
 
@@ -54,7 +54,7 @@ If you are using a multi-modules solution (e.g. `lein-monolith`), you should ens
 
 <details>
 
-Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "5.1.0"}`. Said project can be located inside the targeted repo's Git repository.
+Please create a separate project consisting exclusively of `nvd-clojure/nvd-clojure {:mvn/version "5.2.0"}`. Said project can be located inside the targeted repo's Git repository.
 
 Please do not add nvd-clojure as a dependency in the deps.edn of the project to be analysed.
 
@@ -155,7 +155,7 @@ dependency relationships are:
 dependencies, and suggest upgraded versions, and can optionally be configured
 to update the project file.
 
-(Note that that is only one of the multiple ways of remediating a given vulnerability, please see [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v5.1.0/FAQ.md#how-to-remediate-a-cve-is-it-a-good-idea-to-automate-remediation))
+(Note that that is only one of the multiple ways of remediating a given vulnerability, please see [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v5.2.0/FAQ.md#how-to-remediate-a-cve-is-it-a-good-idea-to-automate-remediation))
 
 ## Configuration
 
@@ -214,7 +214,7 @@ You can also set logging properties directly through Java system properties (the
 clojure -J-Dclojure.main.report=stderr -J-Dorg.slf4j.simpleLogger.log.org.apache.commons=error -Tnvd nvd.task/check # ...
 ```
 
-## [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v5.1.0/FAQ.md)
+## [FAQ](https://github.com/rm-hull/nvd-clojure/blob/v5.2.0/FAQ.md)
 
 ## Attribution
 
diff --git a/project.clj b/project.clj
@@ -1,4 +1,4 @@
-(defproject nvd-clojure "5.1.0"
+(defproject nvd-clojure "5.2.0"
   :description "National Vulnerability Database dependency checker"
   :url "https://github.com/rm-hull/nvd-clojure"
   :license {:name "The MIT License (MIT)"
diff --git a/resources/nvd_clojure/default_config_content.edn b/resources/nvd_clojure/default_config_content.edn
@@ -6,7 +6,7 @@
 
 ;; Feel free to tweak it, version-control it and remove any comment.
 
-;; Configuration reference: https://github.com/rm-hull/nvd-clojure/tree/v5.1.0#configuration-options
+;; Configuration reference: https://github.com/rm-hull/nvd-clojure/tree/v5.2.0#configuration-options
 
 {;; You can use the `:suppression-file` in order to silence false positives.
  ;; This file will be automatically created, with whatever filename is specified here, if it didn't exist already.

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-(defproject nvd-clojure "5.1.0"`
	`1`	`+(defproject nvd-clojure "5.2.0"`
`2`	`2`	`:description "National Vulnerability Database dependency checker"`
`3`	`3`	`:url "https://github.com/rm-hull/nvd-clojure"`
`4`	`4`	`:license {:name "The MIT License (MIT)"`