v9.0.4

What's Changed

• build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #377
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #376
• build(deps): bump io.prometheus:prometheus-metrics-exposition-formats from 1.4.2 to 1.4.3 by @dependabot[bot] in #375
• build: fix spotless (copyright year) by @jeremylong in #380
• build(deps): bump org.junit:junit-bom from 6.0.0 to 6.0.2 by @dependabot[bot] in #381
• build(deps): bump com.diffplug.spotless from 8.0.0 to 8.2.1 by @dependabot[bot] in #385
• build(deps): bump commons-io:commons-io from 2.20.0 to 2.21.0 by @dependabot[bot] in #373
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.2 to 9.0.3 by @dependabot[bot] in #386
• build(deps): bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #391
• build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #388
• build(deps): bump prometheus to 1.5.1 by @jeremylong in #398
• build(deps): bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #389
• build(deps): bump docker/login-action from 3 to 4 by @dependabot[bot] in #390
• build(deps): bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #392
• build(deps): bump com.diffplug.spotless from 8.2.1 to 8.3.0 by @dependabot[bot] in #393
• build(deps): bump gradle-wrapper from 8.14.3 to 9.4.0 by @dependabot[bot] in #395
• build: release 9.0.4 by @jeremylong in #399

Full Changelog: v9.0.2...v9.0.4

v9.0.2

What's Changed

• fix: follow GHSA best practices for rate limiting by @jeremylong in #370
  • This adds the --out argument to the ghsa command so the JSON can be written to a file.

Dependency Upgrades

• build(deps): bump org.junit:junit-bom from 5.10.3 to 6.0.0 by @dependabot[bot] in #364
• build(deps): bump it.unimi.dsi:fastutil from 8.5.16 to 8.5.18 by @dependabot[bot] in #367
• build(deps): bump io.prometheus:prometheus-metrics-exposition-formats from 1.4.1 to 1.4.2 by @dependabot[bot] in #369
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #368
• build(deps): bump com.diffplug.spotless from 7.2.1 to 8.0.0 by @dependabot[bot] in #363
• build(deps): bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 by @dependabot[bot] in #361

Full Changelog: v9.0.1...v9.0.2

v9.0.1

What's Changed

The vulnz CLI is no longer being published to Maven Central. Validation appears to prevent spring-boot executable JARs from being published.

• fix: remove unused arg from mirror.sh by @jeremylong in #324
• fix: prevent divide by zero exception by @jeremylong in #351
• build: migrate to build.gradle to kotlin by @jeremylong in #355

Full Changelog: v9.0.0...v9.0.1

v9.0.0

What's Changed

• feat!: CveCommand replaces --threads argument with --requestCount by @jeremylong in #314
• Fix the problem #309 Add support for custom CA certificates in scripts by @refflinghaus in #310
• build(deps): bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.3 by @dependabot in #308
• build(deps): bump commons-io:commons-io from 2.18.0 to 2.19.0 by @dependabot in #311
• build(deps): bump info.picocli:picocli-spring-boot-starter from 4.7.6 to 4.7.7 by @dependabot in #312

Full Changelog: v8.1.1...v9.0.0

v8.1.1

What's Changed

• build(deps): bump open-vulnerability-client from 7.3.1 to 7.3.2 by @jeremylong in #307
  • resolves a JSON Parse Exception that may occur with some NVD API responses

Full Changelog: v8.1.0...v8.1.1

v8.1.0

What's Changed

• fix: Issue a warning when users have used an un-resolved user-home relative path by @aikebah in #294
• fix: update install command by @jeremylong in #296
• feat: add CVE year-tracking and Prometheus metric enhancements and fixes th… by @refflinghaus in #297
• fix: follow redirects when retrieving EPSS and KEV by @jeremylong in #299
• build(deps): bump open-vulnerability-client 7.3.0 to 7.3.1 by @jeremylong in #301
• chore(javadoc): fix build warnings regarding missing javadoc by @jeremylong in #300

New Contributors

• @aikebah made their first contribution in #294

Full Changelog: v8.0.0...v8.1.0

v8.0.0

What's Changed

• feat: implement forced http caching on full mirror of NVD by @jeremylong in #287
• feat: reduce memory usage by @jeremylong in #288
• feat: mirror additional sources by @jeremylong in #292
• chore: Upgrade to spring boot 3.4 and Java 17 fixes #263 by @EugenMayer in #278

Full Changelog: v7.2.2...v8.0.0

v7.2.2

What's Changed

• build(deps): bump org.jline:jline from 3.28.0 to 3.29.0 by @dependabot in #261
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2 by @dependabot in #262
• fix: use correct types for modifiedSubAvailabilityImpact, modifiedSubIntegrityImpact, and modifiedSubConfidentialityImpact by @jeremylong in #274

Full Changelog: v7.2.1...v7.2.2

v7.2.1

What's Changed

• Add support for configurable metrics output format and fixes #255 by @refflinghaus in #256
• build(deps): bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.1 to 7.0.2 by @dependabot in #252
• fix: improve memory usage by @jeremylong in #253

Full Changelog: v7.2.0...v7.2.1

v7.2.0

What's Changed

NOTICE - PR #250 is not a breaking change, but on 2025-10-01 a breaking change will occur in the upstream data. See https://docs.github.com/en/graphql/overview/breaking-changes#changes-scheduled-for-2025-10-01 for more information. Start converting your code to use the new cvss_severities for CVSSv3 and CVSSv4 scores.

• feat: add SecurityAdvisory cvssSeverities and deprecate cvss by @re3turn in #250
• fix: monitoring bug fixes and enhancements by @refflinghaus in #239
• chore: spotlessApply by @jeremylong in #249
• fix: kill signal handling #244 by @EugenMayer in #246
• build(deps): bump com.diffplug.spotless:spotless-plugin-gradle from 6.25.0 to 7.0.1 by @dependabot in #247
• fix: don't cap the memory in the docker image by @jeremylong in #251

Full Changelog: v7.1.0...v7.2.0