From 70070a9a04c6d3835bce982247e80aa654546721 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 3 May 2026 06:19:35 -0400
Subject: [PATCH 1/3] docs: release 12.2.2

---
 CHANGELOG.md                                  | 32 +++++++++++++++++++
 .../markdown/analyzers/oss-index-analyzer.md  |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8e0005eed2..7a37594b78c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,37 @@
 # Change Log
 
+## [Version 12.2.2](https://github.com/dependency-check/DependencyCheck/releases/tag/v12.2.2) (2026-05-03x)
+
+- fix: widen reference URL column to handle long Mozilla CVE URLs ([#8467](https://github.com/dependency-check/DependencyCheck/pull/8467))
+- fix: improve Sonatype Guide / OSS Index cache handling and insufficient credits error reporting ([#8451](https://github.com/dependency-check/DependencyCheck/pull/8451))
+- fix: de-duplicate and sort both `includedBy` and `projectReferences` in reports ([#8440](https://github.com/dependency-check/DependencyCheck/pull/8440))
+- fix: add corepack to docker image ([#8386](https://github.com/dependency-check/DependencyCheck/pull/8386))
+- fix: support and prefer githubID vuln identifiers from RetireJS ([#8419](https://github.com/dependency-check/DependencyCheck/pull/8419))
+- fix: bump open-vulnerability-clients to resolve NVD timestamp parsing errors ([#8427](https://github.com/dependency-check/DependencyCheck/pull/8427))
+- fix: migrate default OSS Index API URL to Sonatype Guide; supporting optional username ([#8404](https://github.com/dependency-check/DependencyCheck/pull/8404))
+- chore(fp): remove duplicate log4j FP suppressions ([#8468](https://github.com/dependency-check/DependencyCheck/pull/8468))
+- chore: remove spurious bundle-audit log line when there are no errors ([#8454](https://github.com/dependency-check/DependencyCheck/pull/8454))
+- docs: tweak docs site structure; documenting missing analyzers ([#8462](https://github.com/dependency-check/DependencyCheck/pull/8462))
+- docs: correct missing documentation for Gradle plugin ([#8431](https://github.com/dependency-check/DependencyCheck/pull/8431))
+- build(deps): bump the actions-deps group with 8 updates ([#8472](https://github.com/dependency-check/DependencyCheck/pull/8472))
+- build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 ([#8465](https://github.com/dependency-check/DependencyCheck/pull/8465))
+- build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 ([#8463](https://github.com/dependency-check/DependencyCheck/pull/8463))
+- build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 ([#8453](https://github.com/dependency-check/DependencyCheck/pull/8453))
+- build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 ([#8452](https://github.com/dependency-check/DependencyCheck/pull/8452))
+- build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 ([#8464](https://github.com/dependency-check/DependencyCheck/pull/8464))
+- build(deps): bump com.mysql:mysql-connector-j from 9.6.0 to 9.7.0 ([#8445](https://github.com/dependency-check/DependencyCheck/pull/8445))
+- build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 ([#8448](https://github.com/dependency-check/DependencyCheck/pull/8448))
+- build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0
+- build(deps): bump org.jsoup:jsoup from 1.22.1 to 1.22.2 ([#8437](https://github.com/dependency-check/DependencyCheck/pull/8437))
+- build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre ([#8420](https://github.com/dependency-check/DependencyCheck/pull/8420))
+- build(deps): bump httpcomponents.client.version from 5.6 to 5.6.1 ([#8432](https://github.com/dependency-check/DependencyCheck/pull/8432))
+- build(deps): bump apache.ant.version from 1.10.16 to 1.10.17 ([#8416](https://github.com/dependency-check/DependencyCheck/pull/8416))
+
+
+- chore: tidy CHANGELOG formatting ([#8414](https://github.com/dependency-check/DependencyCheck/pull/8414))
+
+See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/104?closed=1)
+
 ## [Version 12.2.1](https://github.com/dependency-check/DependencyCheck/releases/tag/v12.2.1) (2026-04-11)
 
 - build: improve GHA workflow experience for forks ([#8285](https://github.com/dependency-check/DependencyCheck/pull/8285))
diff --git a/src/site/markdown/analyzers/oss-index-analyzer.md b/src/site/markdown/analyzers/oss-index-analyzer.md
index f89ad4f622b..473300dbbc2 100644
--- a/src/site/markdown/analyzers/oss-index-analyzer.md
+++ b/src/site/markdown/analyzers/oss-index-analyzer.md
@@ -22,7 +22,7 @@ During this migration users will need to make some minor changes.
     - login with OSS Index account credentials to the Sonatype Guide platform to validate your account has been migrated
     - migrate OSS Index analyzer base URL to Sonatype Guide platform
       - override Dependency-Check configuration OR
-      - upgrade to Dependency-Check `12.2.1` (if using defaults)
+      - upgrade to Dependency-Check `12.2.1`+ (if using defaults)
     - review API usage within Sonatype Guide to determine whether continued free usage is possible (new API limits apply from April 28 2026 onwards)
       - consider [cache/restore of Dependency-Check's data directory](../data/cacheh2.md) between runs to retain the OSS Index cache, and reduce API load 
   - _Before_ December 31, 2026 

From b51290fd340722350b130c5c9549268969062756 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 3 May 2026 06:20:35 -0400
Subject: [PATCH 2/3] build: prepare release v12.2.2

---
 ant/pom.xml       | 4 ++--
 archetype/pom.xml | 6 +++---
 cli/pom.xml       | 4 ++--
 core/pom.xml      | 4 ++--
 maven/pom.xml     | 4 ++--
 pom.xml           | 6 +++---
 utils/pom.xml     | 4 ++--
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/ant/pom.xml b/ant/pom.xml
index c68363ae7eb..60c42f1d740 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/ant</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <build>
         <resources>
diff --git a/archetype/pom.xml b/archetype/pom.xml
index eda5382d203..c63f41376c8 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
     <packaging>jar</packaging>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2026-04-11T15:25:01Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2026-05-03T10:19:54Z</project.build.outputTimestamp>
     </properties>
     <scm>
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/archetype</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <build>
         <plugins>
diff --git a/cli/pom.xml b/cli/pom.xml
index e754a70ccba..56ad0531caa 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/cli</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <build>
         <finalName>dependency-check-${project.version}</finalName>
diff --git a/core/pom.xml b/core/pom.xml
index 05b9d0b247b..1acec541962 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/core</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <build>
         <resources>
diff --git a/maven/pom.xml b/maven/pom.xml
index c47fefe926b..1e66d1b6879 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>
@@ -37,7 +37,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/master/maven</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <prerequisites>
         <maven>${maven.api.version}</maven>
diff --git a/pom.xml b/pom.xml
index bf001738a59..fcbc9e7f437 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>12.2.2-SNAPSHOT</version>
+    <version>12.2.2</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck</url>
         <developerConnection>scm:git:https://github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <issueManagement>
         <system>github</system>
@@ -113,7 +113,7 @@ Copyright (c) 2012 - Jeremy Long
     <properties>
         <maven.compiler.release>11</maven.compiler.release>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2026-04-11T15:25:01Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2026-05-03T10:19:54Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
diff --git a/utils/pom.xml b/utils/pom.xml
index 133b7555fb6..388e09a75b1 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2-SNAPSHOT</version>
+        <version>12.2.2</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>
@@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/utils</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>HEAD</tag>
+        <tag>v12.2.2</tag>
     </scm>
     <properties>
         <spotbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</spotbugs.onlyAnalyze>

From 792c78ff4d483b9824624c1b73609f9cba139d46 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 3 May 2026 06:20:35 -0400
Subject: [PATCH 3/3] build: prepare for next development iteration

---
 ant/pom.xml       | 4 ++--
 archetype/pom.xml | 6 +++---
 cli/pom.xml       | 4 ++--
 core/pom.xml      | 4 ++--
 maven/pom.xml     | 4 ++--
 pom.xml           | 6 +++---
 utils/pom.xml     | 4 ++--
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/ant/pom.xml b/ant/pom.xml
index 60c42f1d740..07371c6893d 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/ant</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <build>
         <resources>
diff --git a/archetype/pom.xml b/archetype/pom.xml
index c63f41376c8..72dd231e485 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
     <packaging>jar</packaging>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2026-05-03T10:19:54Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2026-05-03T10:20:35Z</project.build.outputTimestamp>
     </properties>
     <scm>
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/archetype</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <build>
         <plugins>
diff --git a/cli/pom.xml b/cli/pom.xml
index 56ad0531caa..989467f1335 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/cli</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <build>
         <finalName>dependency-check-${project.version}</finalName>
diff --git a/core/pom.xml b/core/pom.xml
index 1acec541962..669ff551f54 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/core</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <build>
         <resources>
diff --git a/maven/pom.xml b/maven/pom.xml
index 1e66d1b6879..8241aed128d 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>
@@ -37,7 +37,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/master/maven</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <prerequisites>
         <maven>${maven.api.version}</maven>
diff --git a/pom.xml b/pom.xml
index fcbc9e7f437..548eae61dc0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>12.2.2</version>
+    <version>12.2.3-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck</url>
         <developerConnection>scm:git:https://github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <issueManagement>
         <system>github</system>
@@ -113,7 +113,7 @@ Copyright (c) 2012 - Jeremy Long
     <properties>
         <maven.compiler.release>11</maven.compiler.release>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2026-05-03T10:19:54Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2026-05-03T10:20:35Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
diff --git a/utils/pom.xml b/utils/pom.xml
index 388e09a75b1..f6bbb02ad57 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>12.2.2</version>
+        <version>12.2.3-SNAPSHOT</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>
@@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
         <url>https://github.com/dependency-check/DependencyCheck/tree/main/utils</url>
         <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
-        <tag>v12.2.2</tag>
+        <tag>HEAD</tag>
     </scm>
     <properties>
         <spotbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</spotbugs.onlyAnalyze>