Merge branch 'release/1.6.x' into 'main'

Updated API code snippet in readme for GitHub #117 See merge request kosit/validator!89
2026-05-25 16:55:39 +00:00 · 2025-11-07 15:24:07 +01:00 · 2025-11-07 15:24:07 +01:00 · 938c87112d
commit 938c87112d
parent 0e944616a5 f482d4d213
2 changed files with 14 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -74,12 +74,12 @@ The [CLI documentation](./docs/cli.md) shows further configuration options.
 The Validator can also be used in own Java Applications via the API. An example use of the API as follows:

 ```java
-Path scenarios = Paths.get("scenarios.xml");
-Configuration config = Configuration.load(scenarios.toUri());
-Input document = InputFactory.read(testDocument);
-
+URL scenarios = this.getClass().getClassLoader().getResource("scenarios.xml");
+Configuration config = Configuration.load(scenarios.toURI()).build(ProcessorProvider.getProcessor());
 Check validator = new DefaultCheck(config);
-Result validationResult = validator.checkInput(document);
+
+Input document = InputFactory.read(testDocument);
+Result report = validator.checkInput(document);

 // examine the result here
 ```
@ -139,8 +139,8 @@ To use the standalone version with Maven coordinates, add the respective classif

 This section describes the next steps planned in the Validator development.

-* Release version 1.6.0 based on Java 11 and using Jakarta 4.x. - Autumn 2025
-    * Drop support of version 1.5.x when version 1.6 is released
+* Version 1.5.x is frozen - no maintainance, no support
+* Version 1.6.x - no feature development, but maintainance and best-effort support
 * Develop version 2.0.0 which will include major API incompatibilities - Winter 2025 
    * Rework scenarios.xml
    * Rework report output engine
--- a/pom.xml
+++ b/pom.xml
@ -46,7 +46,7 @@
        <version.jaxb-impl>4.0.5</version.jaxb-impl>
        <version.lombok>1.18.42</version.lombok>
        <version.mockito>4.11.0</version.mockito>
-        <version.owasp-dependency-check>10.0.4</version.owasp-dependency-check>
+        <version.owasp-dependency-check>12.1.8</version.owasp-dependency-check>
        <version.rest-assured>5.5.5</version.rest-assured>
        <version.saxon-he>12.8</version.saxon-he>
        <version.slf4j>2.0.17</version.slf4j>
@ -239,7 +239,8 @@
                        <configuration>
                            <rules>
                                <requireMavenVersion>
-                                    <version>[3.3.9,)</version>
+                                    <!-- minimum for OWASP check-->
+                                    <version>[3.6.3,)</version>
                                </requireMavenVersion>
                                <requireJavaVersion>
                                    <!-- Required for "-proc:full" required for Lombok: 
@ -617,6 +618,10 @@
                        <artifactId>dependency-check-maven</artifactId>
                        <version>${version.owasp-dependency-check}</version>
                        <configuration>
+                        <!-- Specifies if the build should be failed if a CVSS score 
+                        above a specified level is identified. 
+                        The default is 11 which means since the CVSS scores are 0-10, 
+                        by default the build will never fail.-->
                            <failBuildOnCVSS>0</failBuildOnCVSS>
                            <suppressionFiles>
                                <suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>