Update dependencycheck database 8.4.3 to 9.0.1

[picsouds]

Describe the bug

Update from 8.4.3 to 9.0.1

Version of dependency-check used

The problem occurs using version 9.0.1 (gradle plugin), not tested on others plugins

Log file

Caused by: java.lang.NullPointerException: Cannot invoke "java.time.temporal.TemporalAccessor.query(java.time.temporal.TemporalQuery)" because "temporal" is null
        at org.owasp.dependencycheck.data.update.NvdApiDataSource.checkUpdate(NvdApiDataSource.java:441)
        at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:117)
        at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
        at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:904)
        at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:876)
        at org.owasp.dependencycheck.gradle.tasks.Update.update(Update.groovy:56)

To Reproduce
Update the plugin to id "org.owasp.dependencycheck" version "9.0.1" and ./gradlew dependencyUpdate --debug

See https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java#L439 - In the Database H2 table properties 8.4.3, the key NVD_CACHE_LAST_CHECKED not exist (only in 9.0.*)

With ./gradlew dependencyPurge no problem for the update (with a local vulnz)

I don't see in the code a update of the properties table automatically but I could probably be wrong.

P.S.: You folks of the dependency-check team are doing amazing work for all of us, thanks! 👍

[jeremylong]

Yes, the breaking change was documented in the release notes and can be found here: https://github.com/jeremylong/DependencyCheck#breaking-changes

this is an expected problem that you've already found the solution to - purge the original database. Now the problem is you'll like run into #6149 - which we are working on.