docs: prepare release 5.0.0 (#81)

buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle

@@ -12,7 +12,7 @@ plugins {
 }
 
 group 'io.github.jeremylong'
-version = '4.1.3'
+version = '5.0.0'
 
 repositories {
     mavenCentral()

open-vulnerability-clients/README.md

@@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere
 <dependency>
    <groupId>io.github.jeremylong</groupId>
    <artifactId>open-vulnerability-clients</artifactId>
-   <version>4.1.2</version>
+   <version>5.0.0</version>
 </dependency>
 ```
 
 ### gradle
 
 ```groovy
-implementation 'io.github.jeremylong:open-vulnerability-clients:4.1.2'
+implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.0'
 ```
 
 ### api usage

open-vulnerability-store/README.md

@@ -1,164 +1,5 @@
-# data-source
+# open-vulnerability-store
 
-
-
-
-# gh-advisory-lib
-
-A client for the GitHub GraphQL API to retrieve the GitHub Security Advisories.
-
-The client requires a GitHub Personal Access Token to access the API.
-
-## usage
-
-### maven
-
-```xml
-<dependency>
-   <groupId>io.github.jeremylong</groupId>
-   <artifactId>gh-advisory-lib</artifactId>
-   <version>2.0.2</version>
-</dependency>
-```
-
-### gradle
-
-```groovy
-implementation 'io.github.jeremylong:gh-advisory-lib:2.0.2'
-```
-
-### building from source
-
-```shell
-./gradlew build
-```
-
-### api usage
-
-The API is intended to be fairly simple; an example implementation is given below to retrieve the entire GitHub Security Advisory data
-set - including a mechanism to keep the data up to date.
-
-```java
-
-import GitHubSecurityAdvisoryClient;
-import GitHubSecurityAdvisoryClientBuilder;
-import SecurityAdvisory;
-
-import java.time.ZoneOffset;
-import java.time.ZonedDateTime;
-import java.util.List;
-
-public class Example {
-    ZonedDateTime retrieveLastUpdated() {
-        // TODO implement a storage/retrieval mechanism for the last updated date.
-
-        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(1);
-    }
-
-    void storeLastUpdated(ZonedDateTime lastUpdated) {
-        // TODO implement a storage/retrieval mechanism for the last update time.
-    }
-
-    @Test
-    void testNext() throws Exception {
-        String apiKey = System.getenv("GITHUB_TOKEN");
-
-        GitHubSecurityAdvisoryClientBuilder builder = GitHubSecurityAdvisoryClientBuilder
-                .aGitHubSecurityAdvisoryClient()
-                .withApiKey(apiKey);
-
-        ZonedDateTime lastUpdated = retrieveLastUpdated();
-        if (lastUpdated != null) {
-            builder.withUpdatedSinceFilter(lastUpdated);
-        }
-        try (GitHubSecurityAdvisoryClient client = builder.build()) {
-            if (client.hasNext()) {
-                List<SecurityAdvisory> result = client.next();
-                //TODO do something useful with the SecurityAdvisories
-            }
-            storeLastUpdated(client.getLastUpdated());
-        }
-    }
-}
-```
-
-
-# nvd-lib
-
-A client for the NVD API to retrieve vulnerability data.
-
-An API Key for the NVD API is highly recommended - especially when downloading the  full Vulnerability Catalog from the
-NVD. Without an API key downloading takes 10+ minutes; whereas with an API key (and using 4 threads) the entire NVD
-Vulnerability Catalog can be downloaded in ~90 seconds.
-
-## usage
-
-### maven
-
-```xml
-<dependency>
-   <groupId>io.github.jeremylong</groupId>
-   <artifactId>nvd-lib</artifactId>
-   <version>2.0.2</version>
-</dependency>
-```
-
-### gradle
-
-```groovy
-implementation 'io.github.jeremylong:nvd-lib:2.0.2'
-```
-
-### building from source
-
-```shell
-./gradlew build
-```
-
-### api usage
-
-The API is intended to be fairly simple; an example implementation is given below to retrieve the entire NVD CVE data
-set - including a mechanism to keep the data up to date.
-
-```java
-import NvdCveApi;
-import NvdCveApiBuilder;
-import DefCveItem;
-
-import java.time.ZonedDateTime;
-import java.util.Collection;
-
-public class Example {
-
-    ZonedDateTime retrieveLastUpdated() {
-        // TODO implement a storage/retrieval mechanism.
-        return null;
-    }
-
-    void storeLasUpdated(ZonedDateTime lastUpdated) {
-        // TODO implement a storage/retrieval mechanism.
-    }
-
-    public void update() {
-        ZonedDateTime lastModifiedRequest = retrieveLastUpdated();
-        NvdCveApiBuilder builder = NvdCveApiBuilder.aNvdCveApi();
-        if (lastModifiedRequest != null) {
-            ZonedDateTime end = lastModifiedRequest.minusDays(-120);
-            builder.withLastModifiedFilter(lastModifiedRequest, end);
-        }
-        //TODO add API key with builder's `withApiKey()`
-        //TODO if an API Key is used consider adding `withThreadCount(4)`
-        //TODO add any additional filters via the builder's `withFilter()`
-        try (NvdCveApi api = builder.build()) {
-            while (api.hasNext()) {
-                Collection<DefCveItem> items = api.next();
-                //TODO do something with the items
-            }
-            lastModifiedRequest = api.getLastModifiedRequest();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        storeLasUpdated(lastModifiedRequest);
-    }
-}
-```
+The open-vulnerability-store is an experimental project to build a database containing a normalized
+set of vulnerability information. Currently, the library can be used to create a database of the
+GitHub Security Advisories, NVD CVE data, the CISA Known Expoited Vulnerabilities Catalog, and EPSS.

vulnz/README.md

@@ -54,7 +54,7 @@ export JAVA_OPTS="-Xmx2g"
 Alternatively, run the CLI using the `-Xmx2g` argument:
 
 ```bash
-java -Xmx2g -jar ./vulnz-4.1.2.jar
+java -Xmx2g -jar ./vulnz-5.0.0.jar
 ```
 
 ### Creating the Cache
@@ -71,7 +71,7 @@ for file in *.json; do gzip -k "${file}"; done
 Alternatively, without using the above install command:
 
 ```bash
-./vulnz-4.1.2.jar cve --cache --directory ./cache
+./vulnz-5.0.0.jar cve --cache --directory ./cache
 cd cache
 for file in *.json; do gzip -k "${file}"; done 
 ```