Precondition

• I checked the issues list for existing open or closed reports of the same problem.

Describe the bug

dependency-check-maven contains a compile dependency to org.apache.maven.shared:maven-artifact-transfer:0.13.1 which contains a compile dependency to org.apache.maven:maven-core.
dependency-check-maven contains a provided dependency to org.apache.maven:maven-core:3.6.3.
This means that dependency-check-maven will pull in org.apache.maven:maven-core:3.6.3 as a compile dependency.

org.apache.maven:maven-core:3.6.3 contains the critical vulnerability CVE-2021-26291: https://mvnrepository.com/artifact/org.apache.maven/maven-core/3.6.3

The recommendation is to have a provided dependency to maven-core, not compile, and the org.apache.maven.shared:maven-artifact-transfer artifact is deprecated.

Version of dependency-check used
The problem occurs using version 12.1.0 of the maven plugin.

Log file
N/A

To Reproduce
Steps to reproduce the behavior:

1. Create a simple project containing dependency-check-maven, like this: https://gist.github.com/johanblumenberg/72d74aa8520292e1fb220a06de1490af
2. Run mvn verify
3. Open target/dependency-check-report.html and check the critical items reported.

Expected behavior

No critical vulnerabilities coming from the dependency-check-maven plugin itself.

Additional context

N/A