CVE dependency checker no longer works #41168
Description
There has been slow deprecation of old cve api endpoints - which i think stopped our CVE checker from working a while ago - now those endpoints return 403
The documentation for the new endpoints is patchy - and as seems to be on form for nist (!!) their systems seem pretty broken - eg the API key request page doesnt work due to a missing captcha
The new API endpoints, apart from having a different schema, do not return per-year results as old endpoints did - so we will need to rethink how the data is fetched