Support for NIST/NVD 2.0 data feeds

[andham]

Current Behavior

According to https://www.nist.gov/itl/nvd NIST has changed their mind and will not retire the NVD data feeds, but create new NVD 2.0 data feeds.

Proposed Behavior

In some environments (air-gapped and similar) it is much easier to create mirror sites for these data feeds than the NVD APIs, so support for the new 2.0 data feeds would be great.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

For future reference, the relevant part of the provided link is this:

Legacy Data Feed Files Update
We are planning to retire and replace the following legacy data feed files with complimentary data feed files that reflect the 2.0 /cves/, /cpematch/ and /cpes/ API response content.

• The 1.1 Vulnerability Feeds with /cves/ 2.0 compliant files.
• The 1.0 CPE Match Feed with a /cpematch/ 2.0 compliant file.
• The Official CPE 2.3 Dictionary .zip and .gz with /cpes/ 2.0 compliant files.

While we originally intended to move away from supporting this type of bulk download capability, circumstances have redirected our efforts from other, preferred approaches.

Once these updates are made available, the unsupported legacy data feed files will remain available in parallel for 3 months as a courtesy. After that time, the legacy 1.1 feed files will no longer be accessible. Any organizations making use of the legacy feed files will need to update their systems to use the 2.0 APIs or the 2.0 data feed files.