sbt-dependency-check v2.1.0 Release Notes

Release Date: 2020-11-04 // almost 2 years ago
  • ๐Ÿš€ Updated dependency-check-core to v6.0.3 (#140). See release notes of DependencyCheck v5.3.1 - v6.0.3

    Noteworthy changes

    • โฌ†๏ธ After upgrading run dependencyCheckPurge to clean your database
    • ๐Ÿ‘‰ Users mirroring the NVD feeds - sbt-dependency-check now requires the use of the version 1.1 data feeds - please ensure you are using 1.1 not the 1.0 data feed.
    • โž• Added an experimental PE Analyzer that reads the PE headers of DLL and EXE files that can be activated with dependencyCheckPEAnalyzerEnabled
    • โž• Added experimental Analyzers for pip and Pipfile that can be activated with dependencyCheckPipAnalyzerEnabled, dependencyCheckPipfileAnalyzerEnabled,
    • โž• Added an experimental Analyzer for Mix Audit to scan Elixir dependencies that can be activated with dependencyCheckMixAuditAnalyzerEnabled. Configure dependencyCheckMixAuditPath to point to the mix_audit binary
    • โž• Added dependencyCheckCveUser and dependencyCheckCvePassword settings to support NVD feed mirrors with Basic Authentication