sbt-dependency-check v3.0.0 Release Notes

Release Date: 2020-11-14 // about 2 years ago
  • 💥 Breaking Changes

    • ⬆️ Dropped sbt v0.13.x support. It's time to upgrade to sbt v1.x if you haven't done already.
    • ⬆️ If upgrading from sbt-dependency-check v2.0.0 or earlier make sure to run dependencyCheckPurge once before running any other task as there are incompatible database changes.

    Noteworthy Changes

    • ⚡️ You can now define allmost all settings with Global or ThisBuild to set up your own defaults for all your projects in your build. See #100 and the updated Multi-Project Setup section in the README.

    🛠 Bugfixes

    • 🛠 Fixed an issue for dependencyCheckPurge task which was using an outdated hard-coded value for the database filename and therefore never deleting the database. This was additionally causing users issues when uprading to sbt-dependency-check v2.1.0 as it was a required step in the upgrade path. See #145
    • 🛠 Fixed an issue where sbt-dependency-check was throwing an error for projects that have JvmPlugin disabled. #122
    • 🛠 Fixed an error in the docs for dependencyCheckFormat. #148

Previous changes from v2.1.0

  • 🚀 Updated dependency-check-core to v6.0.3 (#140). See release notes of DependencyCheck v5.3.1 - v6.0.3

    Noteworthy changes

    • ⬆️ After upgrading run dependencyCheckPurge to clean your database
    • 👉 Users mirroring the NVD feeds - sbt-dependency-check now requires the use of the version 1.1 data feeds - please ensure you are using 1.1 not the 1.0 data feed.
    • ➕ Added an experimental PE Analyzer that reads the PE headers of DLL and EXE files that can be activated with dependencyCheckPEAnalyzerEnabled
    • ➕ Added experimental Analyzers for pip and Pipfile that can be activated with dependencyCheckPipAnalyzerEnabled, dependencyCheckPipfileAnalyzerEnabled,
    • ➕ Added an experimental Analyzer for Mix Audit to scan Elixir dependencies that can be activated with dependencyCheckMixAuditAnalyzerEnabled. Configure dependencyCheckMixAuditPath to point to the mix_audit binary
    • ➕ Added dependencyCheckCveUser and dependencyCheckCvePassword settings to support NVD feed mirrors with Basic Authentication