sbt-dependency-check v3.0.0 Release Notes

Release Date: 2020-11-14 // about 1 year ago
  • ๐Ÿ’ฅ Breaking Changes

    • โฌ†๏ธ Dropped sbt v0.13.x support. It's time to upgrade to sbt v1.x if you haven't done already.
    • โฌ†๏ธ If upgrading from sbt-dependency-check v2.0.0 or earlier make sure to run dependencyCheckPurge once before running any other task as there are incompatible database changes.

    Noteworthy Changes

    • โšก๏ธ You can now define allmost all settings with Global or ThisBuild to set up your own defaults for all your projects in your build. See #100 and the updated Multi-Project Setup section in the README.

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fixed an issue for dependencyCheckPurge task which was using an outdated hard-coded value for the database filename and therefore never deleting the database. This was additionally causing users issues when uprading to sbt-dependency-check v2.1.0 as it was a required step in the upgrade path. See #145
    • ๐Ÿ›  Fixed an issue where sbt-dependency-check was throwing an error for projects that have JvmPlugin disabled. #122
    • ๐Ÿ›  Fixed an error in the docs for dependencyCheckFormat. #148

Previous changes from v2.1.0

  • ๐Ÿš€ Updated dependency-check-core to v6.0.3 (#140). See release notes of DependencyCheck v5.3.1 - v6.0.3

    Noteworthy changes

    • โฌ†๏ธ After upgrading run dependencyCheckPurge to clean your database
    • ๐Ÿ‘‰ Users mirroring the NVD feeds - sbt-dependency-check now requires the use of the version 1.1 data feeds - please ensure you are using 1.1 not the 1.0 data feed.
    • โž• Added an experimental PE Analyzer that reads the PE headers of DLL and EXE files that can be activated with dependencyCheckPEAnalyzerEnabled
    • โž• Added experimental Analyzers for pip and Pipfile that can be activated with dependencyCheckPipAnalyzerEnabled, dependencyCheckPipfileAnalyzerEnabled,
    • โž• Added an experimental Analyzer for Mix Audit to scan Elixir dependencies that can be activated with dependencyCheckMixAuditAnalyzerEnabled. Configure dependencyCheckMixAuditPath to point to the mix_audit binary
    • โž• Added dependencyCheckCveUser and dependencyCheckCvePassword settings to support NVD feed mirrors with Basic Authentication