Releases: jeremylong/DependencyCheck
Releases · jeremylong/DependencyCheck
Version 8.4.0
cc2db4c
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Added
- feat: Add support for Nexus v3 to NexusAnalyzer (#5849)
Fixed
- fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
- chore: switch to sha1-pinning as suggested by Semgrep
- fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
- fix: use curl with -L to follow github redirect (#5808)
- fix: use curl with -L to follow github redirect
- fix: #5671 out of memory error (#5789)
- fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError
Version 8.3.1
bb68c00
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Re-release of 8.3.0 as 8.3.1.
v8.3.0
b46b3fa
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Added
- Add LibmanAnalyzer (#5652)
- Update HTML report Dependencies header based on display settings (#5619)
- Add link to suppressed vulnerabilities header in HTML report (#5620)
- Enable local proxy configuration in maven plugin configuration (#5696)
Fixed
- Fix npm alias present in requires of dependencies (#5703)
- Make Central URL configurable via CLI (#5667)
- Ensure support of CVSSv3.1 (#5602)
See the full listing of changes.
Version 8.2.1
f82364a
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Version 8.2.0
1f914b4
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Added
- Support msbuild Directory.build.props (#5475)
- better display of NPM audit references
- Add CVSS V3 results from NPM Audit results
Fixed
- Fix several issues on NPM Audit reporting (#5546)
- Case issue in SQL (#5557)
- Fix CWE(s) extraction for NPM Audit advisories
- Use the stable github_advisory_id instead of the now unstable id in NPM audit results
See the full listing of changes.
Version 8.1.2
3582a9d
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Fixed
- Fix
NullPointerExceptionin the Jar Analyzer introduced in 8.1.1 (#5512)
Version 8.1.1
c5820ba
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Fixed
- allow hosted suppressions file to be disabled (#5509)
- Several FPs not suitable for our automation (#5504)
- Fix incorrect defaults for nexus and central-analyzer in gradle plugin documentation (#5503)
- Erroneous error-log for deprecated CLI flag usage when using properyfile based disablement of Node Audit Analyzer (#5487)
- Prefer pom.properties G/A/V over pom.xml G/A/V to resolve GAV interpolation issues (#5473)
- Node package dependencies ending up as related dependency of the wrong version of the package (#5479)
- do not throw error if pyproject.toml is in node_modules (#5470)
See the full listing of changes.
Version 8.1.0
8a6517e
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Added
Pipefile.lockfiles are now supported (#5404).- Python projects with only a
pyproject.tomlbut no lock file or requirements will report an error as ODC is unable to analyze the project (#5409).
Fixed
- Some maven projects caused false positives due to bad string interpolation (#5421).
- Error message from Assembly Analyzer has been updated to emphasize dotnet 6 is required for analysis (#5408).
- Correct issue where database defrag occurs even when no updates were performed (#5441).
- Fixed several False Positives and one False Negative.
- Fixed the
formatconfiguration more flexible in the gradle plugin (dependency-check-gradle/#324).
See the full listing of changes.
Version 8.0.2
6b238bc
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Fixed
- Resolved bug causing an issue with some Maven Extensions (#5366).
- ArchiveAnalyzer will now correctly throw an exception if it cannot open an Archive (#5371).
- Updated CSV report so that it no longer has a duplicate
descriptioncolumn (#5364). - Moved several logging statements to trace which should drastically reduce the log size (#5350).
- Fixed bug with RetireJS'
--retirejsFilterNonVulnerableand--retirejsFilterwhen used with the CLI (#5351). - Fixed the
sarifreport format and added validation (#5345 and (#5363) - Fixed
MalformedPackageExceptionin the gradle plugin (dependency-check-gradle/#320). - Fixed
MissingMethodExceptionin the gradle plugin (dependency-check-gradle/#316).
See the full listing of changes.
Version 8.0.1
9873775
This commit was signed with the committer’s verified signature.
jeremylong
Jeremy Long
Fixed
- Fixed Stack Overflow Exception in the gradle plugin (dependency-check-gradle/#308).
- Fixed No Signature of Method Exception in the gradle plugin (dependency-check-gradle/#305).
- Updated DB initialization scripts for externally hosted DBs (#5314 and #5317).
- Postgres users will need to use the updated init script and 8.0.1.
- Resolved NPE in the NodePackageAnalyzer (#5339).
See the full listing of changes.