Skip to content

Releases: jeremylong/DependencyCheck

Version 7.0.4

30 Mar 11:18
@github-actions github-actions
v7.0.4
d200397
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 7.0.4

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.
Assets 7
Loading

Version 7.0.3

29 Mar 11:40
@github-actions github-actions
v7.0.3
d881157
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 7.0.3

Changes

  • Update to jackson-databind (see #4285).
  • See the full listing of changes.
Assets 7
Loading

Version 7.0.2

28 Mar 12:09
@github-actions github-actions
v7.0.2
eecb5a0
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 7.0.2

Changes

  • General project maintenance, bug fixes, and false positive and false negative reductions.
  • See the full listing of changes.
Assets 7
Loading

Version 7.0.1

23 Mar 11:16
@github-actions github-actions
v7.0.1
180596b
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 7.0.1

Changes

  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.
Assets 7
Loading

Version 7.0.0

28 Feb 12:05
@github-actions github-actions
v7.0.0
a7e36ff
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 7.0.0

Breaking Changes

  • The H2 database version has been upgraded.
    • if you use the dataDirectory option you will need to run a purge after upgrading.
  • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

Changes

  • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
  • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
  • When analyzing Java projects ODC now includes data from the developers section.
    • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
  • General project maintenance, bug fixes, and false positive reductions.
  • See the full listing of changes.
Assets 7
Loading

Version 6.5.3

12 Jan 12:25
@github-actions github-actions
v6.5.3
9682614
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 6.5.3

Changes in this Release

  • Performance improvements for some Maven projects (see #3923 and #3931).
  • Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
  • Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.
Assets 6
Loading

Version 6.5.2

03 Jan 12:41
@github-actions github-actions
v6.5.2
8ceeff8
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 6.5.2

Changes in this Release

  • Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
  • Bug fix when processing NPM lock files (#3893).
  • Added missing pnpm argmument to the CLI (#3916).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.
Assets 6
Loading

Version 6.5.1

18 Dec 21:52
@github-actions github-actions
v6.5.1
bf30aa8
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 6.5.1

Changes in this Release

  • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#3787).
  • Improved the analysis of Swift package manager (package.resolved - see #3813).
  • General code maintenance and false positive reductions.
  • See the full listing of changes.
Assets 6
Loading

Version 6.5.0

08 Nov 13:20
@github-actions github-actions
v6.5.0
47737f0
This commit was signed with the committer’s verified signature.
jeremylong Jeremy Long
GPG key ID: FFDE55BE73A2D1ED
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 6.5.0

Changes in this Release

  • Updated build configuration to create reproducible builds.
  • Updated automated release process to work with branch protection.
  • Resolved several false positives in the Java ecosystem.
  • Enabled the Swift Resolved analyzer per #3735
  • Improved iOS support per #3168 and #3765
  • Added the a new pnpm Analyzer
  • Fixed issue with some npm and yarn analysis failing due to large audit output
  • See the full listing of changes.
Assets 6
Loading

Version 6.4.1

11 Oct 21:34
@github-actions github-actions
v6.4.1
df2700e
Compare
Choose a tag to compare
Version 6.4.1

Changes in this Release

  • Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #3725).
  • See the full listing of changes.
Assets 6
Loading