Skip to content

Releases: dependency-check/dependency-check-sonar-plugin

sonar-dependency-check-5.0.0

27 Feb 13:38
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

  • Update sonarsource parent and adjust license year (#916 by @Reamer)
  • Open report in a separate window (#915 by @Reamer)
  • Migrate to slf4j (#896 by @Reamer)
  • Drop JDK11 Support and add JDK21 Support (#903 by @Reamer)
  • Reinstate security hotspot rule definition (#900 by @NIGCH)
  • Use new severity levels (high, medium, low) (#895 by @NIGCH)

🧰 Maintenance

  • Bump webpack-cli from 4.10.0 to 5.1.4 in /sonar-dependency-check-plugin (#821 by @dependabot)
  • Bump webpack from 5.75.0 to 5.90.3 in /sonar-dependency-check-plugin (#914 by @dependabot)
  • Bump minimatch and recursive-readdir in /sonar-dependency-check-plugin (#725 by @dependabot)
  • Bump json5 and babel-loader in /sonar-dependency-check-plugin (#741 by @dependabot)
  • Bump postcss from 8.4.21 to 8.4.31 in /sonar-dependency-check-plugin (#856 by @dependabot)
  • Bump @babel/core from 7.21.0 to 7.23.9 in /sonar-dependency-check-plugin (#907 by @dependabot)
  • Bump follow-redirects from 1.15.2 to 1.15.4 in /sonar-dependency-check-plugin (#901 by @dependabot)
  • Bump word-wrap from 1.2.3 to 1.2.4 in /sonar-dependency-check-plugin (#837 by @dependabot)
  • Bump jackson.version from 2.16.0 to 2.16.1 in /sonar-dependency-check-plugin (#897 by @dependabot)
  • Bump org.mockito:mockito-core from 5.9.0 to 5.10.0 in /sonar-dependency-check-plugin (#905 by @dependabot)
  • Bump junit.jupiter.version from 5.10.1 to 5.10.2 in /sonar-dependency-check-plugin (#912 by @dependabot)
  • Bump release-drafter/release-drafter from 5 to 6 (#910 by @dependabot)
  • Bump actions/checkout from 3 to 4 (#845 by @dependabot)
  • Bump org.mockito:mockito-core from 5.8.0 to 5.9.0 in /sonar-dependency-check-plugin (#902 by @dependabot)
  • Bump com.github.eirslett:frontend-maven-plugin from 1.13.4 to 1.15.0 in /sonar-dependency-check-plugin (#884 by @dependabot)
  • Bump de.jutzig:github-release-plugin from 1.5.1 to 1.6.0 in /sonar-dependency-check-plugin (#890 by @dependabot)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.8.2 to 4.8.3 in /sonar-dependency-check-plugin (#892 by @dependabot)

sonar-dependency-check-4.0.1

12 Dec 12:50
Compare
Choose a tag to compare

Changes

  • Support for dependency-check 9.0.2 2bfcbbc

🧰 Maintenance

  • Bump org.mockito:mockito-core from 5.7.0 to 5.8.0 in /sonar-dependency-check-plugin (#885 by @dependabot)
  • Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 in /sonar-dependency-check-plugin (#880 by @dependabot)
  • Bump actions/stale from 8 to 9 (#887 by @dependabot)
  • Bump actions/setup-java from 3 to 4 (#881 by @dependabot)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.8.1 to 4.8.2 in /sonar-dependency-check-plugin (#882 by @dependabot)
  • Bump de.jutzig:github-release-plugin from 1.4.0 to 1.5.1 in /sonar-dependency-check-plugin (#878 by @dependabot)
  • Bump jackson.version from 2.15.3 to 2.16.0 in /sonar-dependency-check-plugin (#877 by @dependabot)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.8.0 to 4.8.1 in /sonar-dependency-check-plugin (#874 by @dependabot)
  • Bump junit.jupiter.version from 5.10.0 to 5.10.1 in /sonar-dependency-check-plugin (#872 by @dependabot)
  • Bump org.mockito:mockito-core from 5.6.0 to 5.7.0 in /sonar-dependency-check-plugin (#871 by @dependabot)
  • Bump org.mockito:mockito-core from 5.5.0 to 5.6.0 in /sonar-dependency-check-plugin (#857 by @dependabot)
  • Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 in /sonar-dependency-check-plugin (#866 by @dependabot)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0 in /sonar-dependency-check-plugin (#860 by @dependabot)
  • Bump jackson.version from 2.15.2 to 2.15.3 in /sonar-dependency-check-plugin (#862 by @dependabot)
  • Bump jackson.version from 2.14.2 to 2.15.2 in /sonar-dependency-check-plugin (#814 by @dependabot)
  • Bump maven-release-plugin from 3.0.0 to 3.0.1 in /sonar-dependency-check-plugin (#816 by @dependabot)
  • Bump org.mockito:mockito-core from 5.4.0 to 5.5.0 in /sonar-dependency-check-plugin (#841 by @dependabot)
  • Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 in /sonar-dependency-check-plugin (#839 by @dependabot)
  • Bump junit.jupiter.version from 5.9.3 to 5.10.0 in /sonar-dependency-check-plugin (#838 by @dependabot)
  • Bump frontend-maven-plugin from 1.13.3 to 1.13.4 in /sonar-dependency-check-plugin (#830 by @dependabot)
  • Bump frontend-maven-plugin from 1.12.1 to 1.13.3 in /sonar-dependency-check-plugin (#827 by @dependabot)
  • Bump mockito-core from 5.3.1 to 5.4.0 in /sonar-dependency-check-plugin (#824 by @dependabot)

sonar-dependency-check-4.0.0

12 May 13:48
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

  • Remove unsupported sonar-components and sonar-helpers (#784 by @Reamer)
  • Update parent (#783 by @Reamer)
  • Update api and api-impl to current LTS version and remove JDK 8 support (#782 by @Reamer)

🧰 Maintenance

  • Bump mockito-core from 5.3.0 to 5.3.1 in /sonar-dependency-check-plugin (#789 by @dependabot)
  • Bump junit.jupiter.version from 5.9.2 to 5.9.3 in /sonar-dependency-check-plugin (#792 by @dependabot)
  • Bump jacoco-maven-plugin from 0.8.9 to 0.8.10 in /sonar-dependency-check-plugin (#793 by @dependabot)
  • Bump actions/stale from 7 to 8 (#771 by @dependabot)
  • Bump mockito-core from 4.11.0 to 5.3.0 in /sonar-dependency-check-plugin (#780 by @dependabot)
  • Bump jacoco-maven-plugin from 0.8.8 to 0.8.9 in /sonar-dependency-check-plugin (#777 by @dependabot)
  • Bump maven-release-plugin from 2.5.3 to 3.0.0 in /sonar-dependency-check-plugin (#770 by @dependabot)

sonar-dependency-check-3.1.0

23 Feb 16:22
Compare
Choose a tag to compare

Changes

  • Remove depreacted XML-Report Parser (#755 by @Reamer)

🚀 New features and improvements

  • Update node dependencies and node itself (#762 by @Reamer)
  • Support dependency-check 8.0.0 (#758 by @Reamer)
  • Ability to select whether filename or filepath is used (#757 by @jenspopp)
  • Ability to select whether filename or filepath is used (#749 by @jenspopp)

🧰 Maintenance

  • Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 in /sonar-dependency-check-plugin (#759 by @dependabot)
  • Bump spotbugs-annotations from 4.7.1 to 4.7.3 in /sonar-dependency-check-plugin (#711 by @dependabot)
  • Bump junit.jupiter.version from 5.9.1 to 5.9.2 in /sonar-dependency-check-plugin (#745 by @dependabot)
  • Bump jackson.version from 2.11.3 to 2.14.2 in /sonar-dependency-check-plugin (#756 by @dependabot)
  • Bump mockito-core from 4.9.0 to 4.11.0 in /sonar-dependency-check-plugin (#740 by @dependabot)
  • Bump actions/stale from 6 to 7 (#738 by @dependabot)
  • Bump mockito-core from 4.8.0 to 4.9.0 in /sonar-dependency-check-plugin (#723 by @dependabot)
  • Bump mockito-core from 4.7.0 to 4.8.0 in /sonar-dependency-check-plugin (#696 by @dependabot)
  • Bump junit.jupiter.version from 5.9.0 to 5.9.1 in /sonar-dependency-check-plugin (#701 by @dependabot)
  • Bump actions/stale from 5 to 6 (#702 by @dependabot)
  • Bump mockito-core from 4.6.1 to 4.7.0 in /sonar-dependency-check-plugin (#687 by @dependabot)
  • Bump junit.jupiter.version from 5.8.2 to 5.9.0 in /sonar-dependency-check-plugin (#683 by @dependabot)
  • Bump spotbugs-annotations from 4.7.0 to 4.7.1 in /sonar-dependency-check-plugin (#672 by @dependabot)
  • Bump mockito-core from 4.6.0 to 4.6.1 in /sonar-dependency-check-plugin (#659 by @dependabot)
  • Bump mockito-core from 4.5.1 to 4.6.0 in /sonar-dependency-check-plugin (#657 by @dependabot)
  • Bump actions/stale from 4 to 5 (#638 by @dependabot)
  • Bump actions/setup-java from 2 to 3 (#639 by @dependabot)
  • Bump mockito-core from 4.4.0 to 4.5.1 in /sonar-dependency-check-plugin (#641 by @dependabot)
  • Bump spotbugs-annotations from 4.6.0 to 4.7.0 in /sonar-dependency-check-plugin (#646 by @dependabot)
  • Bump mockito-core from 4.2.0 to 4.4.0 in /sonar-dependency-check-plugin (#622 by @dependabot)
  • Bump actions/checkout from 2.4.0 to 3 (#618 by @dependabot)
  • Bump spotbugs-annotations from 4.5.3 to 4.6.0 in /sonar-dependency-check-plugin (#621 by @dependabot)

sonar-dependency-check-3.0.1

24 Feb 13:14
313f379
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

sonar-dependency-check-3.0.0

10 Feb 12:44
9a2991b
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

🧰 Maintenance

  • Update example projects (#602 by @Reamer)
  • Bump style-loader from 2.0.0 to 3.3.1 in /sonar-dependency-check-plugin (#595 by @dependabot)
  • Bump babel-loader from 8.2.2 to 8.2.3 in /sonar-dependency-check-plugin (#590 by @dependabot)
  • Bump webpack-dev-server from 3.11.2 to 4.7.3 in /sonar-dependency-check-plugin (#594 by @dependabot)
  • Bump underscore from 1.13.1 to 1.13.2 in /sonar-dependency-check-plugin (#593 by @dependabot)
  • Bump css-loader from 5.2.6 to 6.5.1 in /sonar-dependency-check-plugin (#591 by @dependabot)
  • Bump eslint-plugin-react from 7.23.2 to 7.28.0 in /sonar-dependency-check-plugin (#570 by @dependabot)
  • Bump react-dev-utils from 11.0.4 to 12.0.0 in /sonar-dependency-check-plugin (#592 by @dependabot)
  • Bump babel-preset-react-app from 10.0.0 to 10.0.1 in /sonar-dependency-check-plugin (#589 by @dependabot)
  • Bump @babel/core from 7.14.3 to 7.16.7 in /sonar-dependency-check-plugin (#573 by @dependabot)
  • Bump autoprefixer from 10.2.5 to 10.4.2 in /sonar-dependency-check-plugin (#578 by @dependabot)
  • Bump react-router from 5.2.0 to 6.2.1 in /sonar-dependency-check-plugin (#587 by @dependabot)
  • Bump postcss-loader from 5.3.0 to 6.2.1 in /sonar-dependency-check-plugin (#588 by @dependabot)
  • Bump webpack from 5.37.1 to 5.66.0 in /sonar-dependency-check-plugin (#579 by @dependabot)
  • Bump eslint from 7.27.0 to 8.7.0 in /sonar-dependency-check-plugin (#580 by @dependabot)
  • Improve Readme Fixes #561 (#584 by @Reamer)
  • Bump mockito-core from 3.12.4 to 4.2.0 in /sonar-dependency-check-plugin (#567 by @dependabot)
  • Bump junit.jupiter.version from 5.7.2 to 5.8.2 in /sonar-dependency-check-plugin (#556 by @dependabot)
  • Bump spotbugs-annotations from 4.5.0 to 4.5.3 in /sonar-dependency-check-plugin (#577 by @dependabot)
  • Bump frontend-maven-plugin from 1.12.0 to 1.12.1 in /sonar-dependency-check-plugin (#571 by @dependabot)
  • Bump spotbugs-annotations from 4.4.0 to 4.5.0 in /sonar-dependency-check-plugin (#545 by @dependabot)
  • Bump actions/checkout from 2.3.5 to 2.4.0 (#539 by @dependabot)
  • Bump actions/checkout from 2.3.4 to 2.3.5 (#531 by @dependabot)
  • Bump mockito-core from 3.10.0 to 3.12.4 in /sonar-dependency-check-plugin (#489 by @dependabot)
  • Bump spotbugs-annotations from 4.2.3 to 4.4.0 in /sonar-dependency-check-plugin (#482 by @dependabot)

sonar-dependency-check-2.0.8

31 May 14:54
94a8fe1
Compare
Choose a tag to compare

Changes

🧰 Maintenance

  • Skip Deploy plugin as we do not have distributionManagement (#444 by @Reamer)
  • Bump eslint from 7.26.0 to 7.27.0 in /sonar-dependency-check-plugin (#439 by @dependabot)
  • Cleanup with new IDE (#438 by @Reamer)
  • Update node to 16.2.0 (#437 by @Reamer)
  • update mor dependencies (#436 by @Reamer)
  • Node Dependencies and Dependabot adjustment (#433 by @Reamer)
  • Bump frontend-maven-plugin from 1.11.3 to 1.12.0 in /sonar-dependency-check-plugin (#427 by @dependabot)
  • Bump mockito-core from 3.9.0 to 3.10.0 in /sonar-dependency-check-plugin (#426 by @dependabot)
  • Bump junit.jupiter.version from 5.7.1 to 5.7.2 in /sonar-dependency-check-plugin (#428 by @dependabot)
  • Bump actions/checkout from 2 to 2.3.4 (#424 by @dependabot)
  • Bump spotbugs-annotations from 4.2.2 to 4.2.3 in /sonar-dependency-check-plugin (#413 by @dependabot)
  • Bump mockito-core from 3.8.0 to 3.9.0 in /sonar-dependency-check-plugin (#408 by @dependabot)
  • Workflow rewrite (#407 by @Reamer)
  • Update NodeJS dependencies (#400 by @Reamer)
  • Bump mockito-core from 3.7.7 to 3.8.0 in /sonar-dependency-check-plugin (#368 by @dependabot)
  • Bump frontend-maven-plugin from 1.11.2 to 1.11.3 in /sonar-dependency-check-plugin (#394 by @dependabot)
  • Bump spotbugs-annotations from 4.2.1 to 4.2.2 in /sonar-dependency-check-plugin (#374 by @dependabot)
  • Bump commons-lang3 from 3.11 to 3.12.0 in /sonar-dependency-check-plugin (#373 by @dependabot)
  • Bump frontend-maven-plugin from 1.11.0 to 1.11.2 in /sonar-dependency-check-plugin (#364 by @dependabot)
  • Bump mockito-core from 3.6.28 to 3.7.7 in /sonar-dependency-check-plugin (#340 by @dependabot)
  • Bump junit.jupiter.version from 5.7.0 to 5.7.1 in /sonar-dependency-check-plugin (#357 by @dependabot)
  • Bump spotbugs-annotations from 4.2.0 to 4.2.1 in /sonar-dependency-check-plugin (#356 by @dependabot)
  • Fixed grammar / typos (#345 by @LesnyRumcajs)

sonar-dependency-check-2.0.7

22 Dec 14:11
2e3701c
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

  • Added support for setting configuration properties on project level (#279 by @tobiasstadler)

🧰 Maintenance

  • Bump react and react-dom in /sonar-dependency-check-plugin (#322 by @dependabot)
  • Update libs (#321 by @Reamer)
  • fix some code smells reported by sonarcloud (#320 by @Reamer)
  • Bump ini from 1.3.5 to 1.3.7 in /sonar-dependency-check-plugin (#311 by @dependabot)
  • Update npm dependencies based on dependabot (#310 by @Reamer)
  • Bump eslint-plugin-react from 7.20.6 to 7.21.5 in /sonar-dependency-check-plugin (#303 by @dependabot)
  • Bump eslint from 6.8.0 to 7.15.0 in /sonar-dependency-check-plugin (#301 by @dependabot)
  • Bump react-addons-shallow-compare from 15.6.2 to 15.6.3 in /sonar-dependency-check-plugin (#300 by @dependabot)
  • Bump @babel/core from 7.11.6 to 7.12.10 in /sonar-dependency-check-plugin (#302 by @dependabot)
  • Bump underscore from 1.11.0 to 1.12.0 in /sonar-dependency-check-plugin (#299 by @dependabot)
  • Ignore sonar-plugin-api in dependabot (#304 by @Reamer)
  • Bump frontend-maven-plugin from 1.6 to 1.10.4 in /sonar-dependency-check-plugin (#298 by @dependabot)
  • Bump mockito-core from 3.6.0 to 3.6.28 in /sonar-dependency-check-plugin (#297 by @dependabot)
  • Update spotbugs (#293 by @Reamer)
  • Add dependabot v2 (#292 by @Reamer)
  • Move to GitHub actions #2 (#289 by @Reamer)
  • Move to GitHub actions (#288 by @Reamer)
  • update java library versions (#287 by @Reamer)
  • Migrate to travis-ci.com (#286 by @Reamer)
  • Improve Readme (#282 by @Reamer)

sonar-dependency-check-2.0.6

15 Sep 08:50
2fe276c
Compare
Choose a tag to compare

Changes

  • Bump elliptic from 6.5.2 to 6.5.3 in /sonar-dependency-check-plugin (#271 by @dependabot)
  • Support dependency-check 6.0.0 (#278 by @Reamer)
  • Added support for getting the report html for the current branch/pullrequest (#274 by @tobiasstadler)

🧰 Maintenance

  • Update javascript dependencies (#276 by @Reamer)
  • Update sonar plugin api and other used libraries (#264 by @Reamer)

sonar-dependency-check-2.0.5

10 Jun 08:46
18e6251
Compare
Choose a tag to compare

Changes

🚀 New features and improvements

  • Prefer configuration files based on the dependency language (#257 by @Reamer)
  • Add an additional rules for security hotspot (#252 by @Reamer)

🐛 Bug Fixes

🧰 Maintenance