sonar-dependency-check-5.0.0

Changes

🚀 New features and improvements

• Update sonarsource parent and adjust license year (#916 by @Reamer)
• Open report in a separate window (#915 by @Reamer)
• Migrate to slf4j (#896 by @Reamer)
• Drop JDK11 Support and add JDK21 Support (#903 by @Reamer)
• Reinstate security hotspot rule definition (#900 by @NIGCH)
• Use new severity levels (high, medium, low) (#895 by @NIGCH)

🧰 Maintenance

• Bump webpack-cli from 4.10.0 to 5.1.4 in /sonar-dependency-check-plugin (#821 by @dependabot)
• Bump webpack from 5.75.0 to 5.90.3 in /sonar-dependency-check-plugin (#914 by @dependabot)
• Bump minimatch and recursive-readdir in /sonar-dependency-check-plugin (#725 by @dependabot)
• Bump json5 and babel-loader in /sonar-dependency-check-plugin (#741 by @dependabot)
• Bump postcss from 8.4.21 to 8.4.31 in /sonar-dependency-check-plugin (#856 by @dependabot)
• Bump @babel/core from 7.21.0 to 7.23.9 in /sonar-dependency-check-plugin (#907 by @dependabot)
• Bump follow-redirects from 1.15.2 to 1.15.4 in /sonar-dependency-check-plugin (#901 by @dependabot)
• Bump word-wrap from 1.2.3 to 1.2.4 in /sonar-dependency-check-plugin (#837 by @dependabot)
• Bump jackson.version from 2.16.0 to 2.16.1 in /sonar-dependency-check-plugin (#897 by @dependabot)
• Bump org.mockito:mockito-core from 5.9.0 to 5.10.0 in /sonar-dependency-check-plugin (#905 by @dependabot)
• Bump junit.jupiter.version from 5.10.1 to 5.10.2 in /sonar-dependency-check-plugin (#912 by @dependabot)
• Bump release-drafter/release-drafter from 5 to 6 (#910 by @dependabot)
• Bump actions/checkout from 3 to 4 (#845 by @dependabot)
• Bump org.mockito:mockito-core from 5.8.0 to 5.9.0 in /sonar-dependency-check-plugin (#902 by @dependabot)
• Bump com.github.eirslett:frontend-maven-plugin from 1.13.4 to 1.15.0 in /sonar-dependency-check-plugin (#884 by @dependabot)
• Bump de.jutzig:github-release-plugin from 1.5.1 to 1.6.0 in /sonar-dependency-check-plugin (#890 by @dependabot)
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.2 to 4.8.3 in /sonar-dependency-check-plugin (#892 by @dependabot)

sonar-dependency-check-4.0.1

Changes

• Support for dependency-check 9.0.2 2bfcbbc

🧰 Maintenance

• Bump org.mockito:mockito-core from 5.7.0 to 5.8.0 in /sonar-dependency-check-plugin (#885 by @dependabot)
• Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 in /sonar-dependency-check-plugin (#880 by @dependabot)
• Bump actions/stale from 8 to 9 (#887 by @dependabot)
• Bump actions/setup-java from 3 to 4 (#881 by @dependabot)
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.1 to 4.8.2 in /sonar-dependency-check-plugin (#882 by @dependabot)
• Bump de.jutzig:github-release-plugin from 1.4.0 to 1.5.1 in /sonar-dependency-check-plugin (#878 by @dependabot)
• Bump jackson.version from 2.15.3 to 2.16.0 in /sonar-dependency-check-plugin (#877 by @dependabot)
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.0 to 4.8.1 in /sonar-dependency-check-plugin (#874 by @dependabot)
• Bump junit.jupiter.version from 5.10.0 to 5.10.1 in /sonar-dependency-check-plugin (#872 by @dependabot)
• Bump org.mockito:mockito-core from 5.6.0 to 5.7.0 in /sonar-dependency-check-plugin (#871 by @dependabot)
• Bump org.mockito:mockito-core from 5.5.0 to 5.6.0 in /sonar-dependency-check-plugin (#857 by @dependabot)
• Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 in /sonar-dependency-check-plugin (#866 by @dependabot)
• Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0 in /sonar-dependency-check-plugin (#860 by @dependabot)
• Bump jackson.version from 2.15.2 to 2.15.3 in /sonar-dependency-check-plugin (#862 by @dependabot)
• Bump jackson.version from 2.14.2 to 2.15.2 in /sonar-dependency-check-plugin (#814 by @dependabot)
• Bump maven-release-plugin from 3.0.0 to 3.0.1 in /sonar-dependency-check-plugin (#816 by @dependabot)
• Bump org.mockito:mockito-core from 5.4.0 to 5.5.0 in /sonar-dependency-check-plugin (#841 by @dependabot)
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 in /sonar-dependency-check-plugin (#839 by @dependabot)
• Bump junit.jupiter.version from 5.9.3 to 5.10.0 in /sonar-dependency-check-plugin (#838 by @dependabot)
• Bump frontend-maven-plugin from 1.13.3 to 1.13.4 in /sonar-dependency-check-plugin (#830 by @dependabot)
• Bump frontend-maven-plugin from 1.12.1 to 1.13.3 in /sonar-dependency-check-plugin (#827 by @dependabot)
• Bump mockito-core from 5.3.1 to 5.4.0 in /sonar-dependency-check-plugin (#824 by @dependabot)

sonar-dependency-check-4.0.0

Changes

🚀 New features and improvements

• Remove unsupported sonar-components and sonar-helpers (#784 by @Reamer)
• Update parent (#783 by @Reamer)
• Update api and api-impl to current LTS version and remove JDK 8 support (#782 by @Reamer)

🧰 Maintenance

• Bump mockito-core from 5.3.0 to 5.3.1 in /sonar-dependency-check-plugin (#789 by @dependabot)
• Bump junit.jupiter.version from 5.9.2 to 5.9.3 in /sonar-dependency-check-plugin (#792 by @dependabot)
• Bump jacoco-maven-plugin from 0.8.9 to 0.8.10 in /sonar-dependency-check-plugin (#793 by @dependabot)
• Bump actions/stale from 7 to 8 (#771 by @dependabot)
• Bump mockito-core from 4.11.0 to 5.3.0 in /sonar-dependency-check-plugin (#780 by @dependabot)
• Bump jacoco-maven-plugin from 0.8.8 to 0.8.9 in /sonar-dependency-check-plugin (#777 by @dependabot)
• Bump maven-release-plugin from 2.5.3 to 3.0.0 in /sonar-dependency-check-plugin (#770 by @dependabot)

sonar-dependency-check-3.1.0

Changes

• Remove depreacted XML-Report Parser (#755 by @Reamer)

🚀 New features and improvements

• Update node dependencies and node itself (#762 by @Reamer)
• Support dependency-check 8.0.0 (#758 by @Reamer)
• Ability to select whether filename or filepath is used (#757 by @jenspopp)
• Ability to select whether filename or filepath is used (#749 by @jenspopp)

🧰 Maintenance

• Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 in /sonar-dependency-check-plugin (#759 by @dependabot)
• Bump spotbugs-annotations from 4.7.1 to 4.7.3 in /sonar-dependency-check-plugin (#711 by @dependabot)
• Bump junit.jupiter.version from 5.9.1 to 5.9.2 in /sonar-dependency-check-plugin (#745 by @dependabot)
• Bump jackson.version from 2.11.3 to 2.14.2 in /sonar-dependency-check-plugin (#756 by @dependabot)
• Bump mockito-core from 4.9.0 to 4.11.0 in /sonar-dependency-check-plugin (#740 by @dependabot)
• Bump actions/stale from 6 to 7 (#738 by @dependabot)
• Bump mockito-core from 4.8.0 to 4.9.0 in /sonar-dependency-check-plugin (#723 by @dependabot)
• Bump mockito-core from 4.7.0 to 4.8.0 in /sonar-dependency-check-plugin (#696 by @dependabot)
• Bump junit.jupiter.version from 5.9.0 to 5.9.1 in /sonar-dependency-check-plugin (#701 by @dependabot)
• Bump actions/stale from 5 to 6 (#702 by @dependabot)
• Bump mockito-core from 4.6.1 to 4.7.0 in /sonar-dependency-check-plugin (#687 by @dependabot)
• Bump junit.jupiter.version from 5.8.2 to 5.9.0 in /sonar-dependency-check-plugin (#683 by @dependabot)
• Bump spotbugs-annotations from 4.7.0 to 4.7.1 in /sonar-dependency-check-plugin (#672 by @dependabot)
• Bump mockito-core from 4.6.0 to 4.6.1 in /sonar-dependency-check-plugin (#659 by @dependabot)
• Bump mockito-core from 4.5.1 to 4.6.0 in /sonar-dependency-check-plugin (#657 by @dependabot)
• Bump actions/stale from 4 to 5 (#638 by @dependabot)
• Bump actions/setup-java from 2 to 3 (#639 by @dependabot)
• Bump mockito-core from 4.4.0 to 4.5.1 in /sonar-dependency-check-plugin (#641 by @dependabot)
• Bump spotbugs-annotations from 4.6.0 to 4.7.0 in /sonar-dependency-check-plugin (#646 by @dependabot)
• Bump mockito-core from 4.2.0 to 4.4.0 in /sonar-dependency-check-plugin (#622 by @dependabot)
• Bump actions/checkout from 2.4.0 to 3 (#618 by @dependabot)
• Bump spotbugs-annotations from 4.5.3 to 4.6.0 in /sonar-dependency-check-plugin (#621 by @dependabot)

sonar-dependency-check-3.0.1

Changes

🚀 New features and improvements

• Restore JDK8 compatibility (#616 by @Reamer)

sonar-dependency-check-3.0.0

Changes

• Deprecate XML-Reports (#493 by @Reamer)

🚀 New features and improvements

• make nodejs much simpler (#596 by @Reamer)
• Add workflow_dispatch to release-drafter and stale (#586 by @Reamer)
• Add stale action Fixes #430 (#585 by @Reamer)
• Add persmissions to the GITHUB_TOKEN for the release drafter (#583 by @Reamer)
• Sonarqube 8 (#445 by @Reamer)

🧰 Maintenance

• Update example projects (#602 by @Reamer)
• Bump style-loader from 2.0.0 to 3.3.1 in /sonar-dependency-check-plugin (#595 by @dependabot)
• Bump babel-loader from 8.2.2 to 8.2.3 in /sonar-dependency-check-plugin (#590 by @dependabot)
• Bump webpack-dev-server from 3.11.2 to 4.7.3 in /sonar-dependency-check-plugin (#594 by @dependabot)
• Bump underscore from 1.13.1 to 1.13.2 in /sonar-dependency-check-plugin (#593 by @dependabot)
• Bump css-loader from 5.2.6 to 6.5.1 in /sonar-dependency-check-plugin (#591 by @dependabot)
• Bump eslint-plugin-react from 7.23.2 to 7.28.0 in /sonar-dependency-check-plugin (#570 by @dependabot)
• Bump react-dev-utils from 11.0.4 to 12.0.0 in /sonar-dependency-check-plugin (#592 by @dependabot)
• Bump babel-preset-react-app from 10.0.0 to 10.0.1 in /sonar-dependency-check-plugin (#589 by @dependabot)
• Bump @babel/core from 7.14.3 to 7.16.7 in /sonar-dependency-check-plugin (#573 by @dependabot)
• Bump autoprefixer from 10.2.5 to 10.4.2 in /sonar-dependency-check-plugin (#578 by @dependabot)
• Bump react-router from 5.2.0 to 6.2.1 in /sonar-dependency-check-plugin (#587 by @dependabot)
• Bump postcss-loader from 5.3.0 to 6.2.1 in /sonar-dependency-check-plugin (#588 by @dependabot)
• Bump webpack from 5.37.1 to 5.66.0 in /sonar-dependency-check-plugin (#579 by @dependabot)
• Bump eslint from 7.27.0 to 8.7.0 in /sonar-dependency-check-plugin (#580 by @dependabot)
• Improve Readme Fixes #561 (#584 by @Reamer)
• Bump mockito-core from 3.12.4 to 4.2.0 in /sonar-dependency-check-plugin (#567 by @dependabot)
• Bump junit.jupiter.version from 5.7.2 to 5.8.2 in /sonar-dependency-check-plugin (#556 by @dependabot)
• Bump spotbugs-annotations from 4.5.0 to 4.5.3 in /sonar-dependency-check-plugin (#577 by @dependabot)
• Bump frontend-maven-plugin from 1.12.0 to 1.12.1 in /sonar-dependency-check-plugin (#571 by @dependabot)
• Bump spotbugs-annotations from 4.4.0 to 4.5.0 in /sonar-dependency-check-plugin (#545 by @dependabot)
• Bump actions/checkout from 2.3.5 to 2.4.0 (#539 by @dependabot)
• Bump actions/checkout from 2.3.4 to 2.3.5 (#531 by @dependabot)
• Bump mockito-core from 3.10.0 to 3.12.4 in /sonar-dependency-check-plugin (#489 by @dependabot)
• Bump spotbugs-annotations from 4.2.3 to 4.4.0 in /sonar-dependency-check-plugin (#482 by @dependabot)

sonar-dependency-check-2.0.8

Changes

• Remove bintray (#355 by @Reamer)

🧰 Maintenance

• Skip Deploy plugin as we do not have distributionManagement (#444 by @Reamer)
• Bump eslint from 7.26.0 to 7.27.0 in /sonar-dependency-check-plugin (#439 by @dependabot)
• Cleanup with new IDE (#438 by @Reamer)
• Update node to 16.2.0 (#437 by @Reamer)
• update mor dependencies (#436 by @Reamer)
• Node Dependencies and Dependabot adjustment (#433 by @Reamer)
• Bump frontend-maven-plugin from 1.11.3 to 1.12.0 in /sonar-dependency-check-plugin (#427 by @dependabot)
• Bump mockito-core from 3.9.0 to 3.10.0 in /sonar-dependency-check-plugin (#426 by @dependabot)
• Bump junit.jupiter.version from 5.7.1 to 5.7.2 in /sonar-dependency-check-plugin (#428 by @dependabot)
• Bump actions/checkout from 2 to 2.3.4 (#424 by @dependabot)
• Bump spotbugs-annotations from 4.2.2 to 4.2.3 in /sonar-dependency-check-plugin (#413 by @dependabot)
• Bump mockito-core from 3.8.0 to 3.9.0 in /sonar-dependency-check-plugin (#408 by @dependabot)
• Workflow rewrite (#407 by @Reamer)
• Update NodeJS dependencies (#400 by @Reamer)
• Bump mockito-core from 3.7.7 to 3.8.0 in /sonar-dependency-check-plugin (#368 by @dependabot)
• Bump frontend-maven-plugin from 1.11.2 to 1.11.3 in /sonar-dependency-check-plugin (#394 by @dependabot)
• Bump spotbugs-annotations from 4.2.1 to 4.2.2 in /sonar-dependency-check-plugin (#374 by @dependabot)
• Bump commons-lang3 from 3.11 to 3.12.0 in /sonar-dependency-check-plugin (#373 by @dependabot)
• Bump frontend-maven-plugin from 1.11.0 to 1.11.2 in /sonar-dependency-check-plugin (#364 by @dependabot)
• Bump mockito-core from 3.6.28 to 3.7.7 in /sonar-dependency-check-plugin (#340 by @dependabot)
• Bump junit.jupiter.version from 5.7.0 to 5.7.1 in /sonar-dependency-check-plugin (#357 by @dependabot)
• Bump spotbugs-annotations from 4.2.0 to 4.2.1 in /sonar-dependency-check-plugin (#356 by @dependabot)
• Fixed grammar / typos (#345 by @LesnyRumcajs)

sonar-dependency-check-2.0.7

Changes

🚀 New features and improvements

• Added support for setting configuration properties on project level (#279 by @tobiasstadler)

🧰 Maintenance

• Bump react and react-dom in /sonar-dependency-check-plugin (#322 by @dependabot)
• Update libs (#321 by @Reamer)
• fix some code smells reported by sonarcloud (#320 by @Reamer)
• Bump ini from 1.3.5 to 1.3.7 in /sonar-dependency-check-plugin (#311 by @dependabot)
• Update npm dependencies based on dependabot (#310 by @Reamer)
• Bump eslint-plugin-react from 7.20.6 to 7.21.5 in /sonar-dependency-check-plugin (#303 by @dependabot)
• Bump eslint from 6.8.0 to 7.15.0 in /sonar-dependency-check-plugin (#301 by @dependabot)
• Bump react-addons-shallow-compare from 15.6.2 to 15.6.3 in /sonar-dependency-check-plugin (#300 by @dependabot)
• Bump @babel/core from 7.11.6 to 7.12.10 in /sonar-dependency-check-plugin (#302 by @dependabot)
• Bump underscore from 1.11.0 to 1.12.0 in /sonar-dependency-check-plugin (#299 by @dependabot)
• Ignore sonar-plugin-api in dependabot (#304 by @Reamer)
• Bump frontend-maven-plugin from 1.6 to 1.10.4 in /sonar-dependency-check-plugin (#298 by @dependabot)
• Bump mockito-core from 3.6.0 to 3.6.28 in /sonar-dependency-check-plugin (#297 by @dependabot)
• Update spotbugs (#293 by @Reamer)
• Add dependabot v2 (#292 by @Reamer)
• Move to GitHub actions #2 (#289 by @Reamer)
• Move to GitHub actions (#288 by @Reamer)
• update java library versions (#287 by @Reamer)
• Migrate to travis-ci.com (#286 by @Reamer)
• Improve Readme (#282 by @Reamer)

sonar-dependency-check-2.0.6

Changes

• Bump elliptic from 6.5.2 to 6.5.3 in /sonar-dependency-check-plugin (#271 by @dependabot)
• Support dependency-check 6.0.0 (#278 by @Reamer)
• Added support for getting the report html for the current branch/pullrequest (#274 by @tobiasstadler)

🧰 Maintenance

• Update javascript dependencies (#276 by @Reamer)
• Update sonar plugin api and other used libraries (#264 by @Reamer)

sonar-dependency-check-2.0.5

Changes

🚀 New features and improvements

• Prefer configuration files based on the dependency language (#257 by @Reamer)
• Add an additional rules for security hotspot (#252 by @Reamer)

🐛 Bug Fixes

• Improve travis builds (#246 by @Reamer)
• npm package inforamtion without version (#244 by @Reamer)
• Execute SonarQube only with OpenJDK11 (#245 by @Reamer)

🧰 Maintenance

• Welcome to 2020 (#263 by @Reamer)
• Bump websocket-extensions from 0.1.3 to 0.1.4 in /sonar-dependency-check-plugin (#262 by @dependabot)
• Update jquery (#258 by @Reamer)
• Improve readability (#256 by @Reamer)
• Correct spelling (#251 by @Reamer)
• Correct gradle typo log message (#250 by @Reamer)
• Update Jackson to 2.10.3 (#243 by @Reamer)