⬆️ Upgrade dependency-check-core to v8.1.2

albuch · albuch · commit a121bfb29a64 · 2023-03-05T10:18:09.000+01:00
diff --git a/README.md b/README.md
@@ -173,6 +173,7 @@ The following properties can be configured in the plugin. However, they are less
 | dependencyCheckConnectionString                | The connection string used to connect to the database, the %s will be replace with a name for the database                                                                                            | jdbc:h2:file:%s;AUTOCOMMIT=ON;MV_STORE=FALSE;                                       |
 | dependencyCheckDatabaseUser                    | The username used when connecting to the database.                                                                                                                                                    | dcuser                                                                              |
 | dependencyCheckDatabasePassword                | The password used when connecting to the database.                                                                                                                                                    |                                                                                     |
+| dependencyCheckHostedSuppressionsEnabled       | Whether the hosted suppression file will be used.                                                                                                                                                     | true                                                                                |
 | dependencyCheckHostedSuppressionsForceUpdate   | Whether the hosted suppressions file will update regardless of the `dependencyCheckAutoUpdate` setting.                                                                                               | false                                                                               |
 | dependencyCheckHostedSuppressionsUrl           | The URL to a mirrored copy of the hosted suppressions file for internet-constrained environments.                                                                                                     | https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml |
 | dependencyCheckHostedSuppressionsValidForHours | Sets the number of hours to wait before checking for new updates from the NVD.                                                                                                                        | 2                                                                                   |
diff --git a/build.sbt b/build.sbt
@@ -11,7 +11,7 @@ val sbtDependencyCheck = (project in file("."))
 	.enablePlugins(SbtPlugin)
 	.settings(
 		libraryDependencies ++= Seq(
-			"org.owasp" % "dependency-check-core" % "8.1.0"
+			"org.owasp" % "dependency-check-core" % "8.1.2"
 		),
 		sbtPlugin := true,
 		dependencyUpdatesFilter -= moduleFilter(organization = "org.scala-lang") | moduleFilter(organization = "org.scala-sbt"),
diff --git a/project/plugins.sbt b/project/plugins.sbt
@@ -7,6 +7,6 @@ addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")
 
 Compile / unmanagedSourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "scala"
 libraryDependencies ++= Seq(
-  "org.owasp" % "dependency-check-core" % "8.1.0",
+  "org.owasp" % "dependency-check-core" % "8.1.2",
   "org.slf4j" % "slf4j-simple" % "2.0.6"
 )
diff --git a/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckKeys.scala b/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckKeys.scala
@@ -120,6 +120,7 @@ trait DependencyCheckKeys {
 	lazy val dependencyCheckDatabaseUser = settingKey[Option[String]]("The username used when connecting to the database. ")
 	lazy val dependencyCheckDatabasePassword = settingKey[Option[String]]("The password used when connecting to the database. ")
 	lazy val dependencyCheckHostedSuppressionsForceUpdate = settingKey[Option[Boolean]]("Whether the hosted suppressions file will update regardless of the `dependencyCheckAutoUpdate` setting.")
+	lazy val dependencyCheckHostedSuppressionsEnabled = settingKey[Option[Boolean]]("Whether the hosted suppression file will be used.")
 	lazy val dependencyCheckHostedSuppressionsUrl = settingKey[Option[URL]]("The URL to a mirrored copy of the hosted suppressions file for internet-constrained environments.")
 	lazy val dependencyCheckHostedSuppressionsValidForHours = settingKey[Option[Int]]("Sets the number of hours to wait before checking for new updates from the NVD.")
 
diff --git a/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckListSettingsTask.scala b/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckListSettingsTask.scala
@@ -145,6 +145,7 @@ object DependencyCheckListSettingsTask {
     logStringSetting(DB_USER, "dependencyCheckDatabaseUser", log)
     logStringSetting(DB_PASSWORD, "dependencyCheckDatabasePassword", log)
     logBooleanSetting(HOSTED_SUPPRESSIONS_FORCEUPDATE, "dependencyCheckHostedSuppressionsForceUpdate", log)
+    logBooleanSetting(HOSTED_SUPPRESSIONS_ENABLED, "dependencyCheckHostedSuppressionsEnabled", log)
     logUrlSetting(HOSTED_SUPPRESSIONS_URL, "dependencyCheckHostedSuppressionsUrl", log)
     logStringSetting(HOSTED_SUPPRESSIONS_VALID_FOR_HOURS, "dependencyCheckHostedSuppressionsValidForHours", log)
 
diff --git a/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala b/src/main/scala/net/vonbuchholtz/sbt/dependencycheck/DependencyCheckPlugin.scala
@@ -141,6 +141,7 @@ object DependencyCheckPlugin extends sbt.AutoPlugin {
     dependencyCheckDatabaseUser := None,
     dependencyCheckDatabasePassword := None,
     dependencyCheckHostedSuppressionsForceUpdate := None,
+    dependencyCheckHostedSuppressionsEnabled := None,
     dependencyCheckHostedSuppressionsUrl := None,
     dependencyCheckHostedSuppressionsValidForHours := None,
     dependencyCheckUseSbtModuleIdAsGav := None
@@ -235,6 +236,9 @@ object DependencyCheckPlugin extends sbt.AutoPlugin {
     setStringSetting(ADDITIONAL_ZIP_EXTENSIONS, dependencyCheckZipExtensions.value)
     setBooleanSetting(ANALYZER_JAR_ENABLED, dependencyCheckJarAnalyzerEnabled.value)
     setBooleanSetting(ANALYZER_DART_ENABLED, dependencyCheckDartAnalyzerEnabled.value)
+    setBooleanSetting(ANALYZER_KNOWN_EXPLOITED_ENABLED, dependencyCheckKnownExploitedEnabled.value)
+    setUrlSetting(KEV_URL, dependencyCheckKnownExploitedUrl.value)
+    setIntSetting(KEV_CHECK_VALID_FOR_HOURS, dependencyCheckKnownExploitedValidForHours.value)
     setBooleanSetting(ANALYZER_CENTRAL_ENABLED, dependencyCheckCentralAnalyzerEnabled.value)
     setBooleanSetting(ANALYZER_CENTRAL_USE_CACHE, dependencyCheckCentralAnalyzerUseCache.value)
     setBooleanSetting(ANALYZER_OSSINDEX_ENABLED, dependencyCheckOSSIndexAnalyzerEnabled.value)
@@ -288,6 +292,8 @@ object DependencyCheckPlugin extends sbt.AutoPlugin {
     setBooleanSetting(ANALYZER_RETIREJS_ENABLED, dependencyCheckRetireJSAnalyzerEnabled.value)
     setBooleanSetting(ANALYZER_RETIREJS_FORCEUPDATE, dependencyCheckRetireJSForceUpdate.value)
     setUrlSetting(ANALYZER_RETIREJS_REPO_JS_URL, dependencyCheckRetireJSAnalyzerRepoJSUrl.value)
+    setStringSetting(ANALYZER_RETIREJS_REPO_JS_USER, dependencyCheckRetireJsAnalyzerRepoUser.value)
+    setStringSetting(ANALYZER_RETIREJS_REPO_JS_PASSWORD, dependencyCheckRetireJsAnalyzerRepoPassword.value)
     setIntSetting(ANALYZER_RETIREJS_REPO_VALID_FOR_HOURS, dependencyCheckRetireJsAnalyzerRepoValidFor.value)
     settings.setArrayIfNotEmpty(ANALYZER_RETIREJS_FILTERS, dependencyCheckRetireJsAnalyzerFilters.value.toArray)
     setBooleanSetting(ANALYZER_RETIREJS_FILTER_NON_VULNERABLE, dependencyCheckRetireJsAnalyzerFilterNonVulnerable.value)
@@ -315,6 +321,10 @@ object DependencyCheckPlugin extends sbt.AutoPlugin {
     setStringSetting(DB_USER, dependencyCheckDatabaseUser.value)
     setStringSetting(DB_PASSWORD, dependencyCheckDatabasePassword.value)
     setStringSetting(CVE_CPE_STARTS_WITH_FILTER, dependencyCheckCpeStartsWith.value)
+    setBooleanSetting(HOSTED_SUPPRESSIONS_FORCEUPDATE, dependencyCheckHostedSuppressionsForceUpdate.value)
+    setBooleanSetting(HOSTED_SUPPRESSIONS_ENABLED, dependencyCheckHostedSuppressionsEnabled.value)
+    setUrlSetting(HOSTED_SUPPRESSIONS_URL, dependencyCheckHostedSuppressionsUrl.value)
+    setIntSetting(HOSTED_SUPPRESSIONS_VALID_FOR_HOURS, dependencyCheckHostedSuppressionsValidForHours.value)
 
     initProxySettings()
 

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,6 @@ addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")`
`7`	`7`
`8`	`8`	`Compile / unmanagedSourceDirectories += baseDirectory.value.getParentFile / "src" / "main" / "scala"`
`9`	`9`	`libraryDependencies ++= Seq(`
`10`		`- "org.owasp" % "dependency-check-core" % "8.1.0",`
	`10`	`+ "org.owasp" % "dependency-check-core" % "8.1.2",`
`11`	`11`	`"org.slf4j" % "slf4j-simple" % "2.0.6"`
`12`	`12`	`)`