Long in the Works

New This Release

• Logging Options
• Vulnerability Report Exports
• Blacklist/Whitelist renamed as BlockList/AllowList
• Improved Transitive Dependency Checking

Github Actions

I've started using Github Actions to test builds on other Open Source projects. This led to many last minute fixes. I hope this will help to stabilize releases and make them more reliable. Currently I build NuGetDefense, Run Tests, then Use it while Building, Bogus.Net, GitExtions and Noda Time. there are builds on Mac, Linux and Windows. If you have any concerns or would like your project to be used for testing as well, raise an issue or reach out on Gitter

1.0.8.0-beta4: Bumped Dependencies

NuGetDefense.Core 1.0.6-beta2 => 1.0.6-beta3  included a fix for legacy .Net Projects
MessagePack 2.1.152 => 2.1.165
NuGet.Versioning 5.6.0 => 5.7.0

Transitive Dependency Checking Beta

While working on a project due tomorrow, I through together a beta for the transitive dependency checking. This release does not have an updated embedded NVD source and will only work with SDK Style Package References. I'll be tackling some known issues and looking for an alternative method of getting transitive dependencies for older .net projects soon.

v1.0.7.2

Fixes

• Possible Fix for #28

v1.0.7.1

Changes This Release

• Updated Vulnerability data
• Added UserAgent to OSSIndex Client as requested in #29
• Bumped Dependencies
  • NuGet.Versioning 5.5.1 -> 5.6.0
  • NuGetDefense.NVD 1.0.2 -> 1.0.2.1
  • NuGetDefense.OSSIndex 1.0.1.4 -> 1.0.1.5
  • System.Text.Json 4.7.1 -> 4.7.2

v1.0.7.0

Fixed This Release

9905b7a Fixed Case Sensitivity in Parsing the Packages.Config

v1.0.6.0

Fixed This Release

• #24 Incorrectly Reporting Vulnerabilities from NVD Source
  • NuGetDefense.NVD incorrectly parsed various versions
• #25 Vulnerability Source Settings Not Reading From File
• #26 Spaces in Path to Project File
  • MSBuildProjectPath variable is not wrapped in quotes when passed in by MSBuild
• #27 Scan returns cryptic error
  • Parsing an invalid NuGet package version was not reported clearly

Dependencies Updated This Release

• NuGetDefense.Core 1.0.3 -> 1.0.4
• NuGetDefense.NVD 1.0.1.1 -> 1.0.2
• NuGetDefense.OSSIndex 1.0.1.3 -> 1.0.1.4

Changes This Release

• Updated NVD Source

Fixed No References for CVE Causes Exception

Fixed This Release

• #23 Null Reference Exception If Source Returns a Vulnerability with a Null References.

Fixed Concurrent Build IOException

Fixed This Release

• #22 Concurrent Builds Can Cause System.IO.IOException

Changes This Release

• Bumped dependencies
  • MessagePack 2.1.90 -> 2.1.115
  • NuGetDefense.Core 1.0.1.1 -> 1.0.2.0
    • Timeout logic for saving Vulnerability Data
  • NuGetDefense.NVD 1.0.0.2 -> 1.0.1.0
    • Timeout logic for updating NVD Vulnerability Data
  • NuGetDefense.OSSIndex 1.0.1.1 -> 1.0.1.2

Properly Fail Builds in .Net Core

Fixed This Release

• Does Not Properly Fail Builds for .Net Core #21
  • Changed IgnoreExitCode to false in targets file