prepare release 7.0.0

jeremylong · Feb 28, 2022 · 8fad03d · 8fad03d
1 parent a827499
commit 8fad03d
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 11 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -185,12 +185,20 @@ jobs:
           prerelease: false
           draft: false
           body: |
-            Changes in this Release
-              - Performance improvements for some Maven projects (see #3923 and #3931).
-              - Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
-              - Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
-              - General code maintenance and false positive reductions.
-              - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/39?closed=1).
+            ### Breaking Changes
+             - The H2 database version has been upgraded.
+               - if you use the `dataDirectory` option you will need to run a purge after upgrading.
+             - Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.
+
+            ### Changes
+             - The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
+             - Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
+               - [Create New FP Report Issue](https://github.com/jeremylong/DependencyCheck/issues/new?assignees=&labels=FP+Report&template=false-positive-report.yml&title=%5BFP%5D%3A+).
+             - When analyzing Java projects ODC now includes data from the developers section. 
+               - This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
+             - General project maintenance, bug fixes, and false positive reductions.
+             - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/28?closed=1).
+
       - name: Upload CLI
         id: upload-release-cli
         uses: actions/upload-release-asset@v1.0.2

diff --git a/README.md b/README.md
@@ -9,15 +9,15 @@ Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to
 
 Documentation and links to production binary releases can be found on the [github pages](http://jeremylong.github.io/DependencyCheck/). Additionally, more information about the architecture and ways to extend dependency-check can be found on the [wiki].
 
-6.0.0 Upgrade Notice
+7.0.0 Upgrade Notice
 --------------
-If upgrading to 6.0.0 or higher, there were breaking changes. If you get an error indicating you can't connect
+If upgrading to 7.0.0 or higher, there were breaking changes. If you get an error indicating you can't connect
 to the database you will need to run the purge command to remove the old database:
 - gradle: `./gradlew dependencyCheckPurge`
-- maven: `mvn org.owasp:dependency-check-maven:6.0.0:purge`
+- maven: `mvn org.owasp:dependency-check-maven:7.0.0:purge`
 - cli: `dependency-check.sh --purge`
 
-Homebrew users upgrading to dependency-check 6.0.0 will need to purge their old database.
+Homebrew users upgrading to dependency-check 7.0.0 will need to purge their old database.
 
 Current Releases
 -------------
@@ -235,7 +235,7 @@ Permission to modify and redistribute is granted under the terms of the Apache 2
 
 Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt][notices] file for more information.
 
-Copyright (c) 2012-2021 Jeremy Long. All Rights Reserved.
+Copyright (c) 2012-2022 Jeremy Long. All Rights Reserved.
 
   [wiki]: https://github.com/jeremylong/DependencyCheck/wiki
   [notices]: https://github.com/jeremylong/DependencyCheck/blob/master/NOTICE.txt
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,5 +1,22 @@
 # Release Notes
 
+## [Version 7.0.0](https://github.com/jeremylong/DependencyCheck/releases/tag/v7.0.0) (2022-02-28)
+
+
+### Breaking Changes
+ - The H2 database version has been upgraded.
+   - if you use the `dataDirectory` option you will need to run a purge after upgrading.
+ - Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.
+
+### Changes
+ - The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
+ - Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
+   - [Create New FP Report Issue](https://github.com/jeremylong/DependencyCheck/issues/new?assignees=&labels=FP+Report&template=false-positive-report.yml&title=%5BFP%5D%3A+).
+ - When analyzing Java projects ODC now includes data from the developers section. 
+   - This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
+ - General project maintenance, bug fixes, and false positive reductions.
+ - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/28?closed=1).
+
 ## [Version 6.5.3](https://github.com/jeremylong/DependencyCheck/releases/tag/v6.5.3) (2022-01-12)
 
 ### Changes