Skip to content

Update dependencycheck.properties #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
muellerst-hg wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update dependencycheck.properties #815

muellerst-hg wants to merge 3 commits into from

Conversation

@muellerst-hg
Copy link

@muellerst-hg muellerst-hg commented Dec 3, 2025

there's a new sonar-dependency-check release 6.0.0 available at https://github.com/dependency-check/dependency-check-sonar-plugin/releases/tag/6.0.0

@muellerst-hg muellerst-hg mentioned this pull request Dec 3, 2025
Open
Reamer
Reamer reviewed Dec 3, 2025
View reviewed changes
dependencycheck.properties
6.0.0.downloadUrl=https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/6.0.0/sonar-dependency-check-plugin-6.0.0.jar

5.0.0.description=Update SonarQube-API and SonarSource Parent
5.0.0.sqs=[10.8,LATEST]
Copy link
Contributor

@Reamer Reamer Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @muellerst-hg ,
thanks for your pull request. The range for LATEST can only be filled by one release.
But @ganncamp can explain it better.

ganncamp
ganncamp requested changes Dec 3, 2025
View reviewed changes
dependencycheck.properties
6.0.0.date=2025-08-22
6.0.0.changelogUrl=https://github.com/dependency-check/dependency-check-sonar-plugin/releases/tag/6.0.0
6.0.0.downloadUrl=https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/6.0.0/sonar-dependency-check-plugin-6.0.0.jar

Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Reamer is right. Only one version can target LATEST at a time. You'll need to update previous version, 5.0.0, to end those ranges before LATEST. If you were archiving 5.0.0, you could leave the rest of the range as-is. But public plugin versions can't overlap compatibility. This is about the Marketplace knowing when to tell users "Hey, it's time to upgrade your plugin."
Archived versions can overlap in compatibility with public versions. But public versions can't. This would be why for 4.0.1 sqVersions ends at 10.3 and 5.0.0 picks up at 10.4

dependencycheck.properties

6.0.0.description=Compatibilty with SonarQube >= 2025.1/25.1. Removed HTML report.
6.0.0.sqs=[2025.1,LATEST]
6.0.0.sqcb=[25.1,LATEST]
Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typically this range would start at 24.12 unless you mean to explicitly exclude it.

dependencycheck.properties
6.0.0.description=Compatibilty with SonarQube >= 2025.1/25.1. Removed HTML report.
6.0.0.sqs=[2025.1,LATEST]
6.0.0.sqcb=[25.1,LATEST]
6.0.0.date=2025-08-22
Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This date needs to be ~ when the plugin enters the marketplace. Not when an underlying piece was released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ganncamp ganncamp ganncamp requested changes

+1 more reviewer

@Reamer Reamer Reamer left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@muellerst-hg @Reamer @ganncamp