Releases: snyk/snyk-gradle-plugin
v5.1.0
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
5.0.0 (2025-04-23)
Features
BREAKING CHANGES
- node IDs changed to uniquely identify all
dependencies.
There can be multiple module artifacts. At the moment we assume
there can only by one artifact per resolved dependency. This
is the most common arrangement, however there can be multiple
artifacts when several 'classifiers' or different 'types' are
referenced. For example if both the test and sources jar files
are required.
Loop over each module artifact and use the classifier in the
node id, always appending ':type' where 'jar' is the default
type and optionally appending ':classifier'.
In order to find vulnerabilities against the resolved dependency
the package identity remains the same,
'groupid:artifactid@version'.
The net effect here is that we now correctly identify artifacts
and create a node per artifact.
One fix that has occurred by only considering those dependencies
with an artifact is that those dependencies without artifacts
are excluded. This can happen when using 'platform' dependencies.
These are constraints that don't require dependencies but control
the versions of dependencies required either directly or
transitively. They are analogous to maven boms and
dependencyManagement.