Add report attachments if vulnerability was detected (not just wenn no vulnerability was detected). Seems this was the idea from the beginning, but extension was prevented from doing so because tool exit-code wasn't ignored on call.
Only print out/report end-result once (as warning or error) instead of twice.
Added a few debug messages and changed debug messages output so they'll only be printed out if system.debug=true (generic pipeline debug variable)
Remove left over locks from previous dependency check tool run as long as no custom (and possibly centralized) dependency check tool is used. This is needed because if the build is canceled during the dependency check tool update/run some lock files might be left over due to the JAVA runtime being canceled before the dependency check tool has realized it has been stopped. This would lead to the build being stuck/hung at the dependency check tool build step on the next run since the lock files would persist. The removal of those lock files will not be done for dependency check tools with a custom path since those might be used centralized and may actually need those lock files so not to get into conflict with multiple agents on the same machine.
Requiring specific node module versions for these packages because older versions would have unallowed characters in their extension manifest mime-type:
is-core-module>=2.4.0
resolve>=1.20.0
Additional functionality/Improvements
Will retry downloading dependency check ZIP up to 5 times if it fails (due to shakey network connection for exmaple, badly needed by ourselfs since first connection try nearly always fails, while second try basically always succeeds, so extension would be unusable for us without this feature).
New option "Only warn for found violations": Build-step will result in "succeed-with-issues" instead of "failed" if a vulnerability was detected.
New PowerShell Core build script (build\Build-Extension.ps1) which will also generate .vsix file, also updated README.md accordingly in build folder
Bugfixes
Additional functionality/Improvements