Failed upgrading database from 5.3.2.1 to 6.0.0 on Gradle

[sekido]

Describe the bug
Failed upgrading while running dependencyCheckUpdate Gradle task.
It leaves "resource data/upgrade_4.2.sql not found."

Version of dependency-check used

• Previous: 5.3.2.1 (OWASP Dependency Check Gradle Plugin)
• Current: 6.0.0 (OWASP Dependency Check Gradle Plugin)
• Gradle 6.3

Log file
https://gist.github.com/sekido/70024fbc9a9592c522e1c24f40eb1713

To Reproduce
Steps to reproduce the behavior:

1. Run dependencyCheckUpdate Gradle task with OWASP Dependency Check Gradle Plugin version 5.3.2.1
2. Rewrite from 5.3.2.1 to 6.0.0
3. Run again dependencyCheckUpdate Gradle task, then failed

Expected behavior
Complete upgrade database and succeed running gradle task.

Additional context
Add any other context about the problem here.

[mprins]

As documented in the release notes there are breaking changes in the database schema and the new release won't work with Oracle, your "expected behaviour" is a false assumption

[sekido]

@mprins Thank you for your comment.

I've confirmed and accepted what breaking changes are.
The database before 6.0.0 doesn't have CVSS 3.x version number, so there is no way to upgrade it completely. (#2547)

I use this tool in my CI/CD pipeline to find vulnerabilities as soon as possible.
The pipeline has its old database, so I'm planning how to maintain it manually.
I hope the tool upgrades the database seamlessly, for instance, fill up with '3.x' for lost version numbers.

Thanks for the great tool!

[jeremylong]

In most cases - minor database updates are made and are backward compatabile. Unfortunately, in this case we had to make significant change. The only resolution would be to run dependency-check's purge command and then run an update and rebuild the database.

[jeremylong]

In addition - the changes made to how the ecosystem is tracked on the CPE entries was completely revamped and would be impossible to retrofit onto an existing database.

[jeremylong]

Gradle users - please upgrade to 6.0.0.1.