Re: Updating dependencies

Interesting idea. I’m also looking at https://github.com/nebula-plugins/gradle-dependency-lock-plugin . Anthony > On Feb 13, 2018, at 8:15 AM, John Blum wrote: > > Ever consider inheriting from *Spring Boot's* dependency BOM f

Re: Updating dependencies

Ever consider inheriting from *Spring Boot's* dependency BOM file [1] by applying the *Spring *Dependencies Management Gradle Plugin? The advantage of plugin over this [2] is that you are guaranteed to get a curated and harmonized list of *Spring* and 3rd party (transitive) dependencies that have

Re: Updating dependencies

OWASP is good too, even has a Gradle plugin [1] --Mark [1] https://github.com/jeremylong/dependency-check-gradle On Mon, Feb 12, 2018 at 12:36 PM, Anthony Baker wrote: > > > > On Feb 12, 2018, at 12:29 PM, Mark Bretl wrote: > > > > Late to the game here, as I see this was merged today… > > >

Re: Updating dependencies

> On Feb 12, 2018, at 12:29 PM, Mark Bretl wrote: > > Late to the game here, as I see this was merged today… > Comments always appreciated :-) > The addition of the Gradle versions plugin is good and hopefully we can go > farther down the path of dependency scanning by adding security as wel

Re: Updating dependencies

Late to the game here, as I see this was merged today... The addition of the Gradle versions plugin is good and hopefully we can go farther down the path of dependency scanning by adding security as well. Currently, GitHub has this setup for Ruby and JavaScript [1], however it is lacking Java depe