-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump multiple dependencies #831
Conversation
👍 |
@danielrohe please take a look |
Does it make sense to adjust specific versions. This library will only run as part of another application where developers will manage versions using either spring boot, do it manually or use any other kind of dependency management tool. With this they will override the versions which are set in this pom.xml. So do we need to do the effort in bumping versions in a library? |
You need to find a way to test this library against newer versions of its dependencies. |
👍 |
Bump version of
Upgrade the dependency check plugin in order to make it work again.
As Spring and transitive dependencies like snakeyaml and others come with CVE's that are considered false positives I deactivated for now the failing build on cve.
Moreover I filed #832 in order to remove the plugin.