maint: bump dependency-check & others

clj-holmes / clj-watson

clojure deps SCA

Eclipse Public License 2.0

77 stars 8 forks source link

maint: bump dependency-check & others #124

Closed lread closed 2 weeks ago

lread commented 2 weeks ago

DependencyCheck 10.0.4 was just released (2024-09-01) Probably a good idea to stay in sync with the latest (barring any issues)

Could also, at the same time, check and bump any other outdated deps.

Happy to carry this out if there are no objections.

seancorfield commented 2 weeks ago

Sure, we can do this as part of 6.1.

There's doesn't look to be anything critical in 10.0.4 so it doesn't feel like we have to rush out a new release, just to update it -- and users can always override the dependency-check-core version locally if they feel they need any of those fixes. We always ran with an overridden dependency there at work,

lread commented 2 weeks ago

Yes, that seems fine. If we had an automated release flow implemented #119, I think cutting a release would be less of a ceremony and pain, and we'd not hesitate to just cut a release "whenever".

Keeping dependency-check up date, at least on the main branch, does give the feeling of a thoughtfully maintained project.