Closed lread closed 2 weeks ago
Sure, we can do this as part of 6.1.
There's doesn't look to be anything critical in 10.0.4 so it doesn't feel like we have to rush out a new release, just to update it -- and users can always override the dependency-check-core
version locally if they feel they need any of those fixes. We always ran with an overridden dependency there at work,
Yes, that seems fine. If we had an automated release flow implemented #119, I think cutting a release would be less of a ceremony and pain, and we'd not hesitate to just cut a release "whenever".
Keeping dependency-check up date, at least on the main branch, does give the feeling of a thoughtfully maintained project.
DependencyCheck 10.0.4 was just released (2024-09-01) Probably a good idea to stay in sync with the latest (barring any issues)
Could also, at the same time, check and bump any other outdated deps.
Happy to carry this out if there are no objections.