Dependency check `odc.autoupdate` option is not respected

[lread]

Currently

While looking at #86, I noticed the following in the logs:

Downloading/Updating database.
2024-08-04 13:48:58,345 INFO Engine - Checking for updates
2024-08-04 13:48:58,353 INFO NvdApiDataSource - Skipping the NVD API Update as it was completed within the last 720 minutes
2024-08-04 13:48:58,597 INFO KnownExploitedDataSource - Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
2024-08-04 13:48:58,605 INFO Engine - Check for updates complete (259 ms)
Download/Update completed.
2024-08-04 13:48:59,131 INFO Engine - Checking for updates
2024-08-04 13:48:59,132 INFO NvdApiDataSource - Skipping the NVD API Update as it was completed within the last 720 minutes
2024-08-04 13:48:59,362 INFO KnownExploitedDataSource - Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
2024-08-04 13:48:59,373 INFO Engine - Check for updates complete (242 ms)

You'll notice the duplicate work.

Diagnosis

Clj-watson explicitly requests that the nvd database be updated, but dependency.check odc.autoupdate controls whether or not the nvd database is updated, and the clj-watson default is a very reasonable true.

Next

I'll follow up with a PR to remove clj-watson's explicit unnecessary request to update.

[seancorfield]

I wonder if there are any users out there who have their own dependency-check.properties with that set to false? (I very much doubt it, but it is a consideration for documenting this change, especially when we streamline the properties overrides as discussed in #70 ).

[lread]

Right. I guess if they had it set to false they would not want the nvd database to update, but the current behaviour is to always update. I'll reword this issue (and upcoming commit/changelog) to make it more apparent.

[lread]

Right! Thanks for update to my update!

[lread]

Worth noting: The Dependency Check auto update default matches clj-watson dependency-check.properties default of true