add support for Gradle dependencies defined within boms and with Spring dependency plugin

[gunkelolaf]

Hi,

just tried out dependabot and noticed that centralized dependencies aren't updated by dependabot. See: https://github.com/gunkelolaf/dependencymanagement-demo In this demo both guava and undertow should be updated.

The dependencies are defined within the backend/gradle/dependencymanagement.gradle file

It is very common for Gradle setups to use the https://github.com/spring-gradle-plugins/dependency-management-plugin

The use-latest-versions plugin will suggest an update and change the dependencymanagement.gradle file (see backend/gradle/versionupdate.gradle)

to reproduce, run within the backend directory ./gradlew useLatestVersions

the Audit-Plugin finds a vulnerability for the defined undertow version (see backend/gradle/audit.gradle) to reproduce, run within the backend directory ./gradlew dependencyCheckAnalyze

Best Olaf

[github-actions[bot]]

👋 This issue has been marked as stale because it has been open for 2 years with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing, this issue will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.