Re: Updating dependencies

2018-02-13 Thread Anthony Baker
Interesting idea. I’m also looking at https://github.com/nebula-plugins/gradle-dependency-lock-plugin . Anthony > On Feb 13, 2018, at 8:15 AM, John Blum wrote: > > Ever consider inheriting from *Spring Boot's* dependency BOM f

Re: Updating dependencies

2018-02-13 Thread John Blum
Ever consider inheriting from *Spring Boot's* dependency BOM file [1] by applying the *Spring *Dependencies Management Gradle Plugin? The advantage of plugin over this [2] is that you are guaranteed to get a curated and harmonized list of *Spring* and 3rd party (transitive) dependencies that have

Re: Updating dependencies

2018-02-12 Thread Mark Bretl
OWASP is good too, even has a Gradle plugin [1] --Mark [1] https://github.com/jeremylong/dependency-check-gradle On Mon, Feb 12, 2018 at 12:36 PM, Anthony Baker wrote: > > > > On Feb 12, 2018, at 12:29 PM, Mark Bretl wrote: > > > > Late to the game here, as I see this was merged today… > > >

Re: Updating dependencies

2018-02-12 Thread Anthony Baker
> On Feb 12, 2018, at 12:29 PM, Mark Bretl wrote: > > Late to the game here, as I see this was merged today… > Comments always appreciated :-) > The addition of the Gradle versions plugin is good and hopefully we can go > farther down the path of dependency scanning by adding security as wel

Re: Updating dependencies

2018-02-12 Thread Mark Bretl
Late to the game here, as I see this was merged today... The addition of the Gradle versions plugin is good and hopefully we can go farther down the path of dependency scanning by adding security as well. Currently, GitHub has this setup for Ruby and JavaScript [1], however it is lacking Java depe

Updating dependencies

2018-02-09 Thread Anthony Baker
Hi all, I’ve got a PR [1] open that updates lots of dependencies. Please review and let me know if you have any concerns. I’d like to merge it early next week barring any objections. Thanks, Anthony [1] https://github.com/apache/geode/pull/1400