Something like this: https://www.mojohaus.org/versions-maven-plugin/display-dependency-updates-mojo.html
Hope that helps Enrico Il sab 21 dic 2019, 18:31 mark <mc.pr...@gmail.com> ha scritto: > On 2019-12-20 13:39, Marlow, Andrew wrote: > > > > Hello everyone, > > > > I am using the owasp maven dependency plugin to tell me when I am > > using components that have CVEs. That’s great. I was wondering if > > there was something similar that would tell me when I am using very > > old components (where the judgement about what is old is configurable, > > e.g number of years, months etc). > > > > never seen one, it would be hard without querying the source repository > for the release tag/branch for the moment the release was cut (which is > problematic in case a minimal release pom is in use. The current pom > does not have this/a timestamp for this and you cannot use the file date. > > I guess you could look at the date of the (class) files inside the > artifact (jar) to determine build/release date, not sure how that would > work out with shaded dependencies or provided manifest files > > > -M > > > *Andrew Marlow* > > > > Software Engineer Specialist, Apex > > > > 38^th Floor, 25 Canada Square, > > > > Canary Wharf, London E14 5LQ > > > > *T*: 020-8081-2367 / 07966-451-521 > > *E*: andrew.mar...@fisglobal.com <mailto:andrew.mar...@fisglobal.com> > > > > *FIS | Advancing the way the world pays, banks and invests™ * > > > > cid:image004.png@01D542DF.1DA72090 > > <https://www.facebook.com/FIStoday>cid:image005.png@01D542DF.1DA72090 > > <https://twitter.com/FISGlobal>cid:image008.png@01D542DF.1DA72090 > > <https://www.linkedin.com/company/fis> > > > > The information contained in this message is proprietary and/or > > confidential jadajadajada... > >