You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@daffodil.apache.org by GitBox <gi...@apache.org> on 2022/03/28 13:25:12 UTC

[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates

stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836423894



##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
 
 Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
   Apache Commons Lang
-  Copyright 2001-2021 The Apache Software Foundation
-  
+  Copyright 2001-2022 The Apache Software Foundation
+
   This product includes software developed at
   The Apache Software Foundation (https://www.apache.org/).

Review comment:
       We just made a bunch of corrections to this file that are accurate for 3.3.0. You might need to incorporate some of those changes.

##########
File path: project/plugins.sbt
##########
@@ -21,3 +21,17 @@ addSbtPlugin("io.github.davidgregory084" % "sbt-tpolecat" % "0.1.17")
 addSbtPlugin("org.musigma" % "sbt-rat" % "0.7.0")
 addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.3")
 addSbtPlugin("com.github.battermann" % "sbt-json" % "0.5.0")
+
+/**
+  * These dependencies are used in a effort to support checking dependencies
+  * for CVEs and making sure they are up to date. As well being able to track
+  * dependencies of dependencies.
+  *
+  * Commands:
+  *   Check dependencies for CVEs -> sbt dependencyCheckAggregate
+  *   Print out dependency tree -> sbt dependencyTree
+  *   Check for available dependency updates -> sbt dependencyUpdates
+  */
+addDependencyTreePlugin
+addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "4.0.0")
+addSbtPlugin("com.timushev.sbt" % "sbt-updates" % "0.6.1")

Review comment:
       Personally, I think these plugins should be part of ~/.sbt/plugins/plugins.sbt rather than the repo since these aren't strictly needed for the vscode repo. Minimizes dependencies for people that don't care about this this stuff. But I don't feel that strongly about it. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org