Is your feature request related to a problem? Please describe.
As of version 5.1 of rules_jvm_external, the maven_install.json schema was updated for v2. The current implementation in dependency check is compatible with v0.1.0 but v2.
Describe the solution you'd like
The PinnedMavenInstallAnalyzer should support both maven_install.json versions.
Describe alternatives you've considered
- Roll back the version of
rules_jvm_external to pre 5.1. That version is over a year old and a major version behind.
- Do container scanning later in the CI process, which would be slower and potentially less reliable
Additional context
Bazel continues to grow in popularity, it seems important to support updates.
Is your feature request related to a problem? Please describe.
As of version 5.1 of
rules_jvm_external, themaven_install.jsonschema was updated forv2. The current implementation in dependency check is compatible withv0.1.0butv2.Describe the solution you'd like
The
PinnedMavenInstallAnalyzershould support bothmaven_install.jsonversions.Describe alternatives you've considered
rules_jvm_externalto pre 5.1. That version is over a year old and a major version behind.Additional context
Bazel continues to grow in popularity, it seems important to support updates.