java

mjw 2022-11-30T21:23:59.552029Z

I’m sure this is a dumb question, but if the version of maven-dependency-plugin is not specified in the pom, it will use the version selected by maven itself? I’m asking because I’m fighting a security CI pipeline that’s reporting a version that shouldn’t be there.

Alex Miller (Clojure team) 2022-11-30T22:04:56.747819Z

Yeah, it comes from the base pom or super pom or whatever they call it

👍 1
Alex Miller (Clojure team) 2022-11-30T22:06:08.655229Z

https://maven.apache.org/ref/3.6.3/maven-model-builder/super-pom.html