I added Dependency Scanning to my pipeline. The gemnasium-maven-dependency job fails the Maven Enforcer check requiring a minimum version, i.e., 3.8+.
I can see in the gemnasium project that the .tools-version is set to 3.6.3.
Is this overridable or do I open an MR?
3.6.3 was release in November 2019. 3.8 has been out for two (2) years and adds additional security requiring HTTPS repositories and more. This could be breaking change for some, but has a workaround. 3.9 has some breaking changes that could be more troublesome for projects than securing the URL of internal or external legacy repositories.