[WEB][30GR][Draft] integrate a dependency checker (BP040)

[titiBeOne]

remove dependencies outdated (BP040)

Platform

OS	OS version	Langage
-	-	JS

Main caracteristics

ID	Title	Category	Sub-category
CRDOMxxx	Remove dependencies outdated	Best Practice	-

Severity / Remediation Cost

• Case 1: in js there is a lot of dependancy outdated with some vulnerabilities and there some eslint rules
  https://github.com/dependency-check/dependency-check-sonar-plugin

Severity	Remediation Cost
Hight	Hight

• Case 2 : Identity and remove the outdated library.

Severity	Remediation Cost
Hight	Hight

Rule short description

• Case 1: Identify the outdated library

Rule complete description

Text

♻️ There is a lot of dependency outdated and don't necessary to be used, integrate a dependency checker that list the dependency which contain some vulnerability :
https://github.com/dependency-check/dependency-check-sonar-plugin
this plugin is based on OWASP ressources : https://owasp.org/www-project-dependency-check/

Benefits

Remove useless library

Implementation principle

• https://github.com/dependency-check/dependency-check-sonar-plugin
• https://owasp.org/www-project-dependency-check/

[utarwyn]

Hello 👋

Although the idea is welcome and very interesting, I don't think it's directly linked to eco-design. I also see that the dependency-check plugin seems to be doing the job perfectly and is being maintained. I don't think it's relevant to implement this rule as it stands in ecoCode.

By the way, we need to be careful about dependencies on our ecoCode plugins, and a ticket has been opened on the subject: green-code-initiative/creedengo-rules-specifications#176

Thank you for the idea!
Regards