Drop dependency check plugin

[MALPI]

With dependabot being in place to bump dependencies I would suggest to drop the dependency check plugin as it's pointless to maintain the list of CVE supressions. All we can do anyways is upgrading the dependencies.

@danielrohe what do you think?

[danielrohe]

yes we can remove the dependency check plugin.

[whiskeysierra]

When it comes to vulnerabilities in dependencies, you have more than just 1 option though:

1. Update
2. Replace/rewrite (with a different or hand-written alternative)
3. Suppress

CVE suppressions serve as a documentation.
They give users an idea about the status and quality of the project.
If you combine them with until, you can even give your future self a hint about re-evaluating a suppression.

[MALPI]

So what is your suggestion @whiskeysierra, from my point of view I don't see a huge benefit yet in maintaining a list of suppression to be honest?