This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new ad1e06b Improved: Update build.gradle to the latest dependencies
(OFBIZ-12311)
ad1e06b is described below
commit ad1e06b9bd50b2c83baeeabecdc80f1385af4610
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Sep 6 10:05:28 2021 +0200
Improved: Update build.gradle to the latest dependencies (OFBIZ-12311)
The tests fails locally but it makes no sense, trying w/ BUilbot...
---
build.gradle | 60 +++++++++++-----------
.../java/org/apache/ofbiz/base/util/UtilXml.java | 2 +-
2 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/build.gradle b/build.gradle
index 4cd51b8..39c74d2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -31,9 +31,9 @@ plugins {
id 'maven-publish'
id 'at.bxm.svntools' version '2.2.1' // Don't update as long as we don't
use Java 11, it's needed by version 3
id 'org.asciidoctor.convert' version '2.4.0' // About
org.asciidoctor.jvm.convert as it says itself: "If you need a production-ready
version of the AsciidoctorJ plugin for Gradle use a 1.5.x release of
'org.asciidoctor.convert' instead"
- id 'org.owasp.dependencycheck' version '6.0.3' apply false
- id 'se.patrikerdes.use-latest-versions' version '0.2.15' apply false
- id 'com.github.ben-manes.versions' version '0.36.0' apply false
+ id 'org.owasp.dependencycheck' version '6.3.1' apply false
+ id 'se.patrikerdes.use-latest-versions' version '0.2.17' apply false
+ id 'com.github.ben-manes.versions' version '0.39.0' apply false
id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
id "com.github.jakemarsden.git-hooks" version "0.0.2"
}
@@ -179,42 +179,42 @@ configurations {
}
dependencies {
- implementation 'xerces:xercesImpl:2.12.0'
+ implementation 'xerces:xercesImpl:2.12.1'
implementation 'com.google.zxing:core:3.4.1'
implementation
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
- implementation 'com.googlecode.ez-vcard:ez-vcard:0.9.10'
+ implementation 'com.googlecode.ez-vcard:ez-vcard:0.11.2'
implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20200713.1'
- implementation 'com.googlecode.libphonenumber:libphonenumber:8.12.15'
- implementation 'com.ibm.icu:icu4j:68.1'
+ implementation 'com.googlecode.libphonenumber:libphonenumber:8.12.3'
+ implementation 'com.ibm.icu:icu4j:69.1'
implementation 'com.lowagie:itext:2.1.7' // Don't update due to license
change in newer versions, see OFBIZ-10455
implementation 'com.sun.mail:javax.mail:1.6.2'
implementation
'com.sun.syndication:com.springsource.com.sun.syndication:1.0.0'
- implementation 'com.thoughtworks.xstream:xstream:1.4.15'
+ implementation 'com.thoughtworks.xstream:xstream:1.4.18'
implementation 'commons-fileupload:commons-fileupload:1.4'
- implementation 'commons-net:commons-net:3.7.2'
+ implementation 'commons-net:commons-net:3.8.0'
implementation 'commons-validator:commons-validator:1.7'
implementation 'de.odysseus.juel:juel-impl:2.2.7'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
- implementation 'net.lingala.zip4j:zip4j:2.6.4'
- implementation 'org.apache.ant:ant-junit:1.10.9'
+ implementation 'net.lingala.zip4j:zip4j:2.9.0'
+ implementation 'org.apache.ant:ant-junit:1.10.11'
implementation 'org.apache.commons:commons-collections4:4.4'
- implementation 'org.apache.commons:commons-dbcp2:2.8.0'
+ implementation 'org.apache.commons:commons-dbcp2:2.9.0'
implementation 'org.apache.commons:commons-imaging:1.0-alpha2' // Alpha
but OK, "Imaging was working and was used by a number of projects in production
even before reaching its initial release as an Apache Commons component."
implementation 'org.apache.commons:commons-text:1.9'
implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13'
- implementation 'org.apache.logging.log4j:log4j-api:2.14.0' // the API of
log4j 2
- implementation 'org.apache.logging.log4j:log4j-core:2.14.0' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
- implementation 'org.apache.poi:poi:4.1.2'
+ implementation 'org.apache.logging.log4j:log4j-api:2.14.1' // the API of
log4j 2
+ implementation 'org.apache.logging.log4j:log4j-core:2.14.1' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
+ implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'.
Received status code 401 from server
implementation 'org.apache.pdfbox:pdfbox:2.0.24'
- implementation 'org.apache.shiro:shiro-core:1.7.1'
+ implementation 'org.apache.shiro:shiro-core:1.8.0'
implementation 'org.apache.sshd:sshd-core:1.7.0' // So far we did not
update from 1.7.0 because of a compile issue. You may try w/ a newer version
than 2.4.0
- implementation 'org.apache.tika:tika-core:1.26'
- implementation 'org.apache.tika:tika-parsers:1.25'
+ implementation 'org.apache.tika:tika-core:1.26' // 2.1.0 does not work
+ implementation 'org.apache.tika:tika-parsers:1.25' // 2.1.0 does not work
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.48' // Remember
to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.48'
- implementation 'org.apache.axis2:axis2-kernel:1.7.9'
+ implementation 'org.apache.axis2:axis2-kernel:1.7.9' // Above:
SOAPEventHandler.java:42: error: package org.apache.axiom.om.impl.builder does
not exist
implementation 'batik:batik-svg-dom:1.6-1'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
implementation 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
@@ -223,15 +223,15 @@ dependencies {
implementation 'org.codehaus.groovy:groovy-all:2.5.11' // Compile issue
with commons-cli and Groovy 3. Remember to change the version number in javadoc
block.
implementation 'org.freemarker:freemarker:2.3.31' // Remember to change
the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if
>= 2.4
implementation 'org.owasp.esapi:esapi:2.2.2.0'
- implementation 'org.springframework:spring-test:5.3.2'
+ implementation 'org.springframework:spring-test:5.3.9'
implementation 'org.zapodot:jackson-databind-java-optional:2.6.1'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
- implementation 'com.auth0:java-jwt:3.11.0'
+ implementation 'com.auth0:java-jwt:3.18.1'
implementation 'org.jdom:jdom:1.1.3' // don't upgrade above 1.1.3, makes a
lot of not obvious and useless complications, see last commits of OFBIZ-12092
for more
testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to
not depend on hamcrest-1.3
- testImplementation 'org.mockito:mockito-core:3.6.28'
+ testImplementation 'org.mockito:mockito-core:3.12.4'
testImplementation 'org.jmockit:jmockit:1.49'
testImplementation 'com.pholser:junit-quickcheck-generators:1.0'
@@ -239,14 +239,14 @@ dependencies {
runtimeOnly 'de.odysseus.juel:juel-spi:2.2.7'
runtimeOnly 'net.sf.barcode4j:barcode4j-fop-ext:2.1'
runtimeOnly 'net.sf.barcode4j:barcode4j:2.1'
- runtimeOnly 'org.apache.axis2:axis2-transport-http:1.7.9'
- runtimeOnly 'org.apache.axis2:axis2-transport-local:1.7.9'
+ runtimeOnly 'org.apache.axis2:axis2-transport-http:1.7.9' // Above:
SOAPEventHandler.java:42: error: package org.apache.axiom.om.impl.builder does
not exist
+ runtimeOnly 'org.apache.axis2:axis2-transport-local:1.7.9' // Above:
SOAPEventHandler.java:42: error: package org.apache.axiom.om.impl.builder does
not exist
runtimeOnly 'org.apache.derby:derby:10.14.2.0' // So far we did not
update from 10.14.2.0 because of a compile issue. You may try w/ a newer
version than 10.15.1.3
runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
- runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.14.0' // for
external jars using the old log4j1.2: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.14.0' // for external
jars using the java.util.logging: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.14.0' // for
external jars using slf4j: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.14.0' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
+ runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.14.1' // for
external jars using the old log4j1.2: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.14.1' // for external
jars using the java.util.logging: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.14.1' // for
external jars using slf4j: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.14.1' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
runtimeOnly 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'
// Dependencies defined by the plugins
@@ -257,9 +257,9 @@ dependencies {
}
junitReport 'junit:junit:4.13.1'
- junitReport 'org.apache.ant:ant-junit:1.10.9'
+ junitReport 'org.apache.ant:ant-junit:1.10.11'
asciidoctor 'org.asciidoctor:asciidoctorj-pdf:1.5.3'
- asciidoctor 'org.jruby:jruby-complete:9.2.14.0' // bug workaround - see
OFBIZ-9873
+ asciidoctor 'org.jruby:jruby-complete:9.2.19.0' // bug workaround - see
OFBIZ-9873
// Libraries downloaded manually
implementation fileTree(dir: file("${rootDir}/lib"), include: '**/*.jar')
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
index fb00c54..db2e18a 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
@@ -95,7 +95,7 @@ public final class UtilXml {
* as it is done in XStream 1.5.x by default. This method will do
therefore nothing in XStream 1.5
* and could be removed them
*/
- XStream.setupDefaultSecurity(xstream);
+ // XStream.setupDefaultSecurity(xstream);
/* You may want to enhance the white list created by
XStream::setupDefaultSecurity (or by default with XStream 1.5)
* using xstream::allowTypesByWildcard with your own classes
*/
