This is an automated email from the ASF dual-hosted git repository.
pgil pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 403ed09794 Improved: Update build.gradle to the latest dependencies
(OFBIZ-10213)
403ed09794 is described below
commit 403ed09794d011378bcabae55e51be50ffedf101
Author: Gil <gil.portensei...@nereide.fr>
AuthorDate: Fri Sep 1 16:34:04 2023 +0200
Improved: Update build.gradle to the latest dependencies (OFBIZ-10213)
I did not update some major release version, there need to make specific
modifications and tests for those.
Codenarc will be done separatly since new error appears and break
threshold.
Build, check and integration test ok. Basic manual testing OK (order
creation
and pdf generation)
---
build.gradle | 58 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/build.gradle b/build.gradle
index 1c620bd171..0111a46362 100644
--- a/build.gradle
+++ b/build.gradle
@@ -35,7 +35,7 @@ plugins {
id 'org.asciidoctor.jvm.pdf' version '3.3.2'
id 'org.owasp.dependencycheck' version '7.4.4' apply false
id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
- id 'com.github.ben-manes.versions' version '0.42.0' apply false
+ id 'com.github.ben-manes.versions' version '0.47.0' apply false
id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
id "com.github.jakemarsden.git-hooks" version "0.0.2"
id "com.github.node-gradle.node" version '3.5.1' apply false
@@ -207,21 +207,21 @@ configurations.all {
}
dependencies {
- implementation 'com.github.ben-manes.caffeine:caffeine:3.1.1'
- implementation 'com.google.zxing:core:3.5.1'
+ implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
+ implementation 'com.google.zxing:core:3.5.2'
implementation
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
implementation 'com.googlecode.ez-vcard:ez-vcard:0.11.3'
implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
- implementation 'com.googlecode.libphonenumber:libphonenumber:8.12.57'
- implementation 'com.ibm.icu:icu4j:72.1'
+ implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.20'
+ implementation 'com.ibm.icu:icu4j:73.2'
implementation ('com.lowagie:itext:2.1.7') { // Don't update due to
license change in newer versions, see OFBIZ-10455
exclude group: 'bouncycastle', module: 'bcmail-jdk14'
exclude group: 'bouncycastle', module: 'bcprov-jdk14'
exclude group: 'bouncycastle', module: 'bctsp-jdk14'
}
implementation 'com.sun.mail:javax.mail:1.6.2'
- implementation 'com.rometools:rome:1.18.0'
- implementation 'com.thoughtworks.xstream:xstream:1.4.19'
+ implementation 'com.rometools:rome:2.1.0'
+ implementation 'com.thoughtworks.xstream:xstream:1.4.20'
implementation 'commons-cli:commons-cli:1.5.0'
implementation 'commons-fileupload:commons-fileupload:1.5'
implementation 'commons-net:commons-net:3.9.0'
@@ -230,43 +230,43 @@ dependencies {
implementation 'javax.transaction:javax.transaction-api:1.3'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
implementation 'net.lingala.zip4j:zip4j:2.11.5'
- implementation 'org.apache.ant:ant-junit:1.10.12'
+ implementation 'org.apache.ant:ant-junit:1.10.14'
implementation 'org.apache.commons:commons-collections4:4.4'
- implementation 'org.apache.commons:commons-csv:1.9.0'
+ implementation 'org.apache.commons:commons-csv:1.10.0'
implementation 'org.apache.commons:commons-dbcp2:2.9.0'
implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha
but OK, "Imaging was working and was used by a number of projects in production
even before reaching its initial release as an Apache Commons component."
implementation 'org.apache.commons:commons-text:1.10.0'
implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.5'
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
- implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13'
- implementation 'org.apache.logging.log4j:log4j-api:2.19.0' // the API of
log4j 2
- implementation 'org.apache.logging.log4j:log4j-core:2.19.0' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
+ implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
+ implementation 'org.apache.logging.log4j:log4j-api:2.20.0' // the API of
log4j 2
+ implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'.
Received status code 401 from server
- implementation 'org.apache.pdfbox:pdfbox:2.0.27'
+ implementation 'org.apache.pdfbox:pdfbox:2.0.29'
implementation 'org.apache.shiro:shiro-core:1.12.0'
- implementation 'org.apache.sshd:sshd-core:2.9.1'
- implementation 'org.apache.sshd:sshd-sftp:2.9.1'
+ implementation 'org.apache.sshd:sshd-core:2.10.0'
+ implementation 'org.apache.sshd:sshd-sftp:2.10.0'
implementation 'org.apache.tika:tika-core:2.5.0'
implementation 'org.apache.tika:tika-parsers:2.5.0'
implementation 'org.apache.tika:tika-parser-pdf-module:2.5.0'
- implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.4'
+ implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.6'
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.80' // Remember
to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.80'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
- implementation 'org.apache.xmlgraphics:batik-anim:1.14'
- implementation 'org.apache.xmlgraphics:batik-util:1.14'
- implementation 'org.apache.xmlgraphics:batik-bridge:1.14'
+ implementation 'org.apache.xmlgraphics:batik-anim:1.17'
+ implementation 'org.apache.xmlgraphics:batik-util:1.17'
+ implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
implementation 'org.clojure:clojure:1.11.1'
implementation 'org.codehaus.groovy:groovy-all:3.0.19'
implementation 'org.freemarker:freemarker:2.3.32' // Remember to change
the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if
>= 2.4
- implementation 'org.owasp.esapi:esapi:2.5.0.0'
+ implementation 'org.owasp.esapi:esapi:2.5.2.0'
implementation 'org.cyberneko:html:1.9.8'
- implementation 'org.springframework:spring-test:5.3.23'
- implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
+ implementation 'org.springframework:spring-test:5.3.29'
+ implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
- implementation 'com.auth0:java-jwt:4.2.1'
+ implementation 'com.auth0:java-jwt:4.4.0'
implementation 'org.jdom:jdom:1.1.3' // don't upgrade above 1.1.3, makes a
lot of not obvious and useless complications, see last commits of OFBIZ-12092
for more
implementation 'com.google.re2j:re2j:1.7'
implementation 'xerces:xercesImpl:2.12.2'
@@ -285,11 +285,11 @@ dependencies {
runtimeOnly 'org.apache.axis2:axis2-transport-local:1.8.2'
runtimeOnly 'org.apache.derby:derby:10.14.2.0' // So far we did not update
from 10.14.2.0 because of a runtime issue with 10.16.1.1:
java.lang.ClassNotFoundException: org.apache.derby.jdbc.EmbeddedDriver
runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
- runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.19.0' // for
external jars using the old log4j1.2: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.19.0' // for external
jars using the java.util.logging: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.19.0' // for
external jars using slf4j: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-web:2.19.0' //???
- runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.19.0' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
+ runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.20.0' // for
external jars using the old log4j1.2: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.20.0' // for external
jars using the java.util.logging: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.20.0' // for
external jars using slf4j: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-web:2.20.0' //???
+ runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.20.0' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
// Dependencies defined by the plugins
subprojects.each { subProject ->
@@ -299,7 +299,7 @@ dependencies {
}
junitReport 'junit:junit:4.13.2'
- junitReport 'org.apache.ant:ant-junit:1.10.12'
+ junitReport 'org.apache.ant:ant-junit:1.10.14'
// Libraries downloaded manually
implementation fileTree(dir: file("${rootDir}/lib"), include: '**/*.jar')
