This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 610e249758 Improved: Update build.gradle to the latest dependencies
(OFBIZ-13194)
610e249758 is described below
commit 610e2497588f74930a5a67f4f867e9511c00f3be
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Dec 13 11:05:21 2024 +0100
Improved: Update build.gradle to the latest dependencies (OFBIZ-13194)
Thanks to previous precious Danny Trunk's work at OFBIZ-13123, this time the
effort was not too hard.
There are 2 aspects:
1) In build.gradle:
Uses <<version "latest.release">> for plugins following
https://docs.gradle.org/7.0/release-notes.html#using-dynamic-versions-in-the-plugins-block
Updates junitReport to 'org.apache.ant:ant-junit:1.10.15'
checkstyle to toolVersion = '10.20.2'
Adds a commented out "useLatestVersions" section. Commented out because
I tried to use the recommended useLatestVersions and
useLatestVersionsCheck
ie gradlew -PenableDependencyUpdates useLatestVersions
&& gradlew -PenableDependencyUpdates useLatestVersionsCheck
and got an issue:
Execution failed for task ':useLatestVersionsCheck'
Maybe because of:
Failed to determine the latest version for the following dependencies
- org.apereo.cas:cas-server-support-ldap-core
- org.safehaus.jug:jug
This said it was useful, could be more if we complete the
"useLatestVersions"
section
2) In Dependencies the "standard" updates with new comments when needed
ie removing or commenting issues in code with the help of
useLatestVersions
feature
---
build.gradle | 60 +++++++++++++++++++++++++++++++++++++++++++----------
dependencies.gradle | 52 +++++++++++++++++++++++-----------------------
2 files changed, 75 insertions(+), 37 deletions(-)
diff --git a/build.gradle b/build.gradle
index 0c102612ac..61f3424f86 100644
--- a/build.gradle
+++ b/build.gradle
@@ -23,20 +23,21 @@ import org.asciidoctor.gradle.jvm.AsciidoctorTask
* Project setup
* ======================================================== */
plugins {
- id 'application'
+ id 'application' // plugins that are versioned as part of Gradle are using
simple quotes to differentiate them
id 'groovy'
id 'eclipse'
id 'checkstyle'
id 'codenarc'
id 'maven-publish'
- id 'org.asciidoctor.jvm.convert' version '4.0.2'
- id 'org.asciidoctor.jvm.pdf' version '4.0.2'
- id 'org.owasp.dependencycheck' version '10.0.2' apply false
- id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
- id 'com.github.ben-manes.versions' version '0.51.0' apply false
- id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
- id "com.github.jakemarsden.git-hooks" version "0.0.2"
- id "com.github.node-gradle.node" version '7.0.2' apply false
+ id "org.asciidoctor.jvm.convert" version "latest.release"
+ id "org.asciidoctor.jvm.pdf" version "latest.release"
+ id "org.owasp.dependencycheck" version "latest.release" apply false
+ //id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
+ id "se.patrikerdes.use-latest-versions" version "latest.release" apply
false
+ id "com.github.ben-manes.versions" version "latest.release" apply false
+ id "com.github.ManifestClasspath" version "latest.release"
+ id "com.github.jakemarsden.git-hooks" version "latest.release"
+ id "com.github.node-gradle.node" version "latest.release" apply false
}
/* OWASP plugin
@@ -71,6 +72,43 @@ if (project.hasProperty('enableDependencyUpdates')) {
apply plugin: 'se.patrikerdes.use-latest-versions'
}
+/* Configuration and default values. By default not available as it breacks
Gradle build even when useLatestVersionsCheck (see above) is used.
+useLatestVersions {
+ // A whitelist of dependencies to update, in the format of group:name
+ // Equal to command line: --update-dependency=[values]
+ updateWhitelist = []
+ // A blacklist of dependencies to update, in the format of group:name
+ // Equal to command line: --ignore-dependency=[values]
+ updateBlacklist = []
+ // When enabled, root project gradle.properties will also be populated with
+ // versions from subprojects in multi-project build
+ // Equal to command line: --update-root-properties
+ updateRootProperties = false
+ // By default plugin tries to find all relevant gradle files (e.g.
*.gradle, gradle.properties etc).
+ // This can be slow in some cases when project has a lot of gradle files.
For example when using conventions
+ // in buildSrc. With this option you can specify what files should plugin
search and check. Plugin will ignore
+ // files that don't exist. Empty list means use default strategy. File
paths are relative to project dir.
+ //
+ // Example:
+ // versionFiles = ["gradle.build", "gradle.properties"]
+ // Will check just $projectDir/gradle.build and
$projectDir/gradle.properties
+ //
+ // Note:
+ // You always have to specify file that has dependencies in some common
dependency format with artifact coordinates,
+ // e.g. compileOnly "group:module:version" or
compileOnly("group:module:version") or val dependency = "group:module:version"
etc.
+ // For example if you set just versionFiles = ["gradle.properties"] this
won't work, since plugin
+ // won't be able to correlate variable with artifact coordinates.
+ //
+ // Equal to command line: --version-files=[values]
+ versionFiles = []
+ // List of root project files to update when updateRootProperties is
enabled.
+ // `build.gradle` is not an acceptable entry here as it breaks other
expected
+ // functionality. Version variables in `build.gradle` need to be moved into
+ // a separate file which can be listed here.
+ // Equal to command line: --root-version-files=[values]
+ //rootVersionFiles = ['gradle.properties']
+}*/
+
apply from: 'common.gradle'
apply from: 'dependencies.gradle'
@@ -218,7 +256,7 @@ dependencies {
}
junitReport 'junit:junit:4.13.2'
- junitReport 'org.apache.ant:ant-junit:1.10.14'
+ junitReport 'org.apache.ant:ant-junit:1.10.15'
// Libraries downloaded manually
implementation fileTree(dir: file("${rootDir}/lib"), include: '**/*.jar')
@@ -295,7 +333,7 @@ checkstyle {
// Currently there are no errors so we can show new one when they appear
showViolations = true
// Specify tool version so we can keep it up-to-date
- toolVersion = '10.17.0'
+ toolVersion = '10.20.2'
}
gitHooks {
hooks = ['pre-push': 'checkstyleMain codenarcMain codenarcTest']
diff --git a/dependencies.gradle b/dependencies.gradle
index ae9e8a39a6..f296993486 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -18,13 +18,13 @@
*/
dependencies {
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
- implementation 'com.google.guava:guava:33.2.1-jre'
+ implementation 'com.google.guava:guava:33.3.1-jre'
implementation 'com.google.zxing:core:3.5.3'
implementation
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
- implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
- implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.31'
- implementation 'com.ibm.icu:icu4j:74.2'
+ implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
+ implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.52'
+ implementation 'com.ibm.icu:icu4j:76.1'
implementation ('com.lowagie:itext:2.1.7') { // Don't update due to
license change in newer versions, see OFBIZ-10455
exclude group: 'bouncycastle', module: 'bcmail-jdk14'
exclude group: 'bouncycastle', module: 'bcprov-jdk14'
@@ -32,21 +32,21 @@ dependencies {
}
implementation 'com.sun.mail:javax.mail:1.6.2'
implementation 'com.rometools:rome:2.1.0'
- implementation 'com.thoughtworks.xstream:xstream:1.4.20'
+ implementation 'com.thoughtworks.xstream:xstream:1.4.21'
implementation 'commons-cli:commons-cli:1.5.0' // with 1.6.0, 2 tests of
OfbizStartupUnitTests don't pass
implementation 'commons-fileupload:commons-fileupload:1.5'
- implementation 'commons-net:commons-net:3.10.0'
- implementation 'commons-validator:commons-validator:1.8.0'
+ implementation 'commons-net:commons-net:3.11.1'
+ implementation 'commons-validator:commons-validator:1.9.0'
implementation 'de.odysseus.juel:juel-impl:2.2.7'
implementation 'javax.transaction:javax.transaction-api:1.3'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
implementation 'net.lingala.zip4j:zip4j:2.11.5'
- implementation 'org.apache.ant:ant-junit:1.10.14'
+ implementation 'org.apache.ant:ant-junit:1.10.15'
implementation 'org.apache.commons:commons-collections4:4.4'
- implementation 'org.apache.commons:commons-csv:1.10.0'
+ implementation 'org.apache.commons:commons-csv:1.12.0'
implementation 'org.apache.commons:commons-dbcp2:2.13.0'
implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha
but OK, "Imaging was working and was used by a number of projects in production
even before reaching its initial release as an Apache Commons component." Since
1.0.0-alpha4 (note the use of semver) the API has changed. Better wait an
"official release" to rewrite OFBiz code...
- implementation 'org.apache.commons:commons-text:1.11.0'
+ implementation 'org.apache.commons:commons-text:1.12.0'
implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.5'
// 4.0.0 does not compile
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
@@ -54,28 +54,28 @@ dependencies {
implementation 'org.apache.logging.log4j:log4j-core:2.24.2' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:5.3.0'
implementation 'org.apache.pdfbox:pdfbox:2.0.32' // 3.0.1 does not compile
- implementation 'org.apache.shiro:shiro-core:1.13.0'
- implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.0'
- implementation 'org.apache.sshd:sshd-core:2.13.1'
- implementation 'org.apache.sshd:sshd-sftp:2.13.1'
- implementation 'org.apache.tika:tika-core:2.9.2'
- implementation 'org.apache.tika:tika-parsers:2.9.2'
- implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2'
+ implementation 'org.apache.shiro:shiro-core:1.13.0' // Got "Exception in
thread "main" java.lang.UnsupportedOperationException: Cannot create a hash
with the given algorithm: argon2" with 2.0.2 in integration tests
+ implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.2'
+ implementation 'org.apache.sshd:sshd-core:2.14.0'
+ implementation 'org.apache.sshd:sshd-sftp:2.14.0'
+ implementation 'org.apache.tika:tika-core:2.9.2' // To be compatible
with tika-parser-pdf-module below
+ implementation 'org.apache.tika:tika-parsers:2.9.2' // To be compatible
with tika-parser-pdf-module below
+ implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2' // > 2.9.2
does not compile, see OFBIZ-13155
implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.6.4' // 4.x+
requires javax.xml.bind -> jakarta.xml.bind namespace change
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.97' // Remember
to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.97'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
- implementation 'org.apache.xmlgraphics:batik-anim:1.17'
- implementation 'org.apache.xmlgraphics:batik-util:1.17'
- implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
+ implementation 'org.apache.xmlgraphics:batik-anim:1.18'
+ implementation 'org.apache.xmlgraphics:batik-util:1.18'
+ implementation 'org.apache.xmlgraphics:batik-bridge:1.18'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
- implementation 'org.clojure:clojure:1.11.3'
- implementation 'org.apache.groovy:groovy-all:4.0.22'
+ implementation 'org.clojure:clojure:1.12.0'
+ implementation 'org.apache.groovy:groovy-all:5.0.0-alpha-11'
implementation 'org.freemarker:freemarker:2.3.34-SNAPSHOT' // Remember to
change the version number in FreeMarkerWorker class when upgrading. See
OFBIZ-10019 if >= 2.4
- implementation 'org.owasp.esapi:esapi:2.5.4.0'
+ implementation 'org.owasp.esapi:esapi:2.6.0.0'
implementation 'org.cyberneko:html:1.9.8'
implementation 'org.springframework:spring-test:5.3.29' // 6.1.4 does not
compile
- implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1'
+ implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
implementation 'com.auth0:java-jwt:4.4.0'
@@ -88,7 +88,7 @@ dependencies {
}
testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to
not depend on hamcrest-1.3
- testImplementation 'org.mockito:mockito-core:5.10.0'
+ testImplementation 'org.mockito:mockito-core:5.14.2'
testImplementation 'org.jmockit:jmockit:1.49'
testImplementation 'com.pholser:junit-quickcheck-generators:1.0'
@@ -108,7 +108,7 @@ dependencies {
runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.24.2' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
// specify last codenarc version for java 17 compliance
- codenarc('org.codenarc:CodeNarc:3.4.0')
+ codenarc('org.codenarc:CodeNarc:3.5.0')
// use constraints to update transitive dependencies
constraints {
