This is an automated email from the ASF dual-hosted git repository.
jacopoc pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new fbb16d2d51 Improved: Bump minor versions of dependencies
fbb16d2d51 is described below
commit fbb16d2d51842965f24aecab1f6eb716a46ee6cf
Author: Jacopo Cappellato <[email protected]>
AuthorDate: Wed Apr 1 15:13:13 2026 +0200
Improved: Bump minor versions of dependencies
| Package | From | To |
| --- | --- | --- |
| com.gradle.develocity | `3.18.2` | `3.19.2` |
| com.gradle.common-custom-user-data-gradle-plugin | `2.0.2` | `2.4.0` |
|
[com.github.ben-manes.caffeine:caffeine](https://github.com/ben-manes/caffeine)
| `3.1.8` | `3.2.3` | |
[com.google.guava:guava](https://github.com/google/guava) | `33.3.1-jre`
| `33.5.0-jre` | |
[com.google.zxing:core](https://github.com/zxing/zxing) | `3.5.3` |
`3.5.4` | |
[com.googlecode.ez-vcard:ez-vcard](https://github.com/mangstadt/ez-vcard)
| `0.12.1` | `0.12.2` | |
[com.googlecode.libphonenumber:libphonenumber](https://github.com/google/libphonenumber)
| `8.13.52` | `8.13.55` | | com.github.librepdf:openpdf | `1.3.43` |
`1.4.2` | |
[commons-cli:commons-cli](https://github.com/apache/commons-cli) |
`1.5.0` | `1.11.0` | |
[commons-net:commons-net](https://github.com/apache/commons-net) |
`3.11.1` | `3.13.0` | |
[commons-validator:commons-validator](https://github.com/apache/commons-validator)
| `1.9.0` | `1.10.1` | |
[net.lingala.zip4j:zip4j](https://github.com/srikanth-lingala/zip4j) |
`2.11.5` | `2.11.6` | | org.apache.commons:commons-collections4 | `4.4`
| `4.5.0` | |
[org.apache.commons:commons-csv](https://github.com/apache/commons-csv)
| `1.12.0` | `1.14.1` | | org.apache.commons:commons-dbcp2 | `2.13.0` |
`2.14.0` | | org.apache.commons:commons-text | `1.12.0` | `1.14.1` | |
org.apache.logging.log4j:log4j-api | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-core | `2.24.2` | `2.25.3` | |
org.apache.poi:poi | `5.3.0` | `5.5.1` |
| org.apache.pdfbox:pdfbox | `3.0.5` | `3.0.7` |
| org.apache.pdfbox:pdfbox-io | `3.0.5` | `3.0.7` | |
org.apache.shiro:shiro-crypto-cipher | `2.0.2` | `2.1.0` | |
[org.apache.sshd:sshd-core](https://github.com/apache/mina-sshd) |
`2.14.0` | `2.17.1` | |
[org.apache.sshd:sshd-sftp](https://github.com/apache/mina-sshd) |
`2.14.0` | `2.17.1` | |
[org.apache.tika:tika-core](https://github.com/apache/tika) | `3.2.3` |
`3.3.0` | |
[org.apache.tika:tika-parsers](https://github.com/apache/tika) | `3.2.3`
| `3.3.0` | | org.apache.tika:tika-parser-pdf-module | `3.2.3` | `3.3.0`
| | org.apache.cxf:cxf-rt-frontend-jaxrs | `4.1.3` | `4.2.0` | |
org.apache.tomcat:tomcat-catalina-ha | `10.1.52` | `10.1.53` | |
org.apache.tomcat:tomcat-jasper | `10.1.52` | `10.1.53` | |
org.apache.xmlgraphics:batik-anim | `1.18` | `1.19` | |
org.apache.xmlgraphics:batik-util | `1.18` | `1.19` | |
org.apache.xmlgraphics:batik-bridge | `1.18` | `1.19` | |
[org.clojure:clojure](https://github.com/clojure/clojure) | `1.12.0` |
`1.12.4` | |
[org.apache.groovy:groovy-all](https://github.com/apache/groovy) |
`5.0.0-alpha-11` | `5.0.4` | |
[org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) |
`2.6.0.0` | `2.7.0.0` | |
[org.springframework:spring-test](https://github.com/spring-projects/spring-framework)
| `6.1.16` | `6.2.17` | |
[com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson)
| `2.18.2` | `2.21.2` | |
[com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.4.0` |
`4.5.1` | | [com.auth0:jwks-rsa](https://github.com/auth0/jwks-rsa-java)
| `0.22.2` | `0.23.0` | |
[com.google.re2j:re2j](https://github.com/google/re2j) | `1.7` | `1.8` |
|
[org.mustangproject:library](https://github.com/ZUGFeRD/mustangproject)
| `2.8.0` | `2.22.0` | |
[org.mockito:mockito-core](https://github.com/mockito/mockito) |
`5.14.2` | `5.23.0` | |
[org.jmockit:jmockit](https://github.com/jmockit/jmockit1) | `1.49` |
`1.50` | | org.apache.derby:derby | `10.16.1.1` | `10.17.1.0` | |
org.apache.derby:derbytools | `10.16.1.1` | `10.17.1.0` | |
org.apache.logging.log4j:log4j-1.2-api | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-jul | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-slf4j-impl | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-web | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-jcl | `2.24.2` | `2.25.3` | |
[org.codenarc:CodeNarc](https://github.com/CodeNarc/CodeNarc) |
`3.6.0-groovy-4.0` | `3.7.0-groovy-4.0` | |
org.apache.james:apache-mime4j-core | `0.8.10` | `0.8.13` | |
[org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) |
`1.78` | `1.83` | |
[org.testng:testng](https://github.com/testng-team/testng) | `7.7.0` |
`7.12.0` | | [gradle-wrapper](https://github.com/gradle/gradle) | `8.8`
| `8.14.4` |
Updates `com.gradle.develocity` from 3.18.2 to 3.19.2
Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.0.2
to
2.4.0
Updates `com.github.ben-manes.caffeine:caffeine` from 3.1.8 to 3.2.3
- [Release notes](https://github.com/ben-manes/caffeine/releases)
- [Commits](ben-manes/[email protected])
Updates `com.google.guava:guava` from 33.3.1-jre to 33.5.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)
Updates `com.google.zxing:core` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/zxing/zxing/releases)
- [Changelog](https://github.com/zxing/zxing/blob/master/CHANGES)
- [Commits](zxing/[email protected])
Updates `com.googlecode.ez-vcard:ez-vcard` from 0.12.1 to 0.12.2
- [Commits](mangstadt/[email protected])
Updates `com.googlecode.libphonenumber:libphonenumber` from 8.13.52 to
8.13.55
- [Release notes](https://github.com/google/libphonenumber/releases)
-
[Changelog](https://github.com/google/libphonenumber/blob/master/release_notes.txt)
- [Commits](google/[email protected])
Updates `com.github.librepdf:openpdf` from 1.3.43 to 1.4.2
Updates `commons-cli:commons-cli` from 1.5.0 to 1.11.0
-
[Changelog](https://github.com/apache/commons-cli/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/[email protected]/commons-cli-1.11.0)
Updates `commons-net:commons-net` from 3.11.1 to 3.13.0
-
[Changelog](https://github.com/apache/commons-net/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-net@rel/commons-net-3.11.1...rel/commons-net-3.13.0)
Updates `commons-validator:commons-validator` from 1.9.0 to 1.10.1
-
[Changelog](https://github.com/apache/commons-validator/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-validator@rel/commons-validator-1.9.0...rel/commons-validator-1.10.1)
Updates `net.lingala.zip4j:zip4j` from 2.11.5 to 2.11.6
- [Release notes](https://github.com/srikanth-lingala/zip4j/releases)
- [Commits](srikanth-lingala/[email protected])
Updates `org.activiti:activiti-juel-jakarta` from 8.1.0 to 8.8.0
Updates `org.apache.commons:commons-collections4` from 4.4 to 4.5.0
Updates `org.apache.commons:commons-csv` from 1.12.0 to 1.14.1
-
[Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-csv@rel/commons-csv-1.12.0...rel/commons-csv-1.14.1)
Updates `org.apache.commons:commons-dbcp2` from 2.13.0 to 2.14.0
Updates `org.apache.commons:commons-imaging` from 1.0-alpha3 to
1.0.0-alpha6
Updates `org.apache.commons:commons-text` from 1.12.0 to 1.14.1
Updates `org.apache.logging.log4j:log4j-api` from 2.24.2 to 2.25.3
Updates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3
Updates `org.apache.poi:poi` from 5.3.0 to 5.5.1
Updates `org.apache.pdfbox:pdfbox` from 3.0.5 to 3.0.7
Updates `org.apache.pdfbox:pdfbox-io` from 3.0.5 to 3.0.7
Updates `org.apache.shiro:shiro-crypto-cipher` from 2.0.2 to 2.1.0
Updates `org.apache.sshd:sshd-core` from 2.14.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
-
[Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/[email protected])
Updates `org.apache.sshd:sshd-sftp` from 2.14.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
-
[Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/[email protected])
Updates `org.apache.tika:tika-core` from 3.2.3 to 3.3.0
- [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt)
- [Commits](apache/[email protected])
Updates `org.apache.tika:tika-parsers` from 3.2.3 to 3.3.0
- [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt)
- [Commits](apache/[email protected])
Updates `org.apache.tika:tika-parser-pdf-module` from 3.2.3 to 3.3.0
Updates `org.apache.cxf:cxf-rt-frontend-jaxrs` from 4.1.3 to 4.2.0
Updates `org.apache.tomcat:tomcat-catalina-ha` from 10.1.52 to 10.1.53
Updates `org.apache.tomcat:tomcat-jasper` from 10.1.52 to 10.1.53
Updates `org.apache.xmlgraphics:batik-anim` from 1.18 to 1.19
Updates `org.apache.xmlgraphics:batik-util` from 1.18 to 1.19
Updates `org.apache.xmlgraphics:batik-bridge` from 1.18 to 1.19
Updates `org.clojure:clojure` from 1.12.0 to 1.12.4
- [Changelog](https://github.com/clojure/clojure/blob/master/changes.md)
- [Commits](clojure/[email protected])
Updates `org.apache.groovy:groovy-all` from 5.0.0-alpha-11 to 5.0.4
- [Commits](https://github.com/apache/groovy/commits)
Updates `org.owasp.esapi:esapi` from 2.6.0.0 to 2.7.0.0
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases)
- [Commits](ESAPI/[email protected])
Updates `org.springframework:spring-test` from 6.1.16 to 6.2.17
- [Release
notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/[email protected])
Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.2 to
2.21.2
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `com.auth0:java-jwt` from 4.4.0 to 4.5.1
- [Release notes](https://github.com/auth0/java-jwt/releases)
-
[Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/[email protected])
Updates `com.auth0:jwks-rsa` from 0.22.2 to 0.23.0
- [Release notes](https://github.com/auth0/jwks-rsa-java/releases)
-
[Changelog](https://github.com/auth0/jwks-rsa-java/blob/master/CHANGELOG.md)
- [Commits](auth0/[email protected])
Updates `com.google.re2j:re2j` from 1.7 to 1.8
- [Release notes](https://github.com/google/re2j/releases)
- [Commits](google/[email protected])
Updates `org.mustangproject:library` from 2.8.0 to 2.22.0
- [Release notes](https://github.com/ZUGFeRD/mustangproject/releases)
-
[Changelog](https://github.com/ZUGFeRD/mustangproject/blob/master/History.md)
- [Commits](ZUGFeRD/[email protected])
Updates `org.mockito:mockito-core` from 5.14.2 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/[email protected])
Updates `org.jmockit:jmockit` from 1.49 to 1.50
- [Commits](https://github.com/jmockit/jmockit1/commits)
Updates `org.apache.logging.log4j:log4j-1.2-api` from 2.24.2 to 2.25.3
Updates `org.apache.logging.log4j:log4j-jul` from 2.24.2 to 2.25.3
Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.24.2 to
2.25.3
Updates `org.apache.logging.log4j:log4j-web` from 2.24.2 to 2.25.3
Updates `org.apache.logging.log4j:log4j-jcl` from 2.24.2 to 2.25.3
Updates `org.codenarc:CodeNarc` from 3.6.0-groovy-4.0 to
3.7.0-groovy-4.0
- [Release notes](https://github.com/CodeNarc/CodeNarc/releases)
-
[Changelog](https://github.com/CodeNarc/CodeNarc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/CodeNarc/CodeNarc/commits)
Updates `org.apache.james:apache-mime4j-core` from 0.8.10 to 0.8.13
Updates `org.bouncycastle:bcprov-jdk18on` from 1.78 to 1.83
-
[Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)
Updates `org.testng:testng` from 7.7.0 to 7.12.0
- [Release notes](https://github.com/testng-team/testng/releases)
-
[Changelog](https://github.com/testng-team/testng/blob/master/CHANGES.txt)
- [Commits](testng-team/[email protected])
Updates `gradle-wrapper` from 8.8 to 8.14.4
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/[email protected])
---
updated-dependencies:
- dependency-name: com.gradle.develocity dependency-version: 3.19.2
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.gradle.common-custom-user-data-gradle-plugin
dependency-version: 2.4.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.github.ben-manes.caffeine:caffeine
dependency-version: 3.2.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.google.guava:guava dependency-version: 33.5.0-jre
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.google.zxing:core dependency-version: 3.5.4
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: com.googlecode.ez-vcard:ez-vcard dependency-version:
0.12.2 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: com.googlecode.libphonenumber:libphonenumber
dependency-version: 8.13.55 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: com.github.librepdf:openpdf dependency-version: 1.4.2
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-cli:commons-cli dependency-version: 1.11.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-net:commons-net dependency-version: 3.13.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-validator:commons-validator
dependency-version: 1.10.1 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: net.lingala.zip4j:zip4j dependency-version: 2.11.6
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.activiti:activiti-juel-jakarta
dependency-version: 8.8.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.commons:commons-collections4
dependency-version: 4.5.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.commons:commons-csv dependency-version:
1.14.1 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-dbcp2 dependency-version:
2.14.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-imaging
dependency-version: 1.0.0-alpha6 dependency-type: direct:production
dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-text dependency-version:
1.14.1 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-api
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-core
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.poi:poi dependency-version: 5.5.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.pdfbox:pdfbox dependency-version: 3.0.7
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.pdfbox:pdfbox-io dependency-version: 3.0.7
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.shiro:shiro-crypto-cipher
dependency-version: 2.1.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.sshd:sshd-core dependency-version: 2.17.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.sshd:sshd-sftp dependency-version: 2.17.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-core dependency-version: 3.3.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parsers dependency-version:
3.3.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parser-pdf-module
dependency-version: 3.3.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.cxf:cxf-rt-frontend-jaxrs
dependency-version: 4.2.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.tomcat:tomcat-catalina-ha
dependency-version: 10.1.53 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper dependency-version:
10.1.53 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-anim dependency-version:
'1.19' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-util dependency-version:
'1.19' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-bridge
dependency-version: '1.19' dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.clojure:clojure dependency-version: 1.12.4
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.groovy:groovy-all dependency-version:
5.0.4 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.owasp.esapi:esapi dependency-version: 2.7.0.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.springframework:spring-test dependency-version:
6.2.17 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
dependency-version: 2.21.2 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.auth0:java-jwt dependency-version: 4.5.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.auth0:jwks-rsa dependency-version: 0.23.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.google.re2j:re2j dependency-version: '1.8'
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.mustangproject:library dependency-version: 2.22.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.mockito:mockito-core dependency-version: 5.23.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.jmockit:jmockit dependency-version: '1.50'
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.derby:derby dependency-version: 10.17.1.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.derby:derbytools dependency-version:
10.17.1.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-1.2-api
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jul
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-slf4j-impl
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-web
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jcl
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.codenarc:CodeNarc dependency-version:
3.7.0-groovy-4.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.james:apache-mime4j-core
dependency-version: 0.8.13 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version:
'1.83' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.testng:testng dependency-version: 7.12.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: gradle-wrapper dependency-version: 8.14.4
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies ...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
dependencies.gradle | 104 +++++++++++++++----------------
gradle/wrapper/gradle-wrapper.jar | Bin 61574 -> 43764 bytes
gradle/wrapper/gradle-wrapper.properties | 2 +-
gradlew | 37 ++++++-----
gradlew.bat | 26 ++++----
settings.gradle | 4 +-
6 files changed, 91 insertions(+), 82 deletions(-)
diff --git a/dependencies.gradle b/dependencies.gradle
index 32cefad03f..94b36c1b82 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -18,76 +18,76 @@
*/
dependencies {
implementation 'com.drewnoakes:metadata-extractor:2.19.0'
- implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
- implementation 'com.google.guava:guava:33.3.1-jre'
- implementation 'com.google.zxing:core:3.5.3'
+ implementation 'com.github.ben-manes.caffeine:caffeine:3.2.3'
+ implementation 'com.google.guava:guava:33.5.0-jre'
+ implementation 'com.google.zxing:core:3.5.4'
implementation
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
- implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
+ implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.2'
implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
- implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.52'
+ implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.55'
implementation 'com.ibm.icu:icu4j:76.1'
- implementation 'com.github.librepdf:openpdf:1.3.43' // This is the last version with com.lowagie.text that is used (only) by PdfSurveyServices
class.
+ implementation 'com.github.librepdf:openpdf:1.4.2' // This is the last version with com.lowagie.text that is used (only) by PdfSurveyServices
class.
implementation 'com.sun.mail:javax.mail:1.6.2'
implementation 'com.rometools:rome:2.1.0'
implementation 'com.thoughtworks.xstream:xstream:1.4.21'
- implementation 'commons-cli:commons-cli:1.5.0' // with 1.6.0, 2 tests of
OfbizStartupUnitTests don't pass
- implementation 'commons-net:commons-net:3.11.1'
- implementation 'commons-validator:commons-validator:1.9.0'
+ implementation 'commons-cli:commons-cli:1.11.0'
+ implementation 'commons-net:commons-net:3.13.0'
+ implementation 'commons-validator:commons-validator:1.10.1'
implementation 'javax.transaction:javax.transaction-api:1.3'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
- implementation 'net.lingala.zip4j:zip4j:2.11.5'
+ implementation 'net.lingala.zip4j:zip4j:2.11.6'
implementation 'org.activiti:activiti-juel-jakarta:8.1.0'
implementation 'org.apache.ant:ant-junit:1.10.15'
- implementation 'org.apache.commons:commons-collections4:4.4'
- implementation 'org.apache.commons:commons-csv:1.12.0'
- implementation 'org.apache.commons:commons-dbcp2:2.13.0'
+ implementation 'org.apache.commons:commons-collections4:4.5.0'
+ implementation 'org.apache.commons:commons-csv:1.14.1'
+ implementation 'org.apache.commons:commons-dbcp2:2.14.0'
implementation 'org.apache.commons:commons-fileupload2-jakarta:2.0.0-M1'
implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha but OK, "Imaging was working and was used by a number of projects in
production even before reaching its initial release as an Apache Commons component." Since 1.0.0-alpha4 (note the use of semver) the API has
changed. Better wait an "official release" to rewrite OFBiz code...
- implementation 'org.apache.commons:commons-text:1.12.0'
+ implementation 'org.apache.commons:commons-text:1.15.0'
implementation
'org.apache.geronimo.components:geronimo-transaction:3.1.5' // 4.0.0 does not
compile
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
- implementation 'org.apache.logging.log4j:log4j-api:2.24.2' // the API of
log4j 2
- implementation 'org.apache.logging.log4j:log4j-core:2.24.2' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
- implementation 'org.apache.poi:poi:5.3.0'
- implementation 'org.apache.pdfbox:pdfbox:3.0.5'
- implementation 'org.apache.pdfbox:pdfbox-io:3.0.5'
+ implementation 'org.apache.logging.log4j:log4j-api:2.25.3' // the API of
log4j 2
+ implementation 'org.apache.logging.log4j:log4j-core:2.25.3' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
+ implementation 'org.apache.poi:poi:5.5.1'
+ implementation 'org.apache.pdfbox:pdfbox:3.0.7'
+ implementation 'org.apache.pdfbox:pdfbox-io:3.0.7'
implementation 'org.apache.shiro:shiro-core:1.13.0' // Got "Exception in thread "main" java.lang.UnsupportedOperationException: Cannot create
a hash with the given algorithm: argon2" with 2.0.2 in integration tests
- implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.2'
- implementation 'org.apache.sshd:sshd-core:2.14.0'
- implementation 'org.apache.sshd:sshd-sftp:2.14.0'
- implementation 'org.apache.tika:tika-core:3.2.3'
- implementation 'org.apache.tika:tika-parsers:3.2.3'
- implementation 'org.apache.tika:tika-parser-pdf-module:3.2.3'
- implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:4.1.3'
- implementation 'org.apache.tomcat:tomcat-catalina-ha:10.1.52' // Remember
to change the version number (10 now) in javadoc block if needed.
- implementation 'org.apache.tomcat:tomcat-jasper:10.1.52'
+ implementation 'org.apache.shiro:shiro-crypto-cipher:2.1.0'
+ implementation 'org.apache.sshd:sshd-core:2.17.1'
+ implementation 'org.apache.sshd:sshd-sftp:2.17.1'
+ implementation 'org.apache.tika:tika-core:3.3.0'
+ implementation 'org.apache.tika:tika-parsers:3.3.0'
+ implementation 'org.apache.tika:tika-parser-pdf-module:3.3.0'
+ implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:4.2.0'
+ implementation 'org.apache.tomcat:tomcat-catalina-ha:10.1.53' // Remember
to change the version number (10 now) in javadoc block if needed.
+ implementation 'org.apache.tomcat:tomcat-jasper:10.1.53'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
- implementation 'org.apache.xmlgraphics:batik-anim:1.18'
- implementation 'org.apache.xmlgraphics:batik-util:1.18'
- implementation 'org.apache.xmlgraphics:batik-bridge:1.18'
- implementation 'org.apache.xmlgraphics:fop:2.11' // NOTE: since 2.4 dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
- implementation 'org.clojure:clojure:1.12.0'
- implementation 'org.apache.groovy:groovy-all:5.0.0-alpha-11'
+ implementation 'org.apache.xmlgraphics:batik-anim:1.19'
+ implementation 'org.apache.xmlgraphics:batik-util:1.19'
+ implementation 'org.apache.xmlgraphics:batik-bridge:1.19'
+ implementation 'org.apache.xmlgraphics:fop:2.11'
+ implementation 'org.clojure:clojure:1.12.4'
+ implementation 'org.apache.groovy:groovy-all:5.0.4'
implementation 'org.freemarker:freemarker:2.3.34' // Remember to change the version number in FreeMarkerWorker class when upgrading. See
OFBIZ-10019 if >= 2.4
- implementation 'org.owasp.esapi:esapi:2.6.0.0'
- implementation 'org.springframework:spring-test:6.1.16'
- implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2'
+ implementation 'org.owasp.esapi:esapi:2.7.0.0'
+ implementation 'org.springframework:spring-test:6.2.17'
+ implementation 'com.fasterxml.jackson.core:jackson-databind:2.21.2'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
- implementation 'com.auth0:java-jwt:4.4.0'
- implementation 'com.auth0:jwks-rsa:0.22.2'
+ implementation 'com.auth0:java-jwt:4.5.1'
+ implementation 'com.auth0:jwks-rsa:0.23.0'
implementation 'org.jdom:jdom2:2.0.6.1'
- implementation 'com.google.re2j:re2j:1.7'
+ implementation 'com.google.re2j:re2j:1.8'
implementation 'xerces:xercesImpl:2.12.2'
- implementation('org.mustangproject:library:2.8.0') { // 2.10.0 did not work, cf. OFBIZ-12920
(https://github.com/apache/ofbiz-framework/pull/712#issuecomment-1968960963)
+ implementation('org.mustangproject:library:2.22.0') {
exclude group: 'pull-parser', module: 'pull-parser'
exclude group: 'xpp3', module: 'xpp3'
}
testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4
to not depend on hamcrest-1.3
- testImplementation 'org.mockito:mockito-core:5.14.2'
- testImplementation 'org.jmockit:jmockit:1.49'
+ testImplementation 'org.mockito:mockito-core:5.23.0'
+ testImplementation 'org.jmockit:jmockit:1.50'
testImplementation 'com.pholser:junit-quickcheck-generators:1.0'
runtimeOnly 'javax.xml.soap:javax.xml.soap-api:1.4.0'
@@ -99,24 +99,24 @@ dependencies {
runtimeOnly 'org.apache.derby:derby:10.16.1.1' // 10.17.x.x requires Java
21
runtimeOnly 'org.apache.derby:derbytools:10.16.1.1' // 10.17.x.x requires
Java 21
runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
- runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.24.2' // for
external jars using the old log4j1.2: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.24.2' // for external
jars using the java.util.logging: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.24.2' // for
external jars using slf4j: routes logging to log4j 2
- runtimeOnly 'org.apache.logging.log4j:log4j-web:2.24.2' //???
- runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.24.2' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
+ runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.25.3' // for
external jars using the old log4j1.2: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.25.3' // for external
jars using the java.util.logging: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.25.3' // for
external jars using slf4j: routes logging to log4j 2
+ runtimeOnly 'org.apache.logging.log4j:log4j-web:2.25.3' //???
+ runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.25.3' // need to
constrain to version to avoid classpath conflict (ReflectionUtil)
// specify last codenarc version for java 17 compliance
- codenarc('org.codenarc:CodeNarc:3.6.0-groovy-4.0')
+ codenarc('org.codenarc:CodeNarc:3.7.0-groovy-4.0')
// use constraints to update transitive dependencies
constraints {
- implementation('org.apache.james:apache-mime4j-core:0.8.10') {
+ implementation('org.apache.james:apache-mime4j-core:0.8.13') {
because 'CVE-2024-21742'
}
- implementation('org.bouncycastle:bcprov-jdk18on:1.78') {
+ implementation('org.bouncycastle:bcprov-jdk18on:1.83') {
because 'CVE-2024-29857, CVE-2024-30171, CVE-2024-30172,
CVE-2024-34447'
}
- implementation('org.testng:testng:7.7.0') {
+ implementation('org.testng:testng:7.12.0') {
because 'CVE-2022-4065'
}
}
diff --git a/gradle/wrapper/gradle-wrapper.jar
b/gradle/wrapper/gradle-wrapper.jar
index 943f0cbfa7..1b33c55baa 100644
Binary files a/gradle/wrapper/gradle-wrapper.jar and
b/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/gradle/wrapper/gradle-wrapper.properties
b/gradle/wrapper/gradle-wrapper.properties
index 2617362fd0..a3c498af74 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.4-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index 65dcd68d65..23d15a9367 100755
--- a/gradlew
+++ b/gradlew
@@ -15,6 +15,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
+# SPDX-License-Identifier: Apache-2.0
+#
##############################################################################
#
@@ -55,7 +57,7 @@
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
-#
https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#
https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,10 +85,8 @@ done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to
pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set
(https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) ||
exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
@@ -114,7 +114,7 @@ case "$( uname )" in #(
NONSTOP* ) nonstop=true ;;
esac
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""
# Determine the Java command to use to start the JVM.
@@ -133,10 +133,13 @@ location of your Java installation."
fi
else
JAVACMD=java
- which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no
'java' command could be found in your PATH.
+ if ! command -v java >/dev/null 2>&1
+ then
+ die "ERROR: JAVA_HOME is not set and no 'java' command could be found
in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
+ fi
fi
# Increase the maximum file descriptors if we can.
@@ -144,7 +147,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is
checked to see if it worked.
- # shellcheck disable=SC3045
+ # shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
@@ -152,7 +155,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is
checked to see if it worked.
- # shellcheck disable=SC3045
+ # shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
@@ -197,16 +200,20 @@ if "$cygwin" || "$msys" ; then
done
fi
-# Collect all arguments for the java command;
-# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-# shell script including quotes and variable substitutions, so put them in
-# double quotes to make sure that they get re-expanded; and
-# * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to
pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+# * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to
contain shell fragments,
+# and any embedded shellness will be escaped.
+# * For example: A user cannot expect ${Hostname} to be expanded, as it is
an environment variable and will be
+# treated as '${Hostname}' itself on the command line.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
- org.gradle.wrapper.GradleWrapperMain \
+ -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
"$@"
# Stop when "xargs" is not available.
diff --git a/gradlew.bat b/gradlew.bat
index 93e3f59f13..db3a6ac207 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
@if "%DEBUG%"=="" @echo off
@rem
##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your
PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
@@ -57,22 +59,22 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
:execute
@rem Setup the command line
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%"
org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar
"%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
:end
@rem End local scope for the variables with windows NT shell
diff --git a/settings.gradle b/settings.gradle
index c9dba9cf04..48ceb2c68d 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -18,8 +18,8 @@
*/
plugins {
- id 'com.gradle.develocity' version '3.18.2'
- id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2'
+ id 'com.gradle.develocity' version '3.19.2'
+ id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.4.0'
}
def isCI = System.getenv('GITHUB_ACTIONS') != null
