You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/16 19:04:00 UTC

[jira] [Commented] (GEODE-10046) bump dependencies in 1.16

    [ https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507816#comment-17507816 ] 

ASF subversion and git services commented on GEODE-10046:
---------------------------------------------------------

Commit 9ff27b37cf5cc7a97700c64c77a28eefe8ae9d4a in geode's branch refs/heads/develop from Owen Nichols
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=9ff27b3 ]

GEODE-10046: Bump 3rd-party dependency versions (#7434)

Geode endeavors to update to the latest version of 3rd-party
dependencies on develop wherever possible.  Doing so increases the
shelf life of releases and increases security and reliability.
Doing so regularly makes the occasional hiccups this can cause easier
to pinpoint and address.

Dependency bumps in this batch:
* Bump awaitility from 4.1.1 to 4.2.0
* Bump cargo from 1.9.9 to 1.9.10
* Bump classgraph from 4.8.138 to 4.8.141
* Bump guava from 31.0.1-jre to 31.1-jre
* Bump jackson from 2.13.1 to 2.13.2
* Bump jetty from 9.4.44.v20210927 to 9.4.45.v20220203
* Bump junit-pioneer from 1.5.0 to 1.6.1
* Bump log4j from 2.17.1 to 2.17.2
* Bump micrometer-core from 1.8.2 to 1.8.3
* Bump mockito from 4.3.1 to 4.4.0
* Bump spring from 5.3.15 to 5.3.16
* Bump spring-boot-starter from 2.6.3 to 2.6.4
* Bump spring-ldap from 2.3.5.RELEASE to 2.3.6.RELEASE
* Bump spring-security from 5.6.1 to 5.6.2
* Bump spring-session from 2.6.1 to 2.6.2
* Bump tomcat from 9.0.58 to 9.0.59


> bump dependencies in 1.16
> -------------------------
>
>                 Key: GEODE-10046
>                 URL: https://issues.apache.org/jira/browse/GEODE-10046
>             Project: Geode
>          Issue Type: Improvement
>          Components: build
>            Reporter: Owen Nichols
>            Assignee: Owen Nichols
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.16.0
>
>
> until support/1.16 is cut, periodically check for and switch to latest version of 3rd-party dependencies.  this will extend the shelf-life of eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at least give a smaller delta if there is later a cve found that we need to patch for



--
This message was sent by Atlassian Jira
(v8.20.1#820001)