You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Tamas Cservenak (Jira)" <ji...@apache.org> on 2022/11/12 12:06:00 UTC

[jira] [Created] (MRESOLVER-293) Update dependencies, align with Maven

Tamas Cservenak created MRESOLVER-293:
-----------------------------------------

             Summary: Update dependencies, align with Maven
                 Key: MRESOLVER-293
                 URL: https://issues.apache.org/jira/browse/MRESOLVER-293
             Project: Maven Resolver
          Issue Type: Dependency upgrade
            Reporter: Tamas Cservenak
             Fix For: 1.9.1


Update dependencies, mostly to align with Maven.

Updates:
 * Guice to 5.1.0 (align with Maven 3.9,0)
 * Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
 * Redisson 3.17.5 -> 3.17.7 (bugfixes)
 * plexus-utils multiple -> 3.5.0 (runtime dependency)
 * http transport used httpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
 * wagon transport Wagon API 3.5.1 -> 3.5.2
 * test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
 * test dependency Mockito core 3.7.7 -> 4.8.1

Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these (exception is Wagon Transport).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)