You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tamas Cservenak (Jira)" <ji...@apache.org> on 2022/11/12 12:06:00 UTC
[jira] [Created] (MRESOLVER-293) Update dependencies, align with Maven
Tamas Cservenak created MRESOLVER-293:
-----------------------------------------
Summary: Update dependencies, align with Maven
Key: MRESOLVER-293
URL: https://issues.apache.org/jira/browse/MRESOLVER-293
Project: Maven Resolver
Issue Type: Dependency upgrade
Reporter: Tamas Cservenak
Fix For: 1.9.1
Update dependencies, mostly to align with Maven.
Updates:
* Guice to 5.1.0 (align with Maven 3.9,0)
* Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
* Redisson 3.17.5 -> 3.17.7 (bugfixes)
* plexus-utils multiple -> 3.5.0 (runtime dependency)
* http transport used httpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
* wagon transport Wagon API 3.5.1 -> 3.5.2
* test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
* test dependency Mockito core 3.7.7 -> 4.8.1
Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these (exception is Wagon Transport).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)