You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2022/11/12 12:10:09 UTC
[GitHub] [maven-resolver] cstamas opened a new pull request, #220: [MRESOLVER-293] Update dependencies
cstamas opened a new pull request, #220:
URL: https://github.com/apache/maven-resolver/pull/220
Update dependencies, mostly to align with Maven.
Updates:
* Guice to 5.1.0 (align with Maven 3.9,0)
* Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
* Redisson 3.17.5 -> 3.17.7 (bugfixes)
* plexus-utils multiple -> 3.5.0 (runtime dependency)
* http transport used HttpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
* wagon transport Wagon API 3.5.1 -> 3.5.2
* test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
* test dependency Mockito core 3.7.7 -> 4.8.1
Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these
(exception is Wagon Transport).
---
https://issues.apache.org/jira/browse/MRESOLVER-293
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020787109
##########
maven-resolver-named-locks-redisson/pom.xml:
##########
@@ -39,7 +39,7 @@
<Automatic-Module-Name>org.apache.maven.resolver.named.redisson</Automatic-Module-Name>
<Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
<!-- Used in site also -->
- <redissonVersion>3.17.5</redissonVersion>
+ <redissonVersion>3.17.7</redissonVersion>
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020786755
##########
maven-resolver-transport-http/pom.xml:
##########
@@ -66,6 +66,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.15</version>
+ </dependency>
Review Comment:
Fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020784109
##########
maven-resolver-demos/maven-resolver-demo-snippets/pom.xml:
##########
@@ -127,7 +111,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <scope>compile</scope>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
Review Comment:
Yes, needed during run time of demo, but I don't want to compile anything against it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] cstamas merged pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
cstamas merged PR #220:
URL: https://github.com/apache/maven-resolver/pull/220
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] michael-o commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
michael-o commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020777106
##########
maven-resolver-demos/maven-resolver-demo-snippets/pom.xml:
##########
@@ -127,7 +111,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <scope>compile</scope>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
Review Comment:
Are you certain about provided to runtime?
##########
maven-resolver-named-locks-redisson/pom.xml:
##########
@@ -39,7 +39,7 @@
<Automatic-Module-Name>org.apache.maven.resolver.named.redisson</Automatic-Module-Name>
<Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
<!-- Used in site also -->
- <redissonVersion>3.17.5</redissonVersion>
+ <redissonVersion>3.17.7</redissonVersion>
Review Comment:
Requires an update to the Markdown page.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven-resolver] slawekjaranowski commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies
Posted by GitBox <gi...@apache.org>.
slawekjaranowski commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020776746
##########
maven-resolver-transport-http/pom.xml:
##########
@@ -66,6 +66,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.15</version>
+ </dependency>
Review Comment:
When it is not used directly by code, I prefer dependency management for only version update
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org