You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2022/11/12 12:10:09 UTC

[GitHub] [maven-resolver] cstamas opened a new pull request, #220: [MRESOLVER-293] Update dependencies

cstamas opened a new pull request, #220:
URL: https://github.com/apache/maven-resolver/pull/220

   Update dependencies, mostly to align with Maven.
   
   Updates:
   * Guice to 5.1.0 (align with Maven 3.9,0)
   * Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
   * Redisson 3.17.5 -> 3.17.7 (bugfixes)
   * plexus-utils multiple -> 3.5.0 (runtime dependency)
   * http transport used HttpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
   * wagon transport Wagon API 3.5.1 -> 3.5.2
   * test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
   * test dependency Mockito core 3.7.7 -> 4.8.1
   
   Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these
   (exception is Wagon Transport).
   
   ---
   
   https://issues.apache.org/jira/browse/MRESOLVER-293


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020787109


##########
maven-resolver-named-locks-redisson/pom.xml:
##########
@@ -39,7 +39,7 @@
     <Automatic-Module-Name>org.apache.maven.resolver.named.redisson</Automatic-Module-Name>
     <Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
     <!-- Used in site also -->
-    <redissonVersion>3.17.5</redissonVersion>
+    <redissonVersion>3.17.7</redissonVersion>

Review Comment:
   Done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020786755


##########
maven-resolver-transport-http/pom.xml:
##########
@@ -66,6 +66,11 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>commons-codec</groupId>
+      <artifactId>commons-codec</artifactId>
+      <version>1.15</version>
+    </dependency>

Review Comment:
   Fixed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] cstamas commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

cstamas commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020784109


##########
maven-resolver-demos/maven-resolver-demo-snippets/pom.xml:
##########
@@ -127,7 +111,7 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-simple</artifactId>
-      <scope>compile</scope>
+      <scope>runtime</scope>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

Review Comment:
   Yes, needed during run time of demo, but I don't want to compile anything against it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] cstamas merged pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

cstamas merged PR #220:
URL: https://github.com/apache/maven-resolver/pull/220


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] michael-o commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

michael-o commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020777106


##########
maven-resolver-demos/maven-resolver-demo-snippets/pom.xml:
##########
@@ -127,7 +111,7 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-simple</artifactId>
-      <scope>compile</scope>
+      <scope>runtime</scope>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

Review Comment:
   Are you certain about provided to runtime?



##########
maven-resolver-named-locks-redisson/pom.xml:
##########
@@ -39,7 +39,7 @@
     <Automatic-Module-Name>org.apache.maven.resolver.named.redisson</Automatic-Module-Name>
     <Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
     <!-- Used in site also -->
-    <redissonVersion>3.17.5</redissonVersion>
+    <redissonVersion>3.17.7</redissonVersion>

Review Comment:
   Requires an update to the Markdown page.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-resolver] slawekjaranowski commented on a diff in pull request #220: [MRESOLVER-293] Update dependencies

Posted by GitBox <gi...@apache.org>.

slawekjaranowski commented on code in PR #220:
URL: https://github.com/apache/maven-resolver/pull/220#discussion_r1020776746


##########
maven-resolver-transport-http/pom.xml:
##########
@@ -66,6 +66,11 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>commons-codec</groupId>
+      <artifactId>commons-codec</artifactId>
+      <version>1.15</version>
+    </dependency>

Review Comment:
   When  it is not used directly by code, I prefer dependency management for only version update



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org