You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tamas Cservenak (Jira)" <ji...@apache.org> on 2022/11/13 14:25:00 UTC
[jira] [Updated] (MRESOLVER-293) Update dependencies, align with Maven
[ https://issues.apache.org/jira/browse/MRESOLVER-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Cservenak updated MRESOLVER-293:
--------------------------------------
Component/s: Resolver
> Update dependencies, align with Maven
> -------------------------------------
>
> Key: MRESOLVER-293
> URL: https://issues.apache.org/jira/browse/MRESOLVER-293
> Project: Maven Resolver
> Issue Type: Dependency upgrade
> Components: Resolver
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 1.9.1
>
>
> Update dependencies, mostly to align with Maven.
> Updates:
> * Guice to 5.1.0 (align with Maven 3.9,0)
> * Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
> * Redisson 3.17.5 -> 3.17.7 (bugfixes)
> * plexus-utils multiple -> 3.5.0 (runtime dependency)
> * http transport used httpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
> * wagon transport Wagon API 3.5.1 -> 3.5.2
> * test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
> * test dependency Mockito core 3.7.7 -> 4.8.1
> Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these (exception is Wagon Transport).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)