You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Tamas Cservenak (Jira)" <ji...@apache.org> on 2022/11/13 14:25:00 UTC

[jira] [Updated] (MRESOLVER-293) Update dependencies, align with Maven

     [ https://issues.apache.org/jira/browse/MRESOLVER-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tamas Cservenak updated MRESOLVER-293:
--------------------------------------
    Component/s: Resolver

> Update dependencies, align with Maven
> -------------------------------------
>
>                 Key: MRESOLVER-293
>                 URL: https://issues.apache.org/jira/browse/MRESOLVER-293
>             Project: Maven Resolver
>          Issue Type: Dependency upgrade
>          Components: Resolver
>            Reporter: Tamas Cservenak
>            Assignee: Tamas Cservenak
>            Priority: Major
>             Fix For: 1.9.1
>
>
> Update dependencies, mostly to align with Maven.
> Updates:
>  * Guice to 5.1.0 (align with Maven 3.9,0)
>  * Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
>  * Redisson 3.17.5 -> 3.17.7 (bugfixes)
>  * plexus-utils multiple -> 3.5.0 (runtime dependency)
>  * http transport used httpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
>  * wagon transport Wagon API 3.5.1 -> 3.5.2
>  * test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
>  * test dependency Mockito core 3.7.7 -> 4.8.1
> Make sure plexus-utils, guava are NEVER in compile scope, as resolver should not use classes from these (exception is Wagon Transport).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)