You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Shawn McKinney (Jira)" <ji...@apache.org> on 2019/12/10 16:40:00 UTC
[jira] [Created] (FC-274) Upgrade maven plugins and dependencies
Shawn McKinney created FC-274:
---------------------------------
Summary: Upgrade maven plugins and dependencies
Key: FC-274
URL: https://issues.apache.org/jira/browse/FC-274
Project: FORTRESS
Issue Type: Improvement
Affects Versions: 2.0.3
Reporter: Shawn McKinney
Assignee: Shawn McKinney
Fix For: 2.0.4
Exclude dom4j from ldap api due to CVE-2018-1000632.
Note, this has been upgraded to proper version in latest api, but fortress is on back level 1.x
<dom4j.version>2.1.1</dom4j.version>
More changes to depends:
fortress core:
[INFO] The following dependencies in Dependencies have newer versions:
[INFO] com.fasterxml.jackson.core:jackson-annotations ....... 2.9.7 -> 2.10.1 *
[INFO] commons-codec:commons-codec ............................. 1.11 -> 1.13 *
[INFO] javax:javaee-api ........................................ 8.0 -> 8.0.1 *
[INFO] javax.ws.rs:javax.ws.rs-api ............................. 2.1 -> 2.1.1 *
[INFO] org.apache.httpcomponents:httpclient ................. 4.5.6 -> 4.5.10 *
[INFO] org.apache.httpcomponents:httpcore .................. 4.4.10 -> 4.4.12 *
[INFO] org.jasypt:jasypt ..................................... 1.9.2 -> 1.9.3 *
[INFO] org.jgrapht:jgrapht-core .............................. 1.0.0 -> 1.3.1 *
[INFO] org.slf4j:slf4j-api ........................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)
[INFO] org.slf4j:slf4j-log4j12 ....................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)
also updated plugs for core:
[INFO] maven-assembly-plugin ................................ 3.0.0 -> 3.2.0
[INFO] maven-clean-plugin ................................... 3.0.0 -> 3.1.0
[INFO] maven-compiler-plugin ................................ 3.8.0 -> 3.8.1
[INFO] maven-deploy-plugin ................................. 2.8.2 -> 3.0.0-M1
[INFO] maven-install-plugin ................................ 2.5.2 -> 3.0.0-M1
[INFO] maven-jar-plugin ..................................... 3.0.2 -> 3.2.0
[INFO] maven-site-plugin ...................................... 3.4 -> 3.8.2
[INFO] maven-source-plugin .................................. 3.0.0 -> 3.2.0
[INFO] org.owasp:dependency-check-maven ..................... 3.3.4 -> 5.0.0
except for:
[INFO] maven-surefire-plugin ............................ 2.18.1 -> 3.0.0-M4
which causes the test behavior to change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org