You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2022/06/02 10:49:24 UTC
[archiva] branch master updated: MRM-2051: upgrade dom4j due to cves (#106)
This is an automated email from the ASF dual-hosted git repository.
olamy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva.git
The following commit(s) were added to refs/heads/master by this push:
new 2b3313668 MRM-2051: upgrade dom4j due to cves (#106)
2b3313668 is described below
commit 2b331366848df06183912e15482f73de698fb15e
Author: PJ Fanning <pj...@users.noreply.github.com>
AuthorDate: Thu Jun 2 11:49:19 2022 +0100
MRM-2051: upgrade dom4j due to cves (#106)
* upgrade dom4j due to cves
---
.../1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom | 4 ++--
.../metadata/storage/Maven2RepositoryMetadataResolverTest.java | 6 +++---
.../1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom | 4 ++--
.../target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom | 4 ++--
.../apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom | 4 ++--
.../resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom | 4 ++--
.../resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom | 4 ++--
.../org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom | 4 ++--
pom.xml | 1 +
9 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom b/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
index efa42d3f0..b45a5f3a5 100644
--- a/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
+++ b/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
@@ -34,9 +34,9 @@
<artifactId>archiva-common</artifactId>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>jaxen</groupId>
diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java
index 6f5f72c1d..ea46c624a 100644
--- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java
+++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java
@@ -225,7 +225,7 @@ public class Maven2RepositoryMetadataResolverTest
assertDependency( dependencies.get( 3 ), "org.codehaus.plexus", "plexus-component-api", "1.0-alpha-22" );
assertDependency( dependencies.get( 4 ), "org.codehaus.plexus", "plexus-spring", "1.2", "test" );
assertDependency( dependencies.get( 5 ), "xalan", "xalan", "2.7.0" );
- assertDependency( dependencies.get( 6 ), "dom4j", "dom4j", "1.6.1", "test" );
+ assertDependency( dependencies.get( 6 ), "org.dom4j", "dom4j", "${dom4j.version}", "test" );
assertDependency( dependencies.get( 7 ), "junit", "junit", "3.8.1", "test" );
assertDependency( dependencies.get( 8 ), "easymock", "easymock", "1.2_Java1.3", "test" );
assertDependency( dependencies.get( 9 ), "easymock", "easymockclassextension", "1.2", "test" );
@@ -682,8 +682,8 @@ public class Maven2RepositoryMetadataResolverTest
assertArtifact( artifacts.get( 0 ), "plexus-spring-1.2-sources.jar", 0, EMPTY_SHA1, EMPTY_MD5 );
assertArtifact( artifacts.get( 1 ), "plexus-spring-1.2.jar", 0, EMPTY_SHA1, EMPTY_MD5 );
- assertArtifact( artifacts.get( 2 ), "plexus-spring-1.2.pom", 7407, "96b14cf880e384b2d15e8193c57b65c5420ca4c5",
- "f83aa25f016212a551a4b2249985effc" );
+ assertArtifact( artifacts.get( 2 ), "plexus-spring-1.2.pom", 7422, "28e86d3e2723e4894587e4b758231f76febce942",
+ "9f663d8e7adf6adff4133653b59d1e28" );
}
@Test
diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
index efa42d3f0..b45a5f3a5 100644
--- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
+++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom
@@ -34,9 +34,9 @@
<artifactId>archiva-common</artifactId>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>jaxen</groupId>
diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
index cccf51781..0bf4b0f6c 100755
--- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
+++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
@@ -501,9 +501,9 @@
<version>10.1.3.1</version>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom
index bddde3bb7..360cc46f9 100644
--- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom
+++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom
@@ -61,9 +61,9 @@
<version>2.7.0</version>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
index cccf51781..0bf4b0f6c 100644
--- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
+++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom
@@ -501,9 +501,9 @@
<version>10.1.3.1</version>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom
index cccf51781..0bf4b0f6c 100644
--- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom
+++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom
@@ -501,9 +501,9 @@
<version>10.1.3.1</version>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom
index 1b13027c1..cc7397558 100644
--- a/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom
+++ b/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom
@@ -57,9 +57,9 @@
<version>1.0-alpha-22</version>
</dependency>
<dependency>
- <groupId>dom4j</groupId>
+ <groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
- <version>1.6.1</version>
+ <version>${dom4j.version}</version>
</dependency>
<dependency>
<groupId>com.opensymphony</groupId>
diff --git a/pom.xml b/pom.xml
index 969fca2c8..df374b37c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
<jsoup.version>1.14.2</jsoup.version>
<rome.version>1.16.0</rome.version>
<cronutils.version>9.1.6</cronutils.version>
+ <dom4j.version>2.1.3</dom4j.version>
<!-- JCR modules -->
<javax.jcr.version>2.0</javax.jcr.version>