You are viewing a plain text version of this content. The canonical link for it is here.
Posted to torque-dev@db.apache.org by gk...@apache.org on 2024/03/28 12:59:14 UTC
svn commit: r1916599 - in /db/torque/trunk: pom.xml suppression-owasp-fp.xml torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java torque-maven-plugin/pom.xml torque-site/pom.xml
Author: gk
Date: Thu Mar 28 12:59:14 2024
New Revision: 1916599
URL: http://svn.apache.org/viewvc?rev=1916599&view=rev
Log:
- Update dependencies. Minor updates for Commons-configuration2 to 2.10.1, commons-dbcp2 to 2.12.0, commons-lang3 to 3.14.0, commons-io to 2.15.1, mockito to 5.11.0.
- Plugins pmd to 3.21.2, jxr to 3.3.2, spotbugs-mavdn-plugin to 4.8.3.1,spotbugs to 4.8.3, checkstyle to 3.3.1, compiler to 3.11.0, rat to 0.16.1
- set minimal maven version to 3.9.0
- suppress CVE-2022-41852/ and add preliminary fix in SourcePath
- Site build fix (in root: mvn site post-site -rf :torque-site still throws xml error with workaround remove sections): Update torque-maven-plugin
Modified:
db/torque/trunk/pom.xml
db/torque/trunk/suppression-owasp-fp.xml
db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java
db/torque/trunk/torque-maven-plugin/pom.xml
db/torque/trunk/torque-site/pom.xml
Modified: db/torque/trunk/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff
==============================================================================
--- db/torque/trunk/pom.xml (original)
+++ db/torque/trunk/pom.xml Thu Mar 28 12:59:14 2024
@@ -342,7 +342,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
- <version>2.9.0</version>
+ <version>2.10.1</version>
</dependency>
<dependency>
@@ -360,7 +360,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
- <version>2.10.0</version>
+ <version>2.12.0</version>
</dependency>
<dependency>
@@ -372,20 +372,20 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.13.0</version>
+ <version>3.14.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.11.0</version>
+ <version>2.15.1</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<!-- 5 requires java 11 -->
- <version>5.5.0</version>
+ <version>5.11.0</version>
<scope>test</scope>
</dependency>
@@ -506,7 +506,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<!-- with error https://issues.apache.org/jira/browse/MPMD-325 and workaround -->
- <version>3.21.0</version>
+ <version>3.21.2</version>
<configuration>
<linkXRef>true</linkXRef>
<targetJdk>${maven.compiler.target}</targetJdk>
@@ -522,18 +522,18 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
- <version>3.3.0</version>
+ <version>3.3.2</version>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
- <version>4.7.3.6</version>
+ <version>4.8.3.1</version>
<dependencies>
<!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
- <version>4.7.3</version>
+ <version>4.8.3</version>
</dependency>
</dependencies>
<configuration>
@@ -553,7 +553,7 @@
<configuration>
<rules>
<requireMavenVersion>
- <version>3.3.9</version>
+ <version>3.9.0</version>
</requireMavenVersion>
</rules>
</configuration>
@@ -563,19 +563,19 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
- <version>3.3.0</version>
+ <version>3.3.1</version>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
- <version>10.12.4</version>
+ <version>10.14.4</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
- <version>1.0.2</version>
+ <version>1.1.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -595,7 +595,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.8.1</version>
+ <version>3.11.0</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
@@ -608,7 +608,7 @@
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.5.0</version>
+ <version>3.6.3</version>
<configuration>
<doclint>none</doclint>
<source>${maven.compiler.source}</source>
@@ -805,7 +805,7 @@
<plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
- <version>0.13</version>
+ <version>0.16.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
Modified: db/torque/trunk/suppression-owasp-fp.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/suppression-owasp-fp.xml?rev=1916599&r1=1916598&r2=1916599&view=diff
==============================================================================
--- db/torque/trunk/suppression-owasp-fp.xml (original)
+++ db/torque/trunk/suppression-owasp-fp.xml Thu Mar 28 12:59:14 2024
@@ -20,6 +20,13 @@
<!-- general cft. https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
+ <notes><![CDATA[
+ file name: commons-jxpath-1.3.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl>
+ <cpe>cpe:/a:apache:commons_jxpath</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[
file name: jython-standalone-2.7.1.jar (shaded: org.apache.commons:commons-compress:1.14)
]]></notes>
Modified: db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java?rev=1916599&r1=1916598&r2=1916599&view=diff
==============================================================================
--- db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java (original)
+++ db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java Thu Mar 28 12:59:14 2024
@@ -366,6 +366,9 @@ public final class SourcePath
e);
}
+ // https://github.com/apache/commons-jxpath/pull/26 set to empty lib
+ // // getValue will throw org.apache.commons.jxpath.JXPathFunctionNotFoundException
+ context.setFunctions(new org.apache.commons.jxpath.FunctionLibrary());
Object pathValue = context.getValue(".");
if (pathValue != base)
{
Modified: db/torque/trunk/torque-maven-plugin/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-maven-plugin/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff
==============================================================================
--- db/torque/trunk/torque-maven-plugin/pom.xml (original)
+++ db/torque/trunk/torque-maven-plugin/pom.xml Thu Mar 28 12:59:14 2024
@@ -47,6 +47,7 @@
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
<version>${maven.api.version}</version>
+ <scope>provided</scope>
<!-- guava throws an owasp warning and is used in indexer-core to run maven, but not to build this plugin -->
<exclusions>
<exclusion>
@@ -58,15 +59,9 @@
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
- <version>3.9.0</version>
+ <version>3.11.0</version>
<!-- annotations are not used at runtime because @Retention(value=CLASS), they are needed only to build the plugin -->
- <optional>true</optional>
- <exclusions>
- <exclusion>
- <groupId>*</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
+ <scope>provided</scope>
</dependency>
<!--
java 11 has org.xml packages, removed xerces xercesImpl
@@ -121,21 +116,26 @@
</suppressionFiles>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-plugin-plugin</artifactId>
+ <version>3.11.0</version>
+ </plugin>
</plugins>
</build>
<reporting>
<plugins>
- <plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-plugin-plugin</artifactId>
- <version>3.9.0</version>
+ <artifactId>maven-plugin-report-plugin</artifactId>
+ <version>3.11.0</version>
</plugin>
</plugins>
</reporting>
<properties>
- <maven.api.version>3.9.5</maven.api.version>
+ <maven.api.version>3.9.6</maven.api.version>
</properties>
</project>
Modified: db/torque/trunk/torque-site/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-site/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff
==============================================================================
--- db/torque/trunk/torque-site/pom.xml (original)
+++ db/torque/trunk/torque-site/pom.xml Thu Mar 28 12:59:14 2024
@@ -35,6 +35,7 @@
<properties>
<project.reporting.outputDirectory>${project.build.directory}/site</project.reporting.outputDirectory>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<scm>
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-dev-unsubscribe@db.apache.org
For additional commands, e-mail: torque-dev-help@db.apache.org