You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/04/13 03:46:00 UTC
[jira] [Commented] (WW-5067) Update multiple Struts 2.5.x libraries
/ Maven build plugin versions
[ https://issues.apache.org/jira/browse/WW-5067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082025#comment-17082025 ]
ASF GitHub Bot commented on WW-5067:
------------------------------------
JCgH4164838Gh792C124B5 commented on pull request #401: Proposed WW-5067 change
URL: https://github.com/apache/struts/pull/401
Proposed WW-5067 change
------
Proposed list of library version updates:
---
- cdi-api 1.0-SP4 -> 1.2
- weld-core 1.0.1-SP4 -> 2.2.16.SP1
- weld-se 1.0.1-Final -> weld-se-core 2.2.16.SP1
- slf4j-api 1.7.28 -> 1.7.30
- slf4j-simple 1.7.28 -> 1.7.30
- jackson 2.10.0 -> 2.10.3
- ognl 3.1.26 -> 3.1.28
- asm 7.1 -> 7.3.1
- spring 4.3.25.RELEASE -> 4.3.26.RELEASE
- freemarker 2.3.28 -> 2.3.30
- org.apache.felix.main 4.6.1 -> 6.0.3
---
Proposed list of Maven plugin version updates:
---
- doxia-core 1.8 -> 1.9.1
- doxia-module-markdown 1.7 -> 1.9.1
- maven-project-info-reports-plugin 2.7 -> 3.0.0
- updateimpact-maven-plugin 1.0.10 -> 1.0.12
- maven-surefire-plugin 2.22.1 -> 3.0.0-M4
- maven-war-plugin 2.1 -> 3.2.3
- maven-dependency-plugin 2.10 -> 3.1.2
- dependency-check-maven 3.3.4 -> 5.3.2
Note: Unable to upgrade maven-bundle-plugin past 2.1.0 as it introduced
OOM during JDK7 builds with default heap settings.
---
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Update multiple Struts 2.5.x libraries / Maven build plugin versions
> --------------------------------------------------------------------
>
> Key: WW-5067
> URL: https://issues.apache.org/jira/browse/WW-5067
> Project: Struts 2
> Issue Type: Dependency
> Components: Build Management, Other
> Affects Versions: 2.5.22
> Environment: All
> Reporter: James Chaplin
> Priority: Minor
> Labels: build
> Fix For: 2.5.23
>
>
> Hello Apache Struts Team.
> This Jira is to track proposed introduction of newer (believed to be compatible) library versions for the Struts 2.5.x line, as well as newer (believed to be compatible) Maven build plugin versions for the build. Modifications to some pom.xml build files will be all that is required.
> As no code changes are involved, the risk should be pretty low and end-users could manually back-level any problematic jars if issues arise. If any Maven build plugin version change presents an issue it can be easily reverted in the PR.
> The proposed list of library version updates is:
> ------
> * cdi-api 1.0-SP4 -> 1.2
> * weld-core 1.0.1-SP4 -> 2.2.16.SP1
> * weld-se 1.0.1-Final -> weld-se-core 2.2.16.SP1
> * slf4j-api 1.7.28 -> 1.7.30
> * slf4j-simple 1.7.28 -> 1.7.30
> * jackson 2.10.0 -> 2.10.3
> * ognl 3.1.26 -> 3.1.28
> * asm 7.1 -> 7.3.1
> * spring 4.3.25.RELEASE -> 4.3.26.RELEASE
> * freemarker 2.3.28 -> 2.3.30
> * org.apache.felix.main 4.6.1 -> 6.0.3
> ------
> The proposed list of Maven plugin version updates is:
> ------
> * doxia-core 1.8 -> 1.9.1
> * doxia-module-markdown 1.7 -> 1.9.1
> * maven-project-info-reports-plugin 2.7 -> 3.0.0
> * updateimpact-maven-plugin 1.0.10 -> 1.0.12
> * maven-surefire-plugin 2.22.1 -> 3.0.0-M4
> * maven-war-plugin 2.1 -> 3.2.3
> * maven-dependency-plugin 2.10 -> 3.1.2
> * dependency-check-maven 3.3.4 -> 5.3.2
> Note: Unable to upgrade maven-bundle-plugin past 2.1.0 as it introduced OOM during JDK7 builds with default heap settings.
> ------
> A PR for this proposal should be available shortly for review.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)