You are viewing a plain text version of this content. The canonical link for it is here.
Posted to torque-dev@db.apache.org by gk...@apache.org on 2023/10/10 09:20:43 UTC
svn commit: r1912855 - in /db/torque/trunk: pom.xml suppression-owasp-fp.xml torque-ant-tasks/pom.xml torque-generator/pom.xml torque-generator/src/changes/changes.xml torque-maven-plugin/pom.xml torque-runtime/src/changes/changes.xml
Author: gk
Date: Tue Oct 10 09:20:42 2023
New Revision: 1912855
URL: http://svn.apache.org/viewvc?rev=1912855&view=rev
Log:
- Updating build dependencies after owasp test failure.
- update in torque generator org.eclipse.jgit from 5.13.0.202109080827-r to 6.6.1.202309021850-r
- suppress CVE-2022-40160 CVE-2022-40159 found be invalid and CVE-2022-41852 as rejected for commons-jx-path.
- updating changes.xml in torque-generator and torque-runtime
Modified:
db/torque/trunk/pom.xml
db/torque/trunk/suppression-owasp-fp.xml
db/torque/trunk/torque-ant-tasks/pom.xml
db/torque/trunk/torque-generator/pom.xml
db/torque/trunk/torque-generator/src/changes/changes.xml
db/torque/trunk/torque-maven-plugin/pom.xml
db/torque/trunk/torque-runtime/src/changes/changes.xml
Modified: db/torque/trunk/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/pom.xml (original)
+++ db/torque/trunk/pom.xml Tue Oct 10 09:20:42 2023
@@ -360,7 +360,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
- <version>2.9.0</version>
+ <version>2.10.0</version>
</dependency>
<dependency>
@@ -372,7 +372,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.12.0</version>
+ <version>3.13.0</version>
</dependency>
<dependency>
@@ -384,7 +384,8 @@
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
- <version>4.2.0</version>
+ <!-- 5 requires java 11 -->
+ <version>5.5.0</version>
<scope>test</scope>
</dependency>
@@ -469,7 +470,7 @@
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit-core</artifactId>
- <version>2.8.4</version>
+ <version>2.9.1</version>
<scope>test</scope>
</dependency>
@@ -505,7 +506,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<!-- with error https://issues.apache.org/jira/browse/MPMD-325 and workaround -->
- <version>3.15.0</version>
+ <version>3.21.0</version>
<configuration>
<linkXRef>true</linkXRef>
<targetJdk>${maven.compiler.target}</targetJdk>
@@ -514,19 +515,19 @@
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
- <version>9.2</version>
+ <version>9.6</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
- <version>3.1.1</version>
+ <version>3.3.0</version>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
- <version>4.7.2.1</version>
+ <version>4.7.3.6</version>
<dependencies>
<!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
<dependency>
@@ -542,7 +543,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.4.1</version>
<executions>
<execution>
<id>enforce-maven</id>
@@ -562,12 +563,12 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
- <version>3.1.2</version>
+ <version>3.3.0</version>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
- <version>8.45.1</version>
+ <version>10.12.4</version>
</dependency>
</dependencies>
</plugin>
@@ -579,17 +580,17 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
- <version>3.0.0</version>
+ <version>3.1.2</version>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>8.2.1</version>
+ <version>8.4.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
- <version>3.10.0</version>
+ <version>3.12.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -870,15 +871,15 @@
<maven.compiler.target>11</maven.compiler.target>
<dependency.check.skip>true</dependency.check.skip>
- <junit.jupiter.version>5.8.2</junit.jupiter.version>
- <junit.launcher.version>1.8.2</junit.launcher.version>
+ <junit.jupiter.version>5.10.0</junit.jupiter.version>
+ <junit.launcher.version>1.10.0</junit.launcher.version>
<log4j2.version>2.20.0</log4j2.version>
<torque.compiler.fork>false</torque.compiler.fork>
<torque.compiler.compilerVersion>11</torque.compiler.compilerVersion>
<!--suppress UnresolvedMavenProperty -->
<torque.compiler.javac>${JAVA_HOME}/bin/javac</torque.compiler.javac>
- <!-- derby 10.15 requires java 11, 10.16 requries java 12 -->
+ <!-- derby 10.15 requires java 9 (11), 10.16.1.1 requires java 17 -->
<derby.version>10.15.2.0</derby.version>
<project.build.outputTimestamp>1</project.build.outputTimestamp>
Modified: db/torque/trunk/suppression-owasp-fp.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/suppression-owasp-fp.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/suppression-owasp-fp.xml (original)
+++ db/torque/trunk/suppression-owasp-fp.xml Tue Oct 10 09:20:42 2023
@@ -40,4 +40,25 @@
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<cve>CVE-2020-8908</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: commons-jxpath-1.3.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl>
+ <cve>CVE-2022-40159</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: commons-jxpath-1.3.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl>
+ <cve>CVE-2022-40160</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: commons-jxpath-1.3.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl>
+ <vulnerabilityName>CVE-2022-41852</vulnerabilityName>
+ </suppress>
</suppressions>
\ No newline at end of file
Modified: db/torque/trunk/torque-ant-tasks/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-ant-tasks/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/torque-ant-tasks/pom.xml (original)
+++ db/torque/trunk/torque-ant-tasks/pom.xml Tue Oct 10 09:20:42 2023
@@ -62,11 +62,6 @@
<artifactId>commons-io</artifactId>
<scope>test</scope>
</dependency>
- <!--dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- <version>3.9</version>
- </dependency-->
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
Modified: db/torque/trunk/torque-generator/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/torque-generator/pom.xml (original)
+++ db/torque/trunk/torque-generator/pom.xml Tue Oct 10 09:20:42 2023
@@ -42,7 +42,7 @@
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
- <version>5.13.0.202109080827-r</version>
+ <version>6.7.0.202309050840-r</version>
</dependency>
<dependency>
@@ -162,14 +162,8 @@
</exclusions>
</dependency>
<!--
- java 11 has org.xml packages, which conflicts without expicit settings: removed xerces
- -->
- <!--dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.12.1</version>
- </dependency-->
-
+ java 11 has org.xml packages, which conflicts without expicit settings: removed xerces xercesImpl
+ -->
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit-core</artifactId>
Modified: db/torque/trunk/torque-generator/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/src/changes/changes.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/torque-generator/src/changes/changes.xml (original)
+++ db/torque/trunk/torque-generator/src/changes/changes.xml Tue Oct 10 09:20:42 2023
@@ -21,8 +21,15 @@
<properties>
<title>Changes</title>
</properties>
- <body>
- <release version="5.1-SNAPSHOT" date="in SVN">
+ <body> <release version="5.2-SNAPSHOT" date="in SVN">
+ <action type="update" dev="gk">
+ dependencies: eclipse-jgit 6.7.0.202309050840-r
+ </action>
+ <action type="fix" dev="gk" issue="TORQUE-361">
+ Class loader issue fix, Thanks for the report to Max Philipp Wriedt.
+ </action>
+ </release>
+ <release version="5.1" date="2022-01-05">
<action type="update" dev="gk">
dependencies: eclipse-jgit 5.13.0.202109080827, velocity 2.3, groovy-all 3.0.7, xerces 2.12.1, xmlunit-core 2.8.3
</action>
Modified: db/torque/trunk/torque-maven-plugin/pom.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-maven-plugin/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/torque-maven-plugin/pom.xml (original)
+++ db/torque/trunk/torque-maven-plugin/pom.xml Tue Oct 10 09:20:42 2023
@@ -58,7 +58,7 @@
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
- <version>3.6.2</version>
+ <version>3.9.0</version>
<!-- annotations are not used at runtime because @Retention(value=CLASS), they are needed only to build the plugin -->
<optional>true</optional>
<exclusions>
@@ -69,13 +69,8 @@
</exclusions>
</dependency>
<!--
- java 11 has org.xml packages, removed xerces
+ java 11 has org.xml packages, removed xerces xercesImpl
-->
- <!--dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.12.1</version>
- </dependency-->
<dependency>
<groupId>commons-io</groupId>
@@ -134,13 +129,13 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-plugin-plugin</artifactId>
- <version>3.6.2</version>
+ <version>3.9.0</version>
</plugin>
</plugins>
</reporting>
<properties>
- <maven.api.version>3.8.4</maven.api.version>
+ <maven.api.version>3.9.5</maven.api.version>
</properties>
</project>
Modified: db/torque/trunk/torque-runtime/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-runtime/src/changes/changes.xml?rev=1912855&r1=1912854&r2=1912855&view=diff
==============================================================================
--- db/torque/trunk/torque-runtime/src/changes/changes.xml (original)
+++ db/torque/trunk/torque-runtime/src/changes/changes.xml Tue Oct 10 09:20:42 2023
@@ -21,8 +21,15 @@
<properties>
<title>Changes</title>
</properties>
- <body>
- <release version="5.1-SNAPSHOT" date="in SVN">
+ <body> <release version="5.2-SNAPSHOT" date="in SVN">
+ <action type="add" dev="gk">
+ Support for Mariadb driver (default to mysql behaviour)
+ </action>
+ <action type="fix" dev="gk" issue="TORQUE-363">
+ Criterion "is Null" fix, Thanks for the report to Max Philipp Wriedt.
+ </action>
+ </release>
+ <release version="5.1" date="2022-01-05">
<action type="change" dev="painter">Adding AvgHelper which works similarly to the CountHelper util for providing extra criteria to the Avg function
</action>
</release>
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-dev-unsubscribe@db.apache.org
For additional commands, e-mail: torque-dev-help@db.apache.org