You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by gk...@apache.org on 2021/03/29 10:25:08 UTC

svn commit: r1888167 - /turbine/core/trunk/pom.xml

Author: gk
Date: Mon Mar 29 10:25:08 2021
New Revision: 1888167

URL: http://svn.apache.org/viewvc?rev=1888167&view=rev
Log:
- fix velocity-engine to v2.3 due to CVE-2020-13936 
- update junit to 4.13.2
- updte to parent 8-SNAPSHOT

Modified:
    turbine/core/trunk/pom.xml

Modified: turbine/core/trunk/pom.xml
URL: http://svn.apache.org/viewvc/turbine/core/trunk/pom.xml?rev=1888167&r1=1888166&r2=1888167&view=diff
==============================================================================
--- turbine/core/trunk/pom.xml (original)
+++ turbine/core/trunk/pom.xml Mon Mar 29 10:25:08 2021
@@ -22,7 +22,7 @@
   <parent>
     <groupId>org.apache.turbine</groupId>
     <artifactId>turbine-parent</artifactId>
-    <version>7</version>
+    <version>8-SNAPSHOT</version>
   </parent>
   <artifactId>turbine</artifactId>
   <name>Apache Turbine</name>
@@ -968,6 +968,10 @@
             <groupId>avalon-logkit</groupId>
             <artifactId>avalon-logkit</artifactId>
         </exclusion>
+         <exclusion><!-- already provided -->
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-1.2-api</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <!-- use default dbcp2 from torque-runtime -->
@@ -1063,19 +1067,17 @@
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-web</artifactId>
       <version>${turbine.log4j2.version}</version>
-      <optional>true</optional>
     </dependency>
     <!-- optional log4j1.2 bridge instead of log4j -->
     <dependency>
-        <groupId>org.apache.logging.log4j</groupId>
-        <artifactId>log4j-1.2-api</artifactId>
-        <version>${turbine.log4j2.version}</version>
-        <optional>true</optional>
+       <groupId>org.apache.logging.log4j</groupId>
+       <artifactId>log4j-1.2-api</artifactId>
+       <version>${turbine.log4j2.version}</version>
     </dependency>
     <dependency>
       <groupId>org.apache.velocity</groupId>
       <artifactId>velocity-engine-core</artifactId>
-      <version>2.1</version>
+      <version>2.3</version>
     </dependency>
     <!-- with the url mapper we need xml support -->
  	<dependency>
@@ -1119,7 +1121,7 @@
      <dependency>
         <groupId>junit</groupId>
         <artifactId>junit</artifactId>
-        <version>4.13.1</version>
+        <version>4.13.2</version>
         <scope>test</scope>
       </dependency>
   </dependencies>
@@ -1296,7 +1298,6 @@
     <fulcrum.parser>2.0.1</fulcrum.parser>
     <fulcrum.security>2.0.0</fulcrum.security>
     <torque.version>5.0</torque.version>
-    <junit.platform>1.7.0</junit.platform>
     <doclint>none</doclint>
     <docker.testcontainers.version>1.15.1</docker.testcontainers.version>
     <jacoco.skip>true</jacoco.skip>