You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Michael Brohl (JIRA)" <ji...@apache.org> on 2017/09/03 09:49:02 UTC

[jira] [Created] (OFBIZ-9674) Update build.gradle to the latest dependencies

Michael Brohl created OFBIZ-9674:
------------------------------------

             Summary: Update build.gradle to the latest dependencies
                 Key: OFBIZ-9674
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9674
             Project: OFBiz
          Issue Type: Improvement
          Components: ALL COMPONENTS
    Affects Versions: Trunk
            Reporter: Michael Brohl
            Assignee: Michael Brohl
            Priority: Minor


I wondered how up-to-date our project dependencies are and searched for an efficient way how to check this. I found the gradle-versions-plugin [1] which analyzes the dependencies and checks if there are newer versions available.

I ran the check with 
{code:java}
./gradlew dependencyUpdates -Drevision=release
{code}

and got the following result:

------------------------------------------------------------
: Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest release version:
 - net.sf.barcode4j:barcode4j:2.1
 - net.sf.barcode4j:barcode4j-fop-ext:2.1
 - org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
 - org.apache.commons:commons-collections4:4.1
 - com.googlecode.ez-vcard:ez-vcard:0.9.10
 - org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
 - org.apache.geronimo.components:geronimo-transaction:3.1.4
 - at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
 - com.github.ben-manes:gradle-versions-plugin:0.15.0
 - org.hamcrest:hamcrest-all:1.3
 - net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
 - javax.el:javax.el-api:3.0.1-b04
 - de.odysseus.juel:juel-impl:2.2.7
 - de.odysseus.juel:juel-spi:2.2.7
 - junit:junit:4.12
 - oro:oro:2.0.8
 - apache-xerces:xercesImpl:2.9.1

The following dependencies exceed the version found at the release revision level:
 - com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer [20160628.1 <- 1.1]

The following dependencies have later release versions:
 - org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
 - org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
 - org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
 - org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
 - org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
 - commons-cli:commons-cli [1.3.1 -> 1.4]
 - org.apache.commons:commons-csv [1.1 -> 1.5]
 - org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
 - commons-net:commons-net [3.3 -> 3.6]
 - commons-validator:commons-validator [1.5.1 -> 1.6]
 - com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 -> 1.4.2]
 - com.google.zxing:core [3.2.1 -> 3.3.0]
 - org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
 - org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
 - org.apache.xmlgraphics:fop [2.1 -> 2.2]
 - org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
 - org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
 - org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
 - com.ibm.icu:icu4j [57.1 -> 59.1]
 - com.lowagie:itext [2.1.7 -> 4.2.2]
 - org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
 - com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
 - javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
 - javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
 - junit:junit-dep [4.10 -> 4.11]
 - com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
 - org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
 - org.mockito:mockito-core [1.10.19 -> 2.9.0]
 - org.apache.poi:poi [3.14 -> 3.17-beta1]
 - org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
 - org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
 - org.apache.tika:tika-core [1.12 -> 1.16]
 - org.apache.tika:tika-parsers [1.12 -> 1.16]
 - org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
 - org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
 - org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
 - org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
 - wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
 - org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
 - org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
 - com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]

Failed to determine the latest version for the following dependencies (use --info for details):
 - com.sun.syndication:com.springsource.com.sun.syndication
 - org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec

Generated report file build/dependencyUpdates/report.txt
===

If there are no objections, I would try to update the dependencies to the latest release versions, which means I would skip the milestone versions for e.g. Tomcat here.

We can run this check from time to time to see if we have missed updates to the dependencies.

What do you think? Is this reasonable?

Thanks,
Michael

[1] https://github.com/ben-manes/gradle-versions-plugin



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)