You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by cs...@apache.org on 2022/11/13 14:20:55 UTC
[maven-resolver] branch master updated: [MRESOLVER-293] Update dependencies (#220)
This is an automated email from the ASF dual-hosted git repository.
cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-resolver.git
The following commit(s) were added to refs/heads/master by this push:
new 37266662 [MRESOLVER-293] Update dependencies (#220)
37266662 is described below
commit 37266662dddc346f7b164bd90a972723beb35d71
Author: Tamas Cservenak <ta...@cservenak.net>
AuthorDate: Sun Nov 13 15:20:50 2022 +0100
[MRESOLVER-293] Update dependencies (#220)
Update dependencies, mostly to align with Maven.
Updates:
* Guice to 5.1.0 (align with Maven 3.9,0)
* Hazelcast 5.1.1 -> 5.1.4 (bugfixes)
* Redisson 3.17.5 -> 3.17.7 (bugfixes)
* plexus-utils multiple -> 3.5.0 (runtime dependency)
* http transport used HttpClient commons-codec 1.11 -> 1.15 (to get rid of CVEs)
* wagon transport Wagon API 3.5.1 -> 3.5.2
* test dependency Jetty 9.4.46 -> 9.4.49 (to get rid of CVEs, but not affecting us, as this is test dependency)
* test dependency Mockito core 3.7.7 -> 4.8.1
Make sure plexus-utils, guava are NEVER in compile scope,
as resolver should not use classes from these
(exception is Wagon Transport).
---
https://issues.apache.org/jira/browse/MRESOLVER-293
---
maven-resolver-connector-basic/pom.xml | 1 -
.../maven-resolver-demo-snippets/pom.xml | 22 +++--------------
maven-resolver-impl/pom.xml | 5 ++--
maven-resolver-named-locks-hazelcast/pom.xml | 2 +-
maven-resolver-named-locks-redisson/pom.xml | 2 +-
.../src/site/markdown/index.md.vm | 6 ++---
maven-resolver-transport-classpath/pom.xml | 1 -
maven-resolver-transport-file/pom.xml | 1 -
maven-resolver-transport-http/pom.xml | 14 +++++++++--
maven-resolver-transport-wagon/pom.xml | 4 +---
pom.xml | 28 ++++++++++++----------
11 files changed, 38 insertions(+), 48 deletions(-)
diff --git a/maven-resolver-connector-basic/pom.xml b/maven-resolver-connector-basic/pom.xml
index ac188080..b0feaee6 100644
--- a/maven-resolver-connector-basic/pom.xml
+++ b/maven-resolver-connector-basic/pom.xml
@@ -71,7 +71,6 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/maven-resolver-demos/maven-resolver-demo-snippets/pom.xml b/maven-resolver-demos/maven-resolver-demo-snippets/pom.xml
index cef31381..de348c80 100644
--- a/maven-resolver-demos/maven-resolver-demo-snippets/pom.xml
+++ b/maven-resolver-demos/maven-resolver-demo-snippets/pom.xml
@@ -40,21 +40,6 @@
<Automatic-Module-Name>org.apache.maven.resolver.demo.snippets</Automatic-Module-Name>
</properties>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-utils</artifactId>
- <version>3.3.0</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4jVersion}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
-
<dependencies>
<dependency>
<groupId>org.apache.maven.resolver</groupId>
@@ -105,19 +90,18 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <scope>provided</scope>
+ <scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>failureaccess</artifactId>
- <scope>provided</scope>
+ <scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
@@ -127,7 +111,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <scope>compile</scope>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/maven-resolver-impl/pom.xml b/maven-resolver-impl/pom.xml
index 949cd497..e6ba068c 100644
--- a/maven-resolver-impl/pom.xml
+++ b/maven-resolver-impl/pom.xml
@@ -77,20 +77,19 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <scope>provided</scope>
+ <scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>failureaccess</artifactId>
- <scope>provided</scope>
+ <scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
diff --git a/maven-resolver-named-locks-hazelcast/pom.xml b/maven-resolver-named-locks-hazelcast/pom.xml
index 95cf614b..7b5b9860 100644
--- a/maven-resolver-named-locks-hazelcast/pom.xml
+++ b/maven-resolver-named-locks-hazelcast/pom.xml
@@ -52,7 +52,7 @@
<dependency>
<groupId>com.hazelcast</groupId>
<artifactId>hazelcast</artifactId>
- <version>5.1.1</version>
+ <version>5.1.4</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
diff --git a/maven-resolver-named-locks-redisson/pom.xml b/maven-resolver-named-locks-redisson/pom.xml
index 41d589a3..2b3ede26 100644
--- a/maven-resolver-named-locks-redisson/pom.xml
+++ b/maven-resolver-named-locks-redisson/pom.xml
@@ -39,7 +39,7 @@
<Automatic-Module-Name>org.apache.maven.resolver.named.redisson</Automatic-Module-Name>
<Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
<!-- Used in site also -->
- <redissonVersion>3.17.5</redissonVersion>
+ <redissonVersion>3.17.7</redissonVersion>
</properties>
<dependencies>
diff --git a/maven-resolver-named-locks-redisson/src/site/markdown/index.md.vm b/maven-resolver-named-locks-redisson/src/site/markdown/index.md.vm
index 2cb6accb..af1d37e6 100644
--- a/maven-resolver-named-locks-redisson/src/site/markdown/index.md.vm
+++ b/maven-resolver-named-locks-redisson/src/site/markdown/index.md.vm
@@ -46,10 +46,10 @@ To use this implementation within your project, depending on how you integrate,
${esc.hash}${esc.hash} Installation/Testing
-#set( $jacksonVersion = "2.13.3" )
+#set( $jacksonVersion = "2.13.4" )
#set( $jbossMarshallingVersion = "2.0.11.Final" )
-#set( $nettyVersion = "4.1.79.Final" )
-#set( $snakeyamlVersion = "1.30" )
+#set( $nettyVersion = "4.1.82.Final" )
+#set( $snakeyamlVersion = "1.31" )
- Create the directory `${maven.home}/lib/ext/redisson/`.
- Modify `${maven.home}/bin/m2.conf` by adding `load ${maven.home}/lib/ext/redisson/*.jar`
diff --git a/maven-resolver-transport-classpath/pom.xml b/maven-resolver-transport-classpath/pom.xml
index f8eab1bb..57c54456 100644
--- a/maven-resolver-transport-classpath/pom.xml
+++ b/maven-resolver-transport-classpath/pom.xml
@@ -62,7 +62,6 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/maven-resolver-transport-file/pom.xml b/maven-resolver-transport-file/pom.xml
index 9e23bcac..f8963051 100644
--- a/maven-resolver-transport-file/pom.xml
+++ b/maven-resolver-transport-file/pom.xml
@@ -58,7 +58,6 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/maven-resolver-transport-http/pom.xml b/maven-resolver-transport-http/pom.xml
index 94549146..b258d372 100644
--- a/maven-resolver-transport-http/pom.xml
+++ b/maven-resolver-transport-http/pom.xml
@@ -38,9 +38,20 @@
<properties>
<Automatic-Module-Name>org.apache.maven.resolver.transport.http</Automatic-Module-Name>
<Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
- <jettyVersion>9.4.46.v20220331</jettyVersion>
+ <jettyVersion>9.4.49.v20220914</jettyVersion>
</properties>
+ <dependencyManagement>
+ <dependencies>
+ <!-- HttpClient pulls in 1.11 that has CVE. Is not used directly in code -->
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.15</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<dependencies>
<dependency>
<groupId>org.apache.maven.resolver</groupId>
@@ -86,7 +97,6 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/maven-resolver-transport-wagon/pom.xml b/maven-resolver-transport-wagon/pom.xml
index aafb7eaf..0e1ece2f 100644
--- a/maven-resolver-transport-wagon/pom.xml
+++ b/maven-resolver-transport-wagon/pom.xml
@@ -56,7 +56,7 @@
<dependency>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-provider-api</artifactId>
- <version>3.5.1</version>
+ <version>3.5.2</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
@@ -73,7 +73,6 @@
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
- <version>3.4.1</version>
<optional>true</optional>
</dependency>
<dependency>
@@ -84,7 +83,6 @@
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <classifier>no_aop</classifier>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index 6db94dbb..205de8c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,7 +75,7 @@
<maven.site.path>resolver-archives/resolver-LATEST</maven.site.path>
<checkstyle.violation.ignore>None</checkstyle.violation.ignore>
<sisuVersion>0.3.5</sisuVersion>
- <guiceVersion>4.2.3</guiceVersion>
+ <guiceVersion>5.1.0</guiceVersion>
<guavaVersion>30.1-jre</guavaVersion>
<guavafailureaccessVersion>1.0.1</guavafailureaccessVersion>
<slf4jVersion>1.7.36</slf4jVersion>
@@ -160,12 +160,6 @@
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.13.2</version>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
@@ -178,13 +172,25 @@
<version>2.2</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.13.2</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
- <version>3.7.7</version>
+ <version>4.8.1</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>3.5.0</version>
+ </dependency>
+
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
@@ -212,12 +218,7 @@
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>${guiceVersion}</version>
- <classifier>no_aop</classifier>
<exclusions>
- <exclusion>
- <groupId>aopalliance</groupId>
- <artifactId>aopalliance</artifactId>
- </exclusion>
<exclusion>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
@@ -234,6 +235,7 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guavaVersion}</version>
+ <scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>com.google.code.findbugs</groupId>