OFBiz OFBiz - Commits

[ofbiz-framework] branch trunk updated: Improved: Update build.gradle to the latest dependencies (OFBIZ-11903)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch trunk updated: Improved: Update build.gradle to the latest dependencies (OFBIZ-11903)

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ee0014e  Improved: Update build.gradle to the latest dependencies (OFBIZ-11903)
ee0014e is described below

commit ee0014e98cc1830d5dc6ec928c85e98ac7873b2d
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Tue Jul 21 10:41:57 2020 +0200

    Improved: Update build.gradle to the latest dependencies (OFBIZ-11903)
   
    See
    https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
    for libs not upgraded.
---
 build.gradle | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/build.gradle b/build.gradle
index 852019c..7b97118 100644
--- a/build.gradle
+++ b/build.gradle
@@ -33,7 +33,7 @@ plugins {
     id 'org.asciidoctor.convert' version '2.4.0' // About org.asciidoctor.jvm.convert as it says itself: "If you need a production-ready version of the AsciidoctorJ plugin for Gradle use a 1.5.x release of 'org.asciidoctor.convert' instead"
     id 'org.owasp.dependencycheck' version '5.3.2.1' apply false
     id 'se.patrikerdes.use-latest-versions' version '0.2.13' apply false
-    id 'com.github.ben-manes.versions' version '0.28.0' apply false
+    id 'com.github.ben-manes.versions' version '0.29.0' apply false
     id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
     id "com.github.jakemarsden.git-hooks" version "0.0.2"
 }
@@ -154,36 +154,36 @@ configurations {
 }
 
 dependencies {
-    implementation 'xerces:xercesImpl:2.11.0'
+    implementation 'xerces:xercesImpl:2.12.0'
     implementation 'com.google.zxing:core:3.4.0'
     implementation 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
     implementation 'com.googlecode.ez-vcard:ez-vcard:0.9.10'
     implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:1.1'
-    implementation 'com.googlecode.libphonenumber:libphonenumber:8.12.1'
-    implementation 'com.ibm.icu:icu4j:66.1'
+    implementation 'com.googlecode.libphonenumber:libphonenumber:8.12.6'
+    implementation 'com.ibm.icu:icu4j:67.1'
     implementation 'com.lowagie:itext:2.1.7' // Don't update due to license change in newer versions, see OFBIZ-10455
     implementation 'com.sun.mail:javax.mail:1.6.2'
     implementation 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
-    implementation 'com.thoughtworks.xstream:xstream:1.4.11.1'
+    implementation 'com.thoughtworks.xstream:xstream:1.4.12'
     implementation 'commons-fileupload:commons-fileupload:1.4'
     implementation 'commons-net:commons-net:3.6'
     implementation 'commons-validator:commons-validator:1.6'
     implementation 'de.odysseus.juel:juel-impl:2.2.7'
     implementation 'net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11'
-    implementation 'org.apache.ant:ant-junit:1.10.7'
+    implementation 'org.apache.ant:ant-junit:1.10.8'
     implementation 'org.apache.commons:commons-collections4:4.4'
     implementation 'org.apache.commons:commons-dbcp2:2.7.0'
     implementation 'org.apache.commons:commons-text:1.8'
     implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
     implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
     implementation 'org.apache.httpcomponents:httpclient-cache:4.5.12'
-    implementation 'org.apache.logging.log4j:log4j-api:2.13.1' // the API of log4j 2
+    implementation 'org.apache.logging.log4j:log4j-api:2.13.3' // the API of log4j 2
     implementation 'org.apache.poi:poi:4.1.2'
     implementation 'org.apache.shiro:shiro-core:1.4.1' // So far we did not update from 1.4.1 because of a compile issue. You may try w/ a newer version than  1.5.2
     implementation 'org.apache.sshd:sshd-core:1.7.0' // So far we did not update from 1.7.0 because of a compile issue. You may try w/ a newer version than  2.4.0
-    implementation 'org.apache.tika:tika-parsers:1.24'
-    implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.36' // Remember to change the version number in javadoc block
-    implementation 'org.apache.tomcat:tomcat-jasper:9.0.36'
+    implementation 'org.apache.tika:tika-parsers:1.24.1'
+    implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.37' // Remember to change the version number in javadoc block
+    implementation 'org.apache.tomcat:tomcat-jasper:9.0.37'
     implementation 'org.apache.axis2:axis2-kernel:1.7.9'
     implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: in 2.4 dependencies are messed up. See https://github.com/moqui/moqui-fop/blob/master/build.gradle
     implementation 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
@@ -191,15 +191,15 @@ dependencies {
     implementation 'org.codehaus.groovy:groovy-all:2.5.11' // Compile issue with commons-cli and Groovy 3. Remember to change the version number in javadoc block.
     implementation 'org.freemarker:freemarker:2.3.30' // Remember to change the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if >= 2.4
     implementation 'org.owasp.esapi:esapi:2.2.0.0'
-    implementation 'org.springframework:spring-test:5.2.5.RELEASE'
+    implementation 'org.springframework:spring-test:5.2.7.RELEASE'
     implementation 'org.zapodot:jackson-databind-java-optional:2.6.1'
     implementation 'oro:oro:2.0.8'
     implementation 'wsdl4j:wsdl4j:1.6.3'
-    implementation 'com.auth0:java-jwt:3.10.2'
+    implementation 'com.auth0:java-jwt:3.10.3'
     testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to not depend on hamcrest-1.3
-    testImplementation 'org.mockito:mockito-core:3.3.3'
+    testImplementation 'org.mockito:mockito-core:3.4.4'
     testImplementation 'org.jmockit:jmockit:1.49'
-    testImplementation 'com.pholser:junit-quickcheck-generators:0.9.1'
+    testImplementation 'com.pholser:junit-quickcheck-generators:0.9.2'
     runtimeOnly 'javax.xml.soap:javax.xml.soap-api:1.4.0'
     runtimeOnly 'de.odysseus.juel:juel-spi:2.2.7'
     runtimeOnly 'net.sf.barcode4j:barcode4j-fop-ext:2.1'
@@ -208,10 +208,10 @@ dependencies {
     runtimeOnly 'org.apache.axis2:axis2-transport-local:1.7.9'
     runtimeOnly 'org.apache.derby:derby:10.14.2.0'  // So far we did not update from 10.14.2.0 because of a compile issue. You may try w/ a newer version than 10.15.1.3
     runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
-    runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.13.1' // for external jars using the old log4j1.2: routes logging to log4j 2
-    runtimeOnly 'org.apache.logging.log4j:log4j-core:2.13.1' // the implementation of the log4j 2 API
-    runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.13.1' // for external jars using the java.util.logging: routes logging to log4j 2
-    runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.13.1' // for external jars using slf4j: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.13.3' // for external jars using the old log4j1.2: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-core:2.13.3' // the implementation of the log4j 2 API
+    runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.13.3' // for external jars using the java.util.logging: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.13.3' // for external jars using slf4j: routes logging to log4j 2
     runtimeOnly 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'
 
     // Dependencies defined by the plugins

Free forum by Nabble Edit this page