gitgabrio commented on code in PR #6633: URL: https://github.com/apache/incubator-kie-drools/pull/6633#discussion_r3084640865
########## kie-parent/pom.xml: ########## @@ -0,0 +1,3281 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.kie</groupId> + <artifactId>drools-parent</artifactId> + <version>999-SNAPSHOT</version> + </parent> + <artifactId>kie-parent</artifactId> + <packaging>pom</packaging> + <name>Kie :: Parent</name> + <properties> + <!-- Used to define which poms are allowed to have dependencyManagement sections. This is to enforce the convention that only the root pom should have dependencyManagement, and all other poms should inherit from it. --> + <allowedPomsList>org.kie:kie-parent</allowedPomsList> + <!-- CHECKSTYLE --> + <checkstyle.failOnViolation>false</checkstyle.failOnViolation> + <checkstyle.header.extensions>java</checkstyle.header.extensions> + <checkstyle.header.template>.*</checkstyle.header.template> + <checkstyle.logViolationsToConsole>true</checkstyle.logViolationsToConsole> + <checkstyle.logViolationsToConsole>false</checkstyle.logViolationsToConsole> + <drools.exclude.checkstyle/> + <!-- ENFORCER --> + <!-- set to "none" to disable the ban-duplicated-classes rule --> + <enforcer.ban-duplicated-classes.phase>none</enforcer.ban-duplicated-classes.phase> + <enforcer.failOnBannedDependencies>true</enforcer.failOnBannedDependencies> + <enforcer.failOnDuplicatedClasses>true</enforcer.failOnDuplicatedClasses> + <!-- set to "none" to disable the no-managed-deps rule --> + <enforcer.no-managed-deps.phase>initialize</enforcer.no-managed-deps.phase> + <illegaltransitivereportonly>false</illegaltransitivereportonly> + <!-- JaCoCo --> + <!-- JaCoCo coverage data file location --> + <jacoco.exec.file>${project.root.dir}/target/jacoco.exec</jacoco.exec.file> + <!-- Jacoco plugin configurations --> + <jacoco.haltOnFailure>false</jacoco.haltOnFailure> + <jacoco.line.coveredratio.minimum>0.9</jacoco.line.coveredratio.minimum> + <!-- This property needs to be defined in all modules that use the packaging 'jar' or 'bundle'. It is + being used by different plugins to make sure the module/bundle names are consistent. --> + <java.module.name/> + <latestReleasedVersionFromThisBranch>notYetReleased</latestReleasedVersionFromThisBranch> + <maven.build.timestamp.format>yyyyMMddHHmm</maven.build.timestamp.format> + <maven.compiler.source>17</maven.compiler.source> + <maven.compiler.target>17</maven.compiler.target> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <!--suppress UnresolvedMavenProperty --> + <project.root.dir>${maven.multiModuleProjectDirectory}</project.root.dir> + <!-- Set to "true" on every project that has no violations. --> + <spotbugs.failOnViolation>false</spotbugs.failOnViolation> + <surefire.forkCount>1</surefire.forkCount> + + <!-- + CONVENTIONS: + - A version property must be specified in the format "version.{groupId}", optionally with a suffix to make it unique. + - Version properties must be sorted alphabetically (other form of sorting were found to be unclear and ambiguous). + --> + <version.angus.mail>2.0.5</version.angus.mail> + <version.antlr>2.7.7</version.antlr> + <version.apache.commons.commons-compress>1.28.0</version.apache.commons.commons-compress> + <version.archunit.junit5>1.4.0</version.archunit.junit5> + <!-- plugin used to enforce architectural constraints --> + <version.archunit.maven.plugin>4.0.2</version.archunit.maven.plugin> + <version.artifact.transfer>0.9.1</version.artifact.transfer> + <version.at.yawk.lz4.java>1.10.1</version.at.yawk.lz4.java> + <version.black.ninia>4.2.0</version.black.ninia> + <version.build.helper.maven.plugin>3.4.0</version.build.helper.maven.plugin> + <version.ch.obermuhlner>2.0.1</version.ch.obermuhlner> + <version.ch.qos.logback>1.5.25</version.ch.qos.logback> + <version.com.fasterxml.jackson>2.19.2</version.com.fasterxml.jackson> + <version.com.fasterxml.jackson.annotations>2.19.2</version.com.fasterxml.jackson.annotations> + <version.com.fasterxml.jackson.databind>2.19.2</version.com.fasterxml.jackson.databind> + <version.com.fasterxml.jackson.datatype>2.19.2</version.com.fasterxml.jackson.datatype> + <version.com.github.eirslett>1.15.1</version.com.github.eirslett> + <version.com.github.haifengl.smile>1.5.2</version.com.github.haifengl.smile> + <version.com.github.javaparser>3.27.0</version.com.github.javaparser> + <!-- replaces findbugs-maven-plugin --> + <version.com.github.spotbugs-maven-plugin>4.9.8.3</version.com.github.spotbugs-maven-plugin> + <version.com.github.stephenc.jcip>1.0-1</version.com.github.stephenc.jcip> + <version.com.github.victools>4.37.0</version.com.github.victools> + <version.com.google.collections>1.0</version.com.google.collections> + <version.com.google.gson>2.13.2</version.com.google.gson> + <version.com.google.guava>33.4.8-jre</version.com.google.guava> + <version.com.google.protobuf>3.25.5</version.com.google.protobuf> + <!-- graphql-java upgraded from 22.0 to 24.3 for java-dataloader 3.4.0+ compatibility + required by Spring Boot 3.5.x (DataLoaderOptions.newDefaultOptions()). + extended-scalars version must match graphql-java major version. --> + <version.com.graphql-java>24.3</version.com.graphql-java> + <version.com.graphql-java-extended-scalars>24.0</version.com.graphql-java-extended-scalars> + <version.com.h2>2.3.232</version.com.h2> + <version.com.h2database>2.3.232</version.com.h2database> + <version.com.jayway.jsonpath>2.9.0</version.com.jayway.jsonpath> + <!-- victools should align with Jackson if possible --> + <version.com.miglayout>3.7.4</version.com.miglayout> + <version.com.networknt>1.0.86</version.com.networknt> + <version.com.networknt.json-schema-validator>1.0.86</version.com.networknt.json-schema-validator> + <version.com.ongres.scram>3.2</version.com.ongres.scram> + <version.com.squareup.okhttp3>4.12.0</version.com.squareup.okhttp3> + <version.com.sun.activation>2.0.2</version.com.sun.activation> + <version.com.sun.xml.bind>4.0.5</version.com.sun.xml.bind> + <version.com.sun.xml.bind.core>4.0.5</version.com.sun.xml.bind.core> + <version.com.thoughtworks.xstream>1.4.21</version.com.thoughtworks.xstream> + <version.common-text>1.14.0</version.common-text> + <version.common.compress>1.28.0</version.common.compress> + <version.common.exec>1.3</version.common.exec> + <version.commons-codec>1.19.0</version.commons-codec> + <version.commons-collections>3.2.2</version.commons-collections> + <version.commons-io>2.20.0</version.commons-io> + <version.commons-logging>1.1.1</version.commons-logging> + <version.compiler.plugin>3.13.0</version.compiler.plugin> + <version.dependency-plugin>3.6.1</version.dependency-plugin> + <version.domino-slf4j-logger>1.0.1</version.domino-slf4j-logger> + <!-- download-maven-plugin used to download arbitrary files at compile time --> + <version.download-maven-plugin>2.0.0</version.download-maven-plugin> + <version.graalvm>22.0.0.2</version.graalvm> + <version.gradle>8.11.1</version.gradle> + <version.guru.nidi>0.18.0</version.guru.nidi> + <version.info.picocli>4.7.7</version.info.picocli> + <version.io.cloudevents>3.0.0</version.io.cloudevents> + <version.io.fabric8>7.3.1</version.io.fabric8> + <version.io.fabric8.kubernetes-client>7.3.1</version.io.fabric8.kubernetes-client> + <version.io.grpc>1.76.0</version.io.grpc> + <version.io.micrometer>1.14.12</version.io.micrometer> + <version.io.netty>4.1.132.Final</version.io.netty> + <version.io.opentelemetry>1.0.0-alpha</version.io.opentelemetry> + <version.io.rest-assured>5.5.6</version.io.rest-assured> + <version.io.serverlessworkflow>4.1.0.Final</version.io.serverlessworkflow> + <version.io.smallrye-config>3.13.4</version.io.smallrye-config> + <version.io.smallrye-health>4.2.0</version.io.smallrye-health> + <version.io.smallrye-open-api>4.0.12</version.io.smallrye-open-api> + <version.io.smallrye.config.core>3.13.4</version.io.smallrye.config.core> + <version.io.smallrye.jandex>3.4.0</version.io.smallrye.jandex> + <version.io.smallrye.mutiny>2.9.5</version.io.smallrye.mutiny> + <version.io.smallrye.openapi.core>4.0.12</version.io.smallrye.openapi.core> + <version.io.smallrye.reactive.messaging.in.memory>4.28.0</version.io.smallrye.reactive.messaging.in.memory> + <version.io.smallrye.reactive.mutiny-vertx-web-client>3.21.3</version.io.smallrye.reactive.mutiny-vertx-web-client> + <!-- Mutiny Zero Flow Adapters --> + <version.io.smallrye.reactive.mutiny-zero>1.1.1</version.io.smallrye.reactive.mutiny-zero> + <version.io.swagger.core.v3>2.2.38</version.io.swagger.core.v3> + <version.io.swagger.parser.v3>2.1.34</version.io.swagger.parser.v3> + <version.io.vertx>4.5.24</version.io.vertx> + <version.it.unimi.dsi.fastutil>8.5.11</version.it.unimi.dsi.fastutil> + <version.jacoco.plugin>0.8.11</version.jacoco.plugin> + <version.jakarta.activation>2.0.3</version.jakarta.activation> + <version.jakarta.activation-api>2.1.4</version.jakarta.activation-api> + <version.jakarta.annotation-api>3.0.0</version.jakarta.annotation-api> + <version.jakarta.enterprise.cdi-api>4.1.0</version.jakarta.enterprise.cdi-api> + <version.jakarta.inject-api>2.0.1</version.jakarta.inject-api> + <version.jakarta.json>1.1.7</version.jakarta.json> + <version.jakarta.json-api>2.1.3</version.jakarta.json-api> + <version.jakarta.json.bind-api>3.0.1</version.jakarta.json.bind-api> + <version.jakarta.persistence-api>3.2.0</version.jakarta.persistence-api> + <version.jakarta.transaction-api>2.0.1</version.jakarta.transaction-api> + <version.jakarta.validation-api>3.1.1</version.jakarta.validation-api> + <version.jakarta.ws.rs>3.1.0</version.jakarta.ws.rs> + <version.jakarta.xml.bind-api>4.0.4</version.jakarta.xml.bind-api> + <version.javax.inject>2.0.1</version.javax.inject> + <!-- JDepend plugin --> + <version.jdepend.maven.plugin>2.0</version.jdepend.maven.plugin> + <!-- DROOLS-7140 Drools 8 enforce JDK and Maven versions as a rule --> + <version.jdk>${maven.compiler.release}</version.jdk> + <version.junit>4.13.2</version.junit> + <version.maven>${version.org.apache.maven}</version.maven> + <version.maven>3.9.11</version.maven> + <!-- These are added as part of the migration from JBoss to Apache parent pom.xml. They may be extracted to a KIE parent bom. --> + <version.maven-checkstyle>3.3.0</version.maven-checkstyle> + <version.maven-javadoc-plugin.override>3.6.2</version.maven-javadoc-plugin.override> + <version.maven.invoker>3.2.0</version.maven.invoker> + <version.maven.min>3.8.1</version.maven.min> + <version.maven.plugin>3.15.1</version.maven.plugin> + <version.maven.project>2.2.1</version.maven.project> + <version.maven.resolver.api>1.7.3</version.maven.resolver.api> + <version.nashorn>15.3</version.nashorn> + <version.net.byte-buddy>1.17.6</version.net.byte-buddy> + <version.net.java.dev.glazedlists>1.8.0</version.net.java.dev.glazedlists> + <version.net.minidev.jsonsmart>2.4.10</version.net.minidev.jsonsmart> + <version.net.sf.saxon.Saxon-HE>12.7</version.net.sf.saxon.Saxon-HE> + <version.net.thisptr.jackson-jq>1.0.0-preview.20240207</version.net.thisptr.jackson-jq> + <version.org.antlr>3.5.2</version.org.antlr> + <version.org.antlr.ST4>4.0.7</version.org.antlr.ST4> + <!-- External dependency versions bom --> + <!-- ################################################################################ --> + <!-- New and overwritten dependencies --> + <!-- ################################################################################ --> + <version.org.antlr4>4.13.2</version.org.antlr4> + <version.org.apache.ant>1.10.11</version.org.apache.ant> + <version.org.apache.avro>1.12.1</version.org.apache.avro> + <version.org.apache.commons>3.18.0</version.org.apache.commons> + <version.org.apache.commons.csv>1.10.0</version.org.apache.commons.csv> + <version.org.apache.commons.lang3>3.18.0</version.org.apache.commons.lang3> + <version.org.apache.commons.math3>3.6.1</version.org.apache.commons.math3> + <version.org.apache.groovy>4.0.29</version.org.apache.groovy> + <version.org.apache.httpcomponents.httpcore>4.4.16</version.org.apache.httpcomponents.httpcore> + <version.org.apache.kafka>4.0.0</version.org.apache.kafka> + <version.org.apache.maven>3.9.11</version.org.apache.maven> + <version.org.apache.maven.resolver>1.7.3</version.org.apache.maven.resolver> + <version.org.apache.maven.wagon>3.5.3</version.org.apache.maven.wagon> + <version.org.apache.openjpa>4.0.0</version.org.apache.openjpa> + <version.org.apache.opennlp>2.3.2</version.org.apache.opennlp> + <version.org.apache.pdfbox>2.0.28</version.org.apache.pdfbox> + <version.org.apache.poi>5.4.1</version.org.apache.poi> + <version.org.apache.tomcat>6.0.53</version.org.apache.tomcat> + <version.org.apache.tomcat.tomcat-dbcp>10.1.48</version.org.apache.tomcat.tomcat-dbcp> + <!-- therefore the property is rewritten in that repository parent --> + <version.org.asciidoctor.asciidoctorj>2.2.0</version.org.asciidoctor.asciidoctorj> + <version.org.asciidoctor.asciidoctorj-pdf>1.5.0</version.org.asciidoctor.asciidoctorj-pdf> + <version.org.assertj>3.27.7</version.org.assertj> + <version.org.awaitility>4.3.0</version.org.awaitility> + <version.org.bouncycastle.bc.jdk18on>1.82</version.org.bouncycastle.bc.jdk18on> + <version.org.eclipse.jdt>3.44.0</version.org.eclipse.jdt> + <version.org.eclipse.jetty.jakarta.servlet.api>5.0.2</version.org.eclipse.jetty.jakarta.servlet.api> + <version.org.eclipse.microprofile.config>3.1</version.org.eclipse.microprofile.config> + <version.org.eclipse.microprofile.openapi>4.0.2</version.org.eclipse.microprofile.openapi> + <version.org.eclipse.yasson>3.0.4</version.org.eclipse.yasson> + <version.org.flywaydb>11.14.1</version.org.flywaydb> + <version.org.freemarker>2.3.34</version.org.freemarker> + <version.org.glassfish.jaxb>4.0.6</version.org.glassfish.jaxb> + <version.org.graalvm.nativeimage>23.1.2</version.org.graalvm.nativeimage> + <!--This needs to be in sync with JUnit--> + <version.org.hamcrest>2.2</version.org.hamcrest> + <version.org.hibernate>7.1.14.Final</version.org.hibernate> + <version.org.hsqldb>2.7.1</version.org.hsqldb> + <version.org.infinispan>15.0.21.Final</version.org.infinispan> + <version.org.infinispan.protostream>5.0.13.Final</version.org.infinispan.protostream> + <version.org.javassist>3.26.0-GA</version.org.javassist> + <version.org.jboss.arquillian.selenium>3.13.0</version.org.jboss.arquillian.selenium> + <version.org.jboss.logging>3.6.1.Final</version.org.jboss.logging> + <version.org.jboss.logmanager>3.2.1.Final</version.org.jboss.logmanager> + <version.org.jboss.logmanager.embedded>1.2.0.Final</version.org.jboss.logmanager.embedded> + <version.org.jboss.narayana.tomcat>7.2.2.Final</version.org.jboss.narayana.tomcat> + <version.org.jboss.resteasy>6.2.12.Final</version.org.jboss.resteasy> + <version.org.jboss.transaction.spi>8.0.0.Final</version.org.jboss.transaction.spi> + <version.org.jboss.weld.weld>3.1.6.Final</version.org.jboss.weld.weld> + <version.org.jpmml.model>1.6.4</version.org.jpmml.model> + <version.org.jredisearch>2.2.0</version.org.jredisearch> + <version.org.json>20231013</version.org.json> + <version.org.json-unit-assertj>2.9.0</version.org.json-unit-assertj> + <version.org.junit.jupiter>5.13.4</version.org.junit.jupiter> + <version.org.junit.platform>1.13.4</version.org.junit.platform> + <version.org.keycloak>26.1.0</version.org.keycloak> + <version.org.mapstruct>1.5.5.Final</version.org.mapstruct> + <version.org.mockito>5.18.0</version.org.mockito> + <version.org.mongo>5.3.1</version.org.mongo> + <version.org.mozilla.rhino>1.8.1</version.org.mozilla.rhino> + <!-- Keep synchronized with junit-jupiter (middle and minor should be the same) --> + <version.org.mvel>2.5.2.Final</version.org.mvel> + <!-- Version of JMH --> + <version.org.openjdk.jmh>1.21</version.org.openjdk.jmh> + <version.org.postgresql>42.7.8</version.org.postgresql> + <version.org.powermock>2.0.9</version.org.powermock> + <version.org.reactivestreams>1.0.4</version.org.reactivestreams> + <version.org.reflections>0.10.2</version.org.reflections> + <version.org.rocksdb>7.10.2</version.org.rocksdb> + <version.org.skyscreamer>1.5.1</version.org.skyscreamer> + <version.org.slf4j>2.0.17</version.org.slf4j> + <version.org.spockframework>2.2-groovy-4.0</version.org.spockframework> + <version.org.springdoc>2.8.13</version.org.springdoc> + <version.org.testcontainers>2.0.3</version.org.testcontainers> + <version.org.testcontainers.junit-jupiter>1.21.4</version.org.testcontainers.junit-jupiter> + <version.org.testcontainers.postgresql>1.21.4</version.org.testcontainers.postgresql> + <version.org.w3c.dom>2.3.0-jaxb-1.0.6</version.org.w3c.dom> + <version.org.webjars.bootstrap>5.1.3</version.org.webjars.bootstrap> + <version.org.webjars.jquery>3.6.0</version.org.webjars.jquery> + <version.org.wiremock>3.13.0</version.org.wiremock> + <version.org.wiremock.webhooks>3.0.4</version.org.wiremock.webhooks> + <version.org.xmlunit>2.10.4</version.org.xmlunit> + <version.org.xmlunit-core>2.10.4</version.org.xmlunit-core> + <version.plexus>2.2.0</version.plexus> + <version.plexus.classworld>2.9.0</version.plexus.classworld> + <version.plexus.container>2.1.1</version.plexus.container> + <version.plugin.annotations>3.15.1</version.plugin.annotations> + <!-- Add for kie-maven-plugin --> + <version.plugin.plugin>3.10.2</version.plugin.plugin> + <!-- TODO: This version comes from kogito-runtimes : double check--> + <version.plugin.testing.harness>4.0.0-alpha-2</version.plugin.testing.harness> + <version.property-maven-plugin>1.2.1</version.property-maven-plugin> + <!-- OpenRewrite plugin --> + <version.rewrite.maven.plugin>4.42.0</version.rewrite.maven.plugin> + <version.rewrite.testing.frameworks>1.22.0</version.rewrite.testing.frameworks> + <version.shade.plugin>3.3.0</version.shade.plugin> + <version.shared.utils>3.4.2</version.shared.utils> + <!-- simple-jndi is a small library that helps us avoid JNDI error messages during testing --> + <version.simple-jndi>0.11.4.1</version.simple-jndi> + <version.sisu.inject>1.4.2</version.sisu.inject> + <version.tomcat.embed.core>10.1.54</version.tomcat.embed.core> + <version.xerces>2.12.0.SP04</version.xerces> + </properties> + <dependencyManagement> + <dependencies> + <!--Both antlr:antlr and org.antlr:antlr-runtime is needed. They are completely different.--> + <dependency> + <groupId>antlr</groupId> + <artifactId>antlr</artifactId> + <version>${version.antlr}</version> + </dependency> + <dependency> + <groupId>at.yawk.lz4</groupId> + <artifactId>lz4-java</artifactId> + <version>${version.at.yawk.lz4.java}</version> + </dependency> + <dependency> + <groupId>black.ninia</groupId> + <artifactId>jep</artifactId> + <version>${version.black.ninia}</version> + </dependency> + <!-- used by DMN for BigDecimal arithmetics --> + <dependency> + <groupId>ch.obermuhlner</groupId> + <artifactId>big-math</artifactId> + <version>${version.ch.obermuhlner}</version> + </dependency> + <!-- kie server controller over websockets --> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${version.ch.qos.logback}</version> + </dependency> + <!-- Version overrides to fix vulnerabilities - end --> Review Comment: 👍 Fixed. I've (re)ordered dependencies in alphabetical order for sake of readability/maintainability, but TBH those comments about reason/scope of the version does not make much sense, because lot/most of them have been upgraded (or will be) over time also due to CVE fixes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
