This is an automated email from the ASF dual-hosted git repository.
desruisseaux pushed a commit to branch geoapi-4.0
in repository https://gitbox.apache.org/repos/asf/sis.git
commit 8f637cfe82bb8ad661eb443bda1e0b1213a07061
Author: Martin Desruisseaux <martin.desruisse...@geomatys.com>
AuthorDate: Fri Jul 26 11:30:24 2024 +0200
Upgrade dependencies (JAXB, JUnit, databases).
---
buildSrc/build.gradle.kts | 4 ++--
netbeans-project/ivy.xml | 16 ++++++++--------
settings.gradle.kts | 20 +++++++++++---------
3 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts
index 630909921b..eb6808a8dd 100644
--- a/buildSrc/build.gradle.kts
+++ b/buildSrc/build.gradle.kts
@@ -35,8 +35,8 @@ repositories {
}
dependencies {
implementation (group = "org.apache.commons", name = "commons-compress",
version = "1.23.0")
- testCompileOnly(group = "org.junit.jupiter", name = "junit-jupiter-api",
version = "5.10.2")
- testRuntimeOnly(group = "org.junit.jupiter", name =
"junit-jupiter-engine", version = "5.10.2")
+ testCompileOnly(group = "org.junit.jupiter", name = "junit-jupiter-api",
version = "5.10.3")
+ testRuntimeOnly(group = "org.junit.jupiter", name =
"junit-jupiter-engine", version = "5.10.3")
}
/*
diff --git a/netbeans-project/ivy.xml b/netbeans-project/ivy.xml
index 0e796640c4..82171f9227 100644
--- a/netbeans-project/ivy.xml
+++ b/netbeans-project/ivy.xml
@@ -12,28 +12,28 @@
<info organisation="org.apache" module="sis"/>
<dependencies defaultconf="default">
<dependency org="javax.measure" name="unit-api"
rev="2.1.3"/>
- <dependency org="org.glassfish.jaxb" name="jaxb-runtime"
rev="4.0.4"/>
+ <dependency org="org.glassfish.jaxb" name="jaxb-runtime"
rev="4.0.5"/>
<dependency org="org.eclipse" name="yasson"
rev="3.0.3"/>
<dependency org="com.esri.geometry" name="esri-geometry-api"
rev="2.2.4"/>
<dependency org="org.locationtech.jts" name="jts-core"
rev="1.19.0"/>
- <dependency org="org.postgresql" name="postgresql"
rev="42.6.0"/>
+ <dependency org="org.postgresql" name="postgresql"
rev="42.7.3"/>
<dependency org="edu.ucar" name="cdm-core"
rev="5.5.3"/>
<dependency org="edu.ucar" name="udunits"
rev="5.5.3"/>
<dependency org="org.jdom" name="jdom2"
rev="2.0.6"/>
<dependency org="joda-time" name="joda-time"
rev="2.10.3"/>
<dependency org="com.google.guava" name="guava"
rev="30.1-jre"/>
- <dependency org="org.libreoffice" name="libreoffice"
rev="7.6.1"/>
- <dependency org="software.amazon.awssdk" name="s3"
rev="2.20.155"/>
+ <dependency org="org.libreoffice" name="libreoffice"
rev="7.6.7"/>
+ <dependency org="software.amazon.awssdk" name="s3"
rev="2.26.24"/>
<dependency org="org.antlr" name="antlr4-maven-plugin"
rev="4.11.1"/>
<dependency org="jakarta.servlet" name="jakarta.servlet-api"
rev="6.0.0"/>
<dependency org="org.osgi" name="osgi.core"
rev="8.0.0"/>
- <dependency org="org.junit.platform"
name="junit-platform-launcher" rev="1.10.2"/>
- <dependency org="org.junit.jupiter" name="junit-jupiter-api"
rev="5.10.2"/>
+ <dependency org="org.junit.platform"
name="junit-platform-launcher" rev="1.10.3"/>
+ <dependency org="org.junit.jupiter" name="junit-jupiter-api"
rev="5.10.3"/>
<dependency org="org.apache.derby" name="derby"
rev="10.15.2.0"/>
<dependency org="org.apache.derby" name="derbytools"
rev="10.15.2.0"/>
<dependency org="org.apache.derby" name="derbyshared"
rev="10.15.2.0"/>
- <dependency org="org.hsqldb" name="hsqldb"
rev="2.7.2"/>
- <dependency org="com.h2database" name="h2"
rev="2.2.224"/>
+ <dependency org="org.hsqldb" name="hsqldb"
rev="2.7.3"/>
+ <dependency org="com.h2database" name="h2"
rev="2.3.230"/>
<dependency org="gov.nist.math" name="jama"
rev="1.0.3"/>
<dependency org="net.sf.geographiclib" name="GeographicLib-Java"
rev="2.0"/>
</dependencies>
diff --git a/settings.gradle.kts b/settings.gradle.kts
index d86d91b196..794ea37440 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -61,19 +61,19 @@ dependencyResolutionManagement {
create("libs") {
library("geoapi", "org.opengis",
"geoapi-pending") .version {strictly(geoapiVersion)}
library("units", "javax.measure", "unit-api")
.version {strictly("[2.1, 3.0["); prefer("2.1.3")}
- library("jaxb.api", "jakarta.xml.bind",
"jakarta.xml.bind-api").version {strictly("[4.0, 5.0["); prefer("4.0.1")}
- library("jaxb.impl", "org.glassfish.jaxb", "jaxb-runtime")
.version {strictly("[4.0, 5.0["); prefer("4.0.4")}
+ library("jaxb.api", "jakarta.xml.bind",
"jakarta.xml.bind-api").version {strictly("[4.0, 5.0["); prefer("4.0.2")}
+ library("jaxb.impl", "org.glassfish.jaxb", "jaxb-runtime")
.version {strictly("[4.0, 5.0["); prefer("4.0.5")}
library("yasson", "org.eclipse", "yasson")
.version {strictly("[3.0, 4.0["); prefer("3.0.3")}
library("jts.core", "org.locationtech.jts", "jts-core")
.version {strictly("[1.15, 2.0["); prefer("1.19.0")}
library("esri.geometry", "com.esri.geometry",
"esri-geometry-api") .version {strictly("[2.0, 3.0["); prefer("2.2.4")}
- library("libreoffice", "org.libreoffice", "libreoffice")
.version {strictly("[7.0, 8.0["); prefer("7.6.1")}
+ library("libreoffice", "org.libreoffice", "libreoffice")
.version {strictly("[7.0, 8.0["); prefer("7.6.7")}
library("ucar", "edu.ucar", "cdm-core")
.version {strictly("[5.0, 6.0["); prefer("5.5.3")}
- library("aws.s3", "software.amazon.awssdk", "s3")
.version {strictly("[2.0, 3.0["); prefer("2.20.155")}
+ library("aws.s3", "software.amazon.awssdk", "s3")
.version {strictly("[2.0, 3.0["); prefer("2.26.24")}
}
create("tests") {
library("geoapi", "org.opengis",
"geoapi-conformance") .version {strictly(geoapiVersion)}
- library("junit5", "org.junit.jupiter",
"junit-jupiter-api") .version {strictly("5.10.2")}
- library("jupiter", "org.junit.jupiter",
"junit-jupiter-engine") .version {strictly("5.10.2")}
+ library("junit5", "org.junit.jupiter",
"junit-jupiter-api") .version {strictly("5.10.3")}
+ library("jupiter", "org.junit.jupiter",
"junit-jupiter-engine") .version {strictly("5.10.3")}
library("jama", "gov.nist.math", "jama")
.version {strictly("1.0.3")}
library("geographiclib", "net.sf.geographiclib",
"GeographicLib-Java") .version {strictly("2.0")}
library("slf4j", "org.slf4j",
"slf4j-jdk14").version {
@@ -85,11 +85,13 @@ dependencyResolutionManagement {
strictly("[10.0, 11.0[")
prefer("10.15.2.0") // 10.15 is the last series
compatible with JDK 11.
}
+ // Derby vulnerabiliy:
https://nvd.nist.gov/vuln/detail/CVE-2022-46337
+ // Fix would require an upgrade to Java 21.
library("derby.core", "org.apache.derby", "derby")
.versionRef("derby")
library("derby.tools", "org.apache.derby", "derbytools")
.versionRef("derby")
- library("postgres", "org.postgresql", "postgresql")
.version {prefer("42.6.0")}
- library("hsql", "org.hsqldb", "hsqldb")
.version {strictly("[2.0, 3.0["); prefer("2.7.2")}
- library("h2", "com.h2database", "h2")
.version {strictly("[2.0, 3.0["); prefer("2.2.224")}
+ library("postgres", "org.postgresql", "postgresql")
.version {prefer("42.7.3")}
+ library("hsql", "org.hsqldb", "hsqldb")
.version {strictly("[2.0, 3.0["); prefer("2.7.3")}
+ library("h2", "com.h2database", "h2")
.version {strictly("[2.0, 3.0["); prefer("2.3.230")}
}
}
}
