I have addressed that for Graphiti and provided an updated version 0.19.1 for 2022-12 M3.
- Michael Von: cross-project-issues-dev <cross-project-issues-dev-boun...@eclipse.org> Im Auftrag von Pierre-Charles David Gesendet: Freitag, 4. November 2022 09:38 An: cross-project-issues-dev@eclipse.org Betreff: Re: [cross-project-issues-dev] Fwd: [eclipse-platform/eclipse.platform.releng.aggregator] New Dependency Chain rcp -> batik -> xmlgraphics -> commons.logging (Issue #651) Le 29/10/2022 à 10:33, Ed Merks a écrit : FYI, The platform and Orbit have moved to Batik version 1.16.0 to fix some CVEs so please (Graphiti, GMF, Papyrus, and Sirius) update to this new version for M3. I'm working on it for GMF Runtime and Sirius, but noticed that there has been some recent security-related fixes post-1.16.0 (see https://github.com/apache/xmlgraphics-batik/commits/trunk<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fxmlgraphics-batik%2Fcommits%2Ftrunk&data=05%7C01%7Cmichael.wenz%40sap.com%7Ce41c45a45b2e48bfdedd08dabe3fec6f%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C638031480071788392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PHSpE4SGaDf4tYDfwBSOj%2B8Bglmxj8LYb8ok9c2yZSQ%3D&reserved=0>). We should probably expect a Batik 1.17 in the near future. -------- Forwarded Message -------- Subject: [eclipse-platform/eclipse.platform.releng.aggregator] New Dependency Chain rcp -> batik -> xmlgraphics -> commons.logging (Issue #651) Date: Fri, 28 Oct 2022 23:45:11 -0700 From: Christian Dietrich <notificati...@github.com><mailto:notificati...@github.com> Reply-To: eclipse-platform/eclipse.platform.releng.aggregator <reply+aabs6tbezpfwmqh47gvkhs6bnh7hpevbnhhfkh3...@reply.github.com><mailto:reply+aabs6tbezpfwmqh47gvkhs6bnh7hpevbnhhfkh3...@reply.github.com> To: eclipse-platform/eclipse.platform.releng.aggregator <eclipse.platform.releng.aggrega...@noreply.github.com><mailto:eclipse.platform.releng.aggrega...@noreply.github.com> CC: Subscribed <subscri...@noreply.github.com><mailto:subscri...@noreply.github.com> hi, is the new dependency chain Error: Cannot resolve project dependencies: Error: Software being installed: org.eclipse.rcp.feature.group 4.26.0.v20221020-2202 Error: Missing requirement: org.apache.xmlgraphics 2.7.0.v20221018-0736 requires 'java.package; org.apache.commons.logging [1.0.4,1.3.0)' but it could not be found Error: Cannot satisfy dependency: org.apache.batik.css 1.15.0.v20221018-0736 depends on: java.package; org.apache.xmlgraphics.java2d.color 2.7.0 Error: Cannot satisfy dependency: org.eclipse.e4.rcp.feature.group 4.26.0.v20221020-2202 depends on: org.eclipse.equinox.p2.iu; org.apache.batik.css [1.15.0.v20221018-0736,1.15.0.v20221018-0736] Error: Cannot satisfy dependency: org.eclipse.rcp.feature.group 4.26.0.v20221020-2202 depends on: org.eclipse.equinox.p2.iu; org.eclipse.e4.rcp.feature.group [4.26.0.v20221020-2202,4.26.0.v20221020-2202] intentional (aka is the new org.apache.xmlgraphics 2.7.0.v20221018-0736 in orbit as we want it or did unwanted changes sneak in) https://github.com/itemis/xtext-reference-projects/pull/300/files<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fitemis%2Fxtext-reference-projects%2Fpull%2F300%2Ffiles&data=05%7C01%7Cmichael.wenz%40sap.com%7Ce41c45a45b2e48bfdedd08dabe3fec6f%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C638031480071788392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AnsP9WeV2iyMUwABhOCeih7YGcmOLL3Gf9xHhl4kGY8%3D&reserved=0> — Reply to this email directly, view it on GitHub<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feclipse-platform%2Feclipse.platform.releng.aggregator%2Fissues%2F651&data=05%7C01%7Cmichael.wenz%40sap.com%7Ce41c45a45b2e48bfdedd08dabe3fec6f%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C638031480071788392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=f4REmBChr3lUhI9n0n8GwmBDucc0ckv8x10Wy6CeITo%3D&reserved=0>, or unsubscribe<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAABS6TGARLW7N6PSZRXFIXTWFTBXPANCNFSM6AAAAAARRUYJEY&data=05%7C01%7Cmichael.wenz%40sap.com%7Ce41c45a45b2e48bfdedd08dabe3fec6f%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C638031480071788392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fjcS84BHiffpT3dwDEJ2ggIoX3wgvKWf2yCzWc60tD8%3D&reserved=0>. You are receiving this because you are subscribed to this thread.Message ID: <eclipse-platform/eclipse.platform.releng.aggregator/issues/6...@github.com<mailto:eclipse-platform/eclipse.platform.releng.aggregator/issues/6...@github.com>> _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org<mailto:cross-project-issues-dev@eclipse.org> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.eclipse.org%2Fmailman%2Flistinfo%2Fcross-project-issues-dev&data=05%7C01%7Cmichael.wenz%40sap.com%7Ce41c45a45b2e48bfdedd08dabe3fec6f%7C42f7676cf455423c82f6dc2d99791af7%7C0%7C0%7C638031480071788392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zUNqNpVSJYzHI8eAJAAu3cVS51tLFJKzRw472yiPcUk%3D&reserved=0> -- Pierre-Charles David (Obeo)
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev