Re: [PR] GUACAMOLE-1956: Bring Java and JavaScript dependencies up to date. [guacamole-client]

Wed, 21 Aug 2024 09:44:12 -0700 


mike-jumper commented on code in PR #1005:
URL: https://github.com/apache/guacamole-client/pull/1005#discussion_r1725402932


##########
doc/licenses/bouncycastle-2.0.3/README:
##########
@@ -0,0 +1,7 @@
+BouncyCastle FIPS Distribution (https://www.bouncycastle.org/fips-java)

Review Comment:
   It doesn't look like this is correct for `bcutil-fips`. The title here is 
identical to the title used for `bc-fips`, but the latest version of `bc-fips` 
is 2.0.0.
   
   Checking 
https://search.maven.org/artifact/org.bouncycastle/bcutil-fips/2.0.3/jar, I 
see: "Bouncy Castle ASN.1 Extension and Utility APIs (FIPS Distribution)"



##########
extensions/guacamole-auth-ldap/pom.xml:
##########
@@ -51,12 +51,12 @@
         <dependency>
             <groupId>org.apache.directory.api</groupId>
             <artifactId>api-all</artifactId>
-            <version>2.1.6</version>
+            <version>2.1.7</version>
             <exclusions>
 
                 <!--
                     Replace slightly older commons-lang3 (3.13.0) with latest
-                    compatible version (3.14.0) so that we don't need two 
copies
+                    compatible version (3.16.0) so that we don't need two 
copies
                     of the same license information.
                 -->

Review Comment:
   Is it still correct (this newer version of `api-all` is still pointing at 
version 3.13.3 of `commons-lang3`)?



##########
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml:
##########
@@ -122,20 +122,20 @@
         <dependency>
             <groupId>com.fasterxml.woodstox</groupId>
             <artifactId>woodstox-core</artifactId>
-            <version>5.4.0</version>
+            <version>6.6.0</version>
         </dependency>
 
         <!-- Apache XML Security for Java (see exclusions for java-saml) -->
         <dependency>
             <groupId>org.apache.santuario</groupId>
             <artifactId>xmlsec</artifactId>
-            <version>2.2.6</version>
+            <version>4.0.2</version>

Review Comment:
   Are these newer versions known to be binary-compatible with the versions 
being overridden?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to