[jira] [Commented] (GEODE-8496) bump dependencies for 1.14

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/GEODE-8496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17200425#comment-17200425
 ] 

ASF subversion and git services commented on GEODE-8496:
--------------------------------------------------------

Commit 86c32e48942fd1c694ac422779e8f8578f7eaf9b in geode's branch 
refs/heads/develop from Owen Nichols
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=86c32e4 ]

GEODE-8496: bump dependency versions (#5527)

* Bump arakelian:java-jq from 0.10.1 to 1.1.0
* Bump awaitility from 4.0.2 to 4.0.3
* Bump bcel from 6.4.1 to 6.5.0
* Bump bcpkix-jdk15on from 1.64 to 1.66
* Bump cargo-core-uberjar from 1.7.11 to 1.8.1
* Bump commons-codec from 1.14 to 1.15
* Bump commons-io from 2.6 to 2.8.0
* Bump commons-lang3 from 3.10 to 3.11
* Bump commons-text from 1.8 to 1.9
* Bump commons-validator from 1.6 to 1.7
* Bump compiler from 2.3.5 to 2.3.6
* Bump fastutil from 8.3.1 to 8.4.2
* Bump guava from 28.2-jre to 29.0-jre
* Bump hamcrest from 1.3 to 2.2
* Bump HikariCP from 3.4.2 to 3.4.5
* Bump jackson from 2.10.1 to 2.11.2
* Bump jackson-module-scala_2.10 from 2.10.0 to 2.11.2
* Bump jedis from 3.2.0 to 3.3.0
* Bump jetty from 9.4.21.v20190926 to 9.4.31.v20200723
* Bump jmh from 1.23 to 1.25.2
* Bump jna from 5.5.0 to 5.6.0
* Bump junit-quickcheck-core from 0.9.1 to 0.9.4
* Bump lettuce-core from 5.2.1.RELEASE to 5.3.4.RELEASE
* Bump log4j-api from 2.13.1 to 2.13.3
* Bump micrometer-core from 1.4.1 to 1.5.5
* Bump mysql-connector-java from 8.0.17 to 8.0.21
* Bump pmd from 6.22.0 to 6.27.0
* Bump powermock from 2.0.2 to 2.0.7
* Bump randomizedtesting-runner from 2.7.7 to 2.7.8
* Bump spring from 5.2.5 to 5.2.9
* Bump spring-boot-starter from 2.2.1.RELEASE to 2.3.4.RELEASE
* Bump spring-hateoas from 1.0.1.RELEASE to 1.1.2.RELEASE
* Bump spring-security from 5.3.2.RELEASE to 5.4.0
* Bump spring-session-data-redis from 2.2.1.RELEASE to 2.3.1.RELEASE
* Bump swagger-annotations from 1.5.23 to 1.6.2
* Bump testcontainers from 1.13.0 to 1.14.3
* Bump tomcat-catalina from 7.0.99 to 7.0.106
* Bump tomcat-catalina from 8.5.50 to 8.5.58
* Bump tomcat-catalina from 9.0.33 to 9.0.38
* add instructions for bumping dependencies

will create separate PRs for a few others that may not be "easy"

> bump dependencies for 1.14
> --------------------------
>
>                 Key: GEODE-8496
>                 URL: https://issues.apache.org/jira/browse/GEODE-8496
>             Project: Geode
>          Issue Type: Improvement
>          Components: build
>            Reporter: Owen Nichols
>            Priority: Major
>              Labels: pull-request-available
>
> now is a good time in the lull between 1.13 and 1.14 to roll 3rd party 
> libraries to latest versions wherever possible.  Doing this proactively helps 
> us stay ahead of CVEs and keep up with bugfixes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)