[
https://issues.apache.org/jira/browse/OFBIZ-9674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Leichert updated OFBIZ-9674:
-----------------------------------
Attachment: OFBIZ-9674_Update_buildgradle.patch
> Update build.gradle to the latest dependencies
> ----------------------------------------------
>
> Key: OFBIZ-9674
> URL: https://issues.apache.org/jira/browse/OFBIZ-9674
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Michael Brohl
> Assignee: Michael Brohl
> Priority: Minor
> Attachments: OFBIZ-9674_Update_buildgradle.patch
>
>
> I wondered how up-to-date our project dependencies are and searched for an
> efficient way how to check this. I found the gradle-versions-plugin [1] which
> analyzes the dependencies and checks if there are newer versions available.
> I ran the check with
> {code:java}
> ./gradlew dependencyUpdates -Drevision=release
> {code}
> and got the following result:
> ------------------------------------------------------------
> : Project Dependency Updates (report to plain text file)
> ------------------------------------------------------------
> The following dependencies are using the latest release version:
> - net.sf.barcode4j:barcode4j:2.1
> - net.sf.barcode4j:barcode4j-fop-ext:2.1
> - org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
> - org.apache.commons:commons-collections4:4.1
> - com.googlecode.ez-vcard:ez-vcard:0.9.10
> - org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
> - org.apache.geronimo.components:geronimo-transaction:3.1.4
> - at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
> - com.github.ben-manes:gradle-versions-plugin:0.15.0
> - org.hamcrest:hamcrest-all:1.3
> - net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
> - javax.el:javax.el-api:3.0.1-b04
> - de.odysseus.juel:juel-impl:2.2.7
> - de.odysseus.juel:juel-spi:2.2.7
> - junit:junit:4.12
> - oro:oro:2.0.8
> - apache-xerces:xercesImpl:2.9.1
> The following dependencies exceed the version found at the release revision
> level:
> - com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
> [20160628.1 <- 1.1]
> The following dependencies have later release versions:
> - org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
> - org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
> - org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
> - org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
> - org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
> - commons-cli:commons-cli [1.3.1 -> 1.4]
> - org.apache.commons:commons-csv [1.1 -> 1.5]
> - org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
> - commons-net:commons-net [3.3 -> 3.6]
> - commons-validator:commons-validator [1.5.1 -> 1.6]
> - com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 ->
> 1.4.2]
> - com.google.zxing:core [3.2.1 -> 3.3.0]
> - org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
> - org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
> - org.apache.xmlgraphics:fop [2.1 -> 2.2]
> - org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
> - org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
> - org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
> - com.ibm.icu:icu4j [57.1 -> 59.1]
> - com.lowagie:itext [2.1.7 -> 4.2.2]
> - org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
> - com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
> - javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
> - javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
> - junit:junit-dep [4.10 -> 4.11]
> - com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
> - org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
> - org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
> - org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
> - org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
> - org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
> - org.mockito:mockito-core [1.10.19 -> 2.9.0]
> - org.apache.poi:poi [3.14 -> 3.17-beta1]
> - org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
> - org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
> - org.apache.tika:tika-core [1.12 -> 1.16]
> - org.apache.tika:tika-parsers [1.12 -> 1.16]
> - org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
> - org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
> - org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
> - org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
> - wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
> - org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
> - org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
> - com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]
> Failed to determine the latest version for the following dependencies (use
> --info for details):
> - com.sun.syndication:com.springsource.com.sun.syndication
> - org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec
> Generated report file build/dependencyUpdates/report.txt
> ===
> If there are no objections, I would try to update the dependencies to the
> latest release versions, which means I would skip the milestone versions for
> e.g. Tomcat here.
> We can run this check from time to time to see if we have missed updates to
> the dependencies.
> What do you think? Is this reasonable?
> Thanks,
> Michael
> [1] https://github.com/ben-manes/gradle-versions-plugin
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
