[jira] [Commented] (GEODE-10046) bump dependencies in 1.16
[ https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531914#comment-17531914 ] ASF subversion and git services commented on GEODE-10046: - Commit b27d6a4e4794ba446e4757d0dc06e8d5bb4e878e in geode's branch refs/heads/develop from Owen Nichols [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b27d6a4e47 ] GEODE-10046: Bump 3rd-party dependency versions (#7650) Geode endeavors to update to the latest version of 3rd-party dependencies on develop wherever possible. Doing so increases the shelf life of releases and increases security and reliability. Doing so regularly makes the occasional hiccups this can cause easier to pinpoint and address. Dependency bumps in this batch: * Bump classgraph from 4.8.145 to 4.8.146 * Bump micrometer from 1.8.4 to 1.8.5 * Bump netty-handler from 4.1.75 to 4.1.76 * Bump spring-boot-starter-web from 2.6.6 to 2.6.7 * Bump spring-hateoas from 1.4.1 to 1.4.2 * Bump spring-ldap-core from 2.3.6 to 2.3.7 * Bump spring-security from 5.6.2 to 5.6.3 > bump dependencies in 1.16 > - > > Key: GEODE-10046 > URL: https://issues.apache.org/jira/browse/GEODE-10046 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Owen Nichols >Assignee: Owen Nichols >Priority: Major > Labels: pull-request-available > Fix For: 1.15.0 > > > until support/1.16 is cut, periodically check for and switch to latest > version of 3rd-party dependencies. this will extend the shelf-life of > eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at > least give a smaller delta if there is later a cve found that we need to > patch for -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (GEODE-10046) bump dependencies in 1.16
[ https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518431#comment-17518431 ] ASF subversion and git services commented on GEODE-10046: - Commit f110b9be3547474e74bc16cf2f24337b90e8fae2 in geode's branch refs/heads/develop from Owen Nichols [ https://gitbox.apache.org/repos/asf?p=geode.git;h=f110b9be35 ] GEODE-10046: Bump 3rd-party dependency versions (#7557) Geode endeavors to regularly update 3rd-party dependencies to increase shelf life, security and reliability of releases. Dependency bumps in this batch: * Bump classgraph from 4.8.141 to 4.8.143 * Bump jetty from 9.4.45.v20220203 to 9.4.46.v20220331 * Bump jna from 5.10.0 to 5.11.0 * Bump junit-pioneer from 1.6.1 to 1.6.2 * Bump lettuce-core from 6.1.6.RELEASE to 6.1.8.RELEASE * Bump maven-artifact from 3.8.1 to 3.8.5 * Bump micrometer-core from 1.8.3 to 1.8.4 * Bump nebula.lint from 17.6.1 to 17.7.0 * Bump netty from 4.1.74.Final to 4.1.75.Final * Bump rat from 0.7.0 to 0.7.1 * Bump shiro-core from 1.8.0 to 1.9.0 * Bump spotless from 6.2.2 to 6.4.1 * Bump spring-boot-starter-web from 2.6.5 to 2.6.6 * Bump swagger-annotations from 1.6.2 to 1.6.6 * Bump tomcat from 9.0.59 to 9.0.62 > bump dependencies in 1.16 > - > > Key: GEODE-10046 > URL: https://issues.apache.org/jira/browse/GEODE-10046 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Owen Nichols >Assignee: Owen Nichols >Priority: Major > Labels: pull-request-available > Fix For: 1.15.0 > > > until support/1.16 is cut, periodically check for and switch to latest > version of 3rd-party dependencies. this will extend the shelf-life of > eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at > least give a smaller delta if there is later a cve found that we need to > patch for -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (GEODE-10046) bump dependencies in 1.16
[ https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507816#comment-17507816 ] ASF subversion and git services commented on GEODE-10046: - Commit 9ff27b37cf5cc7a97700c64c77a28eefe8ae9d4a in geode's branch refs/heads/develop from Owen Nichols [ https://gitbox.apache.org/repos/asf?p=geode.git;h=9ff27b3 ] GEODE-10046: Bump 3rd-party dependency versions (#7434) Geode endeavors to update to the latest version of 3rd-party dependencies on develop wherever possible. Doing so increases the shelf life of releases and increases security and reliability. Doing so regularly makes the occasional hiccups this can cause easier to pinpoint and address. Dependency bumps in this batch: * Bump awaitility from 4.1.1 to 4.2.0 * Bump cargo from 1.9.9 to 1.9.10 * Bump classgraph from 4.8.138 to 4.8.141 * Bump guava from 31.0.1-jre to 31.1-jre * Bump jackson from 2.13.1 to 2.13.2 * Bump jetty from 9.4.44.v20210927 to 9.4.45.v20220203 * Bump junit-pioneer from 1.5.0 to 1.6.1 * Bump log4j from 2.17.1 to 2.17.2 * Bump micrometer-core from 1.8.2 to 1.8.3 * Bump mockito from 4.3.1 to 4.4.0 * Bump spring from 5.3.15 to 5.3.16 * Bump spring-boot-starter from 2.6.3 to 2.6.4 * Bump spring-ldap from 2.3.5.RELEASE to 2.3.6.RELEASE * Bump spring-security from 5.6.1 to 5.6.2 * Bump spring-session from 2.6.1 to 2.6.2 * Bump tomcat from 9.0.58 to 9.0.59 > bump dependencies in 1.16 > - > > Key: GEODE-10046 > URL: https://issues.apache.org/jira/browse/GEODE-10046 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Owen Nichols >Assignee: Owen Nichols >Priority: Major > Labels: pull-request-available > Fix For: 1.16.0 > > > until support/1.16 is cut, periodically check for and switch to latest > version of 3rd-party dependencies. this will extend the shelf-life of > eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at > least give a smaller delta if there is later a cve found that we need to > patch for -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (GEODE-10046) bump dependencies in 1.16
[ https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17492872#comment-17492872 ] ASF subversion and git services commented on GEODE-10046: - Commit 5d69a616d2516b0f401bfbb4394e484bf2c3a284 in geode's branch refs/heads/develop from Owen Nichols [ https://gitbox.apache.org/repos/asf?p=geode.git;h=5d69a61 ] GEODE-10046: bump dependencies (#7360) * Bump ben-manes versions from 0.39.0 to 0.42.0 * Bump palantir docker from 0.28.0 to 0.32.0 * Bump fastutil from 8.5.6 to 8.5.8 * Bump java-jq from 1.2.0 to 1.3.0 * Bump jproc from 2.6.2 to 2.8.0 * Bump json-path from 2.6.0 to 2.7.0 * Bump lettuce-core from 6.1.5.RELEASE to 6.1.6.RELEASE * Bump micrometer-core from 1.8.1 to 1.8.2 * Bump mysql-connector-java from 8.0.26 to 8.0.28 * Bump nebula.lint from 17.1.1 to 17.6.1 * Bump netty from 4.1.72.Final to 4.1.74.Final * Bump pmd from 6.41.0 to 6.42.0 * Bump spotless from 5.14.3 to 6.2.2 * Bump spring from 5.3.14 to 5.3.15 * Bump spring-boot-starter from 2.6.2 to 2.6.3 * Bump spring-hateoas from 1.4.0 to 1.4.1 * Bump tomcat from 9.0.56 to 9.0.58 > bump dependencies in 1.16 > - > > Key: GEODE-10046 > URL: https://issues.apache.org/jira/browse/GEODE-10046 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Owen Nichols >Assignee: Owen Nichols >Priority: Major > Labels: pull-request-available > > until support/1.16 is cut, periodically check for and switch to latest > version of 3rd-party dependencies. this will extend the shelf-life of > eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at > least give a smaller delta if there is later a cve found that we need to > patch for -- This message was sent by Atlassian Jira (v8.20.1#820001)
