This is an automated email from the ASF dual-hosted git repository.
onichols pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 424cd72 GEODE-8496: dependency updates (#5822)
424cd72 is described below
commit 424cd7282e91d4af07a00f663db6affc0610035a
Author: Owen Nichols <34043438+onichols-pivo...@users.noreply.github.com>
AuthorDate: Tue Dec 8 18:14:32 2020 -0800
GEODE-8496: dependency updates (#5822)
* Bump spring-security from 5.4.1 to 5.4.2
* Bump archunit from 0.12.0 to 0.14.1
* Bump fastutil from 8.4.3 to 8.4.4
* Bump httpcore from 4.4.13 to 4.4.14
* Bump istack-commons from 3.0.11 to 4.0.0
* Bump lettuce from 5.3.5.RELEASE to 6.0.1.RELEASE
* Bump dependencyUpdates from 0.28.0 to 0.36.0
* Bump nebula-lint from 16.4.0 to 16.15.9
* Bump dependency-management from 1.0.9.RELEASE to 1.0.10.RELEASE
* Bump grgit from 4.0.1 to 4.1.0
* Bump sonarqube from "2.8" to "3.0"
* Bump nebula.facet from 6.0.2 to 6.2.0
* Bump spotless from 3.28.0 to 5.8.2
* remove unused dependency jackson-module-scala_2.10
* update bump exclusions and readme
---
.../src/test/resources/expected-pom.xml | 32 +++++++++-------------
build.gradle | 14 +++++-----
.../gradle/plugins/DependencyConstraints.groovy | 13 ++++-----
dev-tools/dependencies/README.md | 27 +++++-------------
dev-tools/dependencies/bump.sh | 16 ++++-------
.../integrationTest/resources/assembly_content.txt | 6 ++--
.../resources/dependency_classpath.txt | 6 ++--
geode-assembly/src/main/dist/LICENSE | 2 +-
.../managing/logging/how_logging_works.html.md.erb | 4 +--
geode-web-api/build.gradle | 1 -
geode-web-management/build.gradle | 1 -
gradle/spotless.gradle | 2 +-
12 files changed, 49 insertions(+), 75 deletions(-)
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index a4a3fa6..d8fec55 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -74,12 +74,6 @@
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>com.fasterxml.jackson.module</groupId>
- <artifactId>jackson-module-scala_2.10</artifactId>
- <version>2.11.3</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
<groupId>com.github.davidmoten</groupId>
<artifactId>geo</artifactId>
<version>0.7.7</version>
@@ -148,7 +142,7 @@
<dependency>
<groupId>com.sun.istack</groupId>
<artifactId>istack-commons-runtime</artifactId>
- <version>3.0.11</version>
+ <version>4.0.0</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -166,7 +160,7 @@
<dependency>
<groupId>com.tngtech.archunit</groupId>
<artifactId>archunit-junit4</artifactId>
- <version>0.12.0</version>
+ <version>0.14.1</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -262,7 +256,7 @@
<dependency>
<groupId>it.unimi.dsi</groupId>
<artifactId>fastutil</artifactId>
- <version>8.4.3</version>
+ <version>8.4.4</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -406,7 +400,7 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
- <version>4.4.13</version>
+ <version>4.4.14</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -550,7 +544,7 @@
<dependency>
<groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId>
- <version>5.3.5.RELEASE</version>
+ <version>6.0.1.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -748,49 +742,49 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-core</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
- <version>5.4.1</version>
+ <version>5.4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git a/build.gradle b/build.gradle
index adb2afd..a3913a6 100755
--- a/build.gradle
+++ b/build.gradle
@@ -17,18 +17,18 @@
plugins {
id "wrapper"
- id "nebula.facet" version "6.0.2" apply false
+ id "nebula.facet" version "6.2.0" apply false
id "base"
id "idea"
id "eclipse"
- id "com.diffplug.gradle.spotless" version "3.28.0" apply false
- id "com.github.ben-manes.versions" version "0.28.0" apply false
- id "nebula.lint" version "16.4.0" apply false
+ id "com.diffplug.spotless" version "5.8.2" apply false
+ id "com.github.ben-manes.versions" version "0.36.0" apply false
+ id "nebula.lint" version "16.15.9" apply false
id "com.palantir.docker" version "0.22.1" apply false
- id "io.spring.dependency-management" version "1.0.9.RELEASE" apply false
- id "org.ajoberstar.grgit" version "4.0.1" apply false
+ id "io.spring.dependency-management" version "1.0.10.RELEASE" apply false
+ id "org.ajoberstar.grgit" version "4.1.0" apply false
id "org.nosphere.apache.rat" version "0.6.0" apply false
- id "org.sonarqube" version "2.8" apply false
+ id "org.sonarqube" version "3.0" apply false
id "me.champeau.gradle.japicmp" apply false // Version defined in
buildSrc/build.gradle
id 'me.champeau.gradle.jmh' version '0.5.2' apply false
}
diff --git
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 4a55689..87724d4 100644
---
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -37,7 +37,7 @@ class DependencyConstraints implements Plugin<Project> {
deps.put("commons-io.version", "2.8.0")
deps.put("commons-lang3.version", "3.11")
deps.put("commons-validator.version", "1.7")
- deps.put("fastutil.version", "8.4.3")
+ deps.put("fastutil.version", "8.4.4")
deps.put("javax.transaction-api.version", "1.3")
deps.put("jgroups.version", "3.6.14.Final")
deps.put("log4j.version", "2.14.0")
@@ -89,7 +89,6 @@ class DependencyConstraints implements Plugin<Project> {
api(group: 'com.carrotsearch.randomizedtesting', name:
'randomizedtesting-runner', version: '2.7.8')
api(group: 'com.fasterxml.jackson.datatype', name:
'jackson-datatype-joda', version: '2.9.8')
api(group: 'com.fasterxml.jackson.datatype', name:
'jackson-datatype-jsr310', version: '2.11.3')
- api(group: 'com.fasterxml.jackson.module', name:
'jackson-module-scala_2.10', version: '2.11.3')
api(group: 'com.github.davidmoten', name: 'geo', version: '0.7.7')
api(group: 'com.github.stefanbirkner', name: 'system-rules', version:
'1.19.0')
api(group: 'com.github.stephenc.findbugs', name:
'findbugs-annotations', version: '1.3.9-1')
@@ -102,10 +101,10 @@ class DependencyConstraints implements Plugin<Project> {
api(group: 'com.nimbusds', name:'nimbus-jose-jwt', version:'8.11')
// Pinning transitive dependency from spring-security-oauth2 to clean
up our licenses.
api(group: 'com.nimbusds', name: 'oauth2-oidc-sdk', version: '8.9')
- api(group: 'com.sun.istack', name: 'istack-commons-runtime', version:
'3.0.11')
+ api(group: 'com.sun.istack', name: 'istack-commons-runtime', version:
'4.0.0')
api(group: 'com.sun.mail', name: 'javax.mail', version: '1.6.2')
api(group: 'com.sun.xml.bind', name: 'jaxb-impl', version: '2.3.2')
- api(group: 'com.tngtech.archunit', name:'archunit-junit4', version:
'0.12.0')
+ api(group: 'com.tngtech.archunit', name:'archunit-junit4', version:
'0.14.1')
api(group: 'com.zaxxer', name: 'HikariCP', version: '3.4.5')
api(group: 'commons-beanutils', name: 'commons-beanutils', version:
'1.9.4')
api(group: 'commons-codec', name: 'commons-codec', version: '1.15')
@@ -146,7 +145,7 @@ class DependencyConstraints implements Plugin<Project> {
api(group: 'org.apache.commons', name: 'commons-text', version: 1.9)
api(group: 'org.apache.derby', name: 'derby', version: '10.14.2.0')
api(group: 'org.apache.httpcomponents', name: 'httpclient', version:
'4.5.13')
- api(group: 'org.apache.httpcomponents', name: 'httpcore', version:
'4.4.13')
+ api(group: 'org.apache.httpcomponents', name: 'httpcore', version:
'4.4.14')
api(group: 'org.apache.shiro', name: 'shiro-core', version:
get('shiro.version'))
api(group: 'org.assertj', name: 'assertj-core', version: '3.18.1')
api(group: 'org.awaitility', name: 'awaitility', version: '4.0.3')
@@ -170,7 +169,7 @@ class DependencyConstraints implements Plugin<Project> {
api(group: 'org.testcontainers', name: 'testcontainers', version:
'1.14.3')
api(group: 'pl.pragmatists', name: 'JUnitParams', version: '1.1.0')
api(group: 'redis.clients', name: 'jedis', version: '3.3.0')
- api(group: 'io.lettuce', name: 'lettuce-core', version:
'5.3.5.RELEASE')
+ api(group: 'io.lettuce', name: 'lettuce-core', version:
'6.0.1.RELEASE')
api(group: 'xerces', name: 'xercesImpl', version: '2.12.0')
}
}
@@ -239,7 +238,7 @@ class DependencyConstraints implements Plugin<Project> {
entry('selenium-support')
}
- dependencySet(group: 'org.springframework.security', version: '5.4.1') {
+ dependencySet(group: 'org.springframework.security', version: '5.4.2') {
entry('spring-security-config')
entry('spring-security-core')
entry('spring-security-ldap')
diff --git a/dev-tools/dependencies/README.md b/dev-tools/dependencies/README.md
index 07d252d..313d13a 100644
--- a/dev-tools/dependencies/README.md
+++ b/dev-tools/dependencies/README.md
@@ -9,28 +9,15 @@ Step 0: Create a JIRA ticket for this work.
Step 1: List bump commands for all dependencies for which maven offers a newer
version:
cd geode
-dev-tools/dependencies/bump.sh -l <jira you will be committing this work under>
-
-Step 2: Filter out certain dependencies that we cannot change, such as:
-- jgroups
-- classgraph
-- gradle-tooling-api
-- JUnitParams
-- docker-compose-rule
-- javax.servlet-api
-- protobuf
-- lucene
-- tomcat 6
-- archunit (13.0 and later get OOM on JDK8)
-
-Step 3: In some cases, maven suggests new majors, beta releases, or just wrong
releases.
+dev-tools/dependencies/bump.sh <jira you will be committing this work under> -l
+
+Step 2: In some cases, maven suggests beta releases, which Geode should not
use.
Manually search for those dependencies on mavencentral to see if there is a
better choice.
-Examples include:
-- commons-collections (versioning back in 2004 predated semver)
-- springfox-swagger (stay on 2.9, as 2.10 and later is completely
re-architected)
-- selenium-api (these tests are very old, so stay on version pi)
+Special cases:
+- tomcat6 (do not upgrade)
+- tomcat (upgrade to latest patch only for each of 7, 8.5, and 9)
-Step 4: Create a PR and start bumping dependencies. Push to the PR every few
to run PR
+Step 3: Create a PR and start bumping dependencies. Push to the PR every few
to run PR
checks. Later, review the PR checks and try to narrow down which bump
introduced problems
and revert it. At the end, create separate PRs for each one that was
problematic and ask
for help from someone in the community who knows that area better.
diff --git a/dev-tools/dependencies/bump.sh b/dev-tools/dependencies/bump.sh
index edfada1..f10292a 100755
--- a/dev-tools/dependencies/bump.sh
+++ b/dev-tools/dependencies/bump.sh
@@ -22,25 +22,21 @@ if ! [ -d dev-tools ] ; then
exit 1
fi
-if [ "$1" = "-l" ] ; then
- if [ "$2" = "" ] ; then
- echo "Usage: $0 -l <jira>"
- exit 1
- fi
- ./gradlew dependencyUpdates; find . | grep
build/dependencyUpdates/report.txt | xargs cat \
- | grep ' -> ' | egrep -v
'(Gradle|antlr|protobuf|lucene|JUnitParams|docker-compose-rule|javax.servlet-api|gradle-tooling-api|springfox|archunit)'
\
- | sort -u | tr -d '][' | sed -e 's/ -> / /' -e 's#.*:#'"$0 $2"' #'
+if [ "$2" = "-l" ] ; then
+ ./gradlew dependencyUpdates -Drevision=release ; find . | grep
build/dependencyUpdates/report.txt | xargs cat \
+ | grep ' -> ' | egrep -v
'(Gradle|antlr|protobuf|lucene|JUnitParams|docker-compose-rule|javax.servlet-api|gradle-tooling-api|springfox|derby|classgraph|selenium|jgroups|jmh|
6.0.37|commons-collections|jaxb|testcontainers.*1.15.0)' \
+ | sort -u | tr -d '][' | sed -e 's/ -> / /' -e 's#.*:#'"$0 $1"' #'
exit 0
fi
if [ "$4" = "" ] ; then
echo "Usage: $0 <jira> <library-name> <old-ver> <new-ver>"
- echo " or: $0 -l <jira>"
+ echo " or: $0 <jira> -l"
exit 1
fi
if [ $(git diff | wc -l) -gt 0 ] ; then
- echo "Your workspace has uncommitted changes, please stash them."
+ echo "Your workspace has uncommitted changes, please stash or commit them."
exit 1
fi
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index e6c2af5..9385e56 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -987,7 +987,7 @@ lib/commons-lang3-3.11.jar
lib/commons-logging-1.2.jar
lib/commons-modeler-2.0.1.jar
lib/commons-validator-1.7.jar
-lib/fastutil-8.4.3.jar
+lib/fastutil-8.4.4.jar
lib/findbugs-annotations-1.3.9-1.jar
lib/geo-0.7.7.jar
lib/geode-common-0.0.0.jar
@@ -1015,8 +1015,8 @@ lib/geode-unsafe-0.0.0.jar
lib/geode-wan-0.0.0.jar
lib/gfsh-dependencies.jar
lib/httpclient-4.5.13.jar
-lib/httpcore-4.4.13.jar
-lib/istack-commons-runtime-3.0.11.jar
+lib/httpcore-4.4.14.jar
+lib/istack-commons-runtime-4.0.0.jar
lib/jackson-annotations-2.11.3.jar
lib/jackson-core-2.11.3.jar
lib/jackson-databind-2.11.3.jar
diff --git
a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
index dfd59a4..bf6ff95 100644
--- a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
@@ -23,7 +23,7 @@ geode-membership-0.0.0.jar
geode-http-service-0.0.0.jar
geode-unsafe-0.0.0.jar
httpclient-4.5.13.jar
-httpcore-4.4.13.jar
+httpcore-4.4.14.jar
HikariCP-3.4.5.jar
commons-lang3-3.11.jar
jaxb-api-2.3.1.jar
@@ -32,7 +32,7 @@ log4j-api-2.14.0.jar
spring-shell-1.2.0.RELEASE.jar
rmiio-2.1.2.jar
antlr-2.7.7.jar
-istack-commons-runtime-3.0.11.jar
+istack-commons-runtime-4.0.0.jar
jaxb-impl-2.3.2.jar
commons-validator-1.7.jar
shiro-core-1.7.0.jar
@@ -45,7 +45,7 @@ commons-logging-1.2.jar
classgraph-4.8.52.jar
micrometer-core-1.6.1.jar
swagger-annotations-1.6.2.jar
-fastutil-8.4.3.jar
+fastutil-8.4.4.jar
javax.resource-api-1.7.1.jar
jetty-webapp-9.4.35.v20201120.jar
jetty-servlet-9.4.35.v20201120.jar
diff --git a/geode-assembly/src/main/dist/LICENSE
b/geode-assembly/src/main/dist/LICENSE
index 2843ede..a25297f 100644
--- a/geode-assembly/src/main/dist/LICENSE
+++ b/geode-assembly/src/main/dist/LICENSE
@@ -1024,7 +1024,7 @@ The EDL 1.0 License
(http://www.eclipse.org/org/documents/edl-v10.php)
Apache Geode bundles the following file under the EDL 1.0 License:
- - istack-commons-runtime v3.0.11
+ - istack-commons-runtime v4.0.0
Eclipse Distribution License - v 1.0
diff --git a/geode-docs/managing/logging/how_logging_works.html.md.erb
b/geode-docs/managing/logging/how_logging_works.html.md.erb
index 01f7b65..71e866d 100644
--- a/geode-docs/managing/logging/how_logging_works.html.md.erb
+++ b/geode-docs/managing/logging/how_logging_works.html.md.erb
@@ -21,9 +21,9 @@ limitations under the License.
<%=vars.product_name%> uses [Apache Log4j
2](http://logging.apache.org/log4j/2.x/) API and Core libraries as the basis
for its logging system. Log4j 2 API is a popular and powerful front-end logging
API used by all the <%=vars.product_name%> classes to generate log statements.
Log4j 2 Core is a backend implementation for logging; you can route any of the
front-end logging API libraries to log to this backend. <%=vars.product_name%>
uses the Core backend to run three custom Log4j 2 Append [...]
-<%=vars.product_name%> has been tested with Log4j 2.12.
+<%=vars.product_name%> has been tested with Log4j 2.14.
<%=vars.product_name%> requires the
-`log4j-api-2.11.0.jar` and `log4j-core-2.11.0.jar`
+`log4j-api-2.14.0.jar` and `log4j-core-2.14.0.jar`
JAR files to be in the classpath.
Both of these JARs are distributed in the `<path-to-product>/lib` directory
and included in the appropriate `*-dependencies.jar` convenience libraries.
diff --git a/geode-web-api/build.gradle b/geode-web-api/build.gradle
index b3d8c56..79daa9a 100644
--- a/geode-web-api/build.gradle
+++ b/geode-web-api/build.gradle
@@ -51,7 +51,6 @@ dependencies {
exclude module: 'jackson-annotations'
}
- compileOnly('com.fasterxml.jackson.module:jackson-module-scala_2.10')
compileOnly('io.swagger:swagger-annotations')
implementation('io.springfox:springfox-swagger2') {
diff --git a/geode-web-management/build.gradle
b/geode-web-management/build.gradle
index 1c13702..a3fbbc4 100644
--- a/geode-web-management/build.gradle
+++ b/geode-web-management/build.gradle
@@ -68,7 +68,6 @@ dependencies {
exclude module: 'jackson-annotations'
}
- compileOnly('com.fasterxml.jackson.module:jackson-module-scala_2.10')
compileOnly('io.swagger:swagger-annotations')
implementation('io.springfox:springfox-swagger2') {
diff --git a/gradle/spotless.gradle b/gradle/spotless.gradle
index d7743da..13cc888 100644
--- a/gradle/spotless.gradle
+++ b/gradle/spotless.gradle
@@ -29,7 +29,7 @@ logger.debug("Using partial md5 (${thisFileIntegerHash}) of
file ${thisFile} as
project.ext.set("spotless-file-hash", thisFileIntegerHash)
-apply plugin: "com.diffplug.gradle.spotless"
+apply plugin: "com.diffplug.spotless"
spotless {
lineEndings = 'unix'
java {
