This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new d2aecb7 KNOX-2406 - Use dependency bom for dependency management
(#363)
d2aecb7 is described below
commit d2aecb7af22768086d6d1668c7e794f69267650e
Author: Kevin Risden <risd...@users.noreply.github.com>
AuthorDate: Fri Jul 17 12:17:44 2020 -0400
KNOX-2406 - Use dependency bom for dependency management (#363)
Signed-off-by: Kevin Risden <kris...@apache.org>
---
pom.xml | 195 ++++++++++++++--------------------------------------------------
1 file changed, 43 insertions(+), 152 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5365306..d695d90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -249,7 +249,7 @@
<slf4j.version>1.7.30</slf4j.version>
<spotbugs.version>4.0.1</spotbugs.version>
<spotbugs-maven-plugin.version>4.0.0</spotbugs-maven-plugin.version>
- <spring-core.version>5.2.5.RELEASE</spring-core.version>
+ <spring.version>5.2.5.RELEASE</spring.version>
<spring-vault.version>2.2.2.RELEASE</spring-vault.version>
<stax2-api.version>4.2</stax2-api.version>
<taglibs-standard.version>1.2.5</taglibs-standard.version>
@@ -1206,63 +1206,65 @@
</dependency>
<dependency>
- <groupId>com.nimbusds</groupId>
- <artifactId>nimbus-jose-jwt</artifactId>
- <version>${nimbus-jose-jwt.version}</version>
- </dependency>
- <dependency>
- <groupId>com.nimbusds</groupId>
- <artifactId>lang-tag</artifactId>
- <version>${lang-tag.version}</version>
+ <groupId>com.fasterxml.jackson</groupId>
+ <artifactId>jackson-bom</artifactId>
+ <version>${jackson.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
</dependency>
<dependency>
- <groupId>net.minidev</groupId>
- <artifactId>json-smart</artifactId>
- <version>${json-smart.version}</version>
- </dependency>
- <dependency>
<groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-http</artifactId>
+ <artifactId>jetty-bom</artifactId>
<version>${jetty.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
</dependency>
+ <!-- Need these additional due to classifier tests -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-server</artifactId>
+ <artifactId>jetty-servlet</artifactId>
<version>${jetty.version}</version>
+ <classifier>tests</classifier>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-util</artifactId>
+ <artifactId>jetty-http</artifactId>
<version>${jetty.version}</version>
+ <classifier>tests</classifier>
</dependency>
+
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-util-ajax</artifactId>
- <version>${jetty.version}</version>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-bom</artifactId>
+ <version>${netty.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
</dependency>
+
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlet</artifactId>
- <version>${jetty.version}</version>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-framework-bom</artifactId>
+ <version>${spring.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
</dependency>
+
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-webapp</artifactId>
- <version>${jetty.version}</version>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>${nimbus-jose-jwt.version}</version>
</dependency>
-
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlet</artifactId>
- <version>${jetty.version}</version>
- <classifier>tests</classifier>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>lang-tag</artifactId>
+ <version>${lang-tag.version}</version>
</dependency>
+
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-http</artifactId>
- <version>${jetty.version}</version>
- <classifier>tests</classifier>
+ <groupId>net.minidev</groupId>
+ <artifactId>json-smart</artifactId>
+ <version>${json-smart.version}</version>
</dependency>
<dependency>
@@ -1596,33 +1598,6 @@
</dependency>
<dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-all</artifactId>
- <version>${netty.version}</version>
- </dependency>
-
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
- <version>${jackson.version}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>${jackson.version}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.dataformat</groupId>
- <artifactId>jackson-dataformat-yaml</artifactId>
- <version>${jackson.version}</version>
- </dependency>
-
- <dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
<version>${stax2-api.version}</version>
@@ -1949,27 +1924,6 @@
</dependency>
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-io</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-annotations</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>apache-jsp</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>apache-jstl</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <!-- apache-jstl includes taglibs 1.2.1 which has CVEs -->
- <dependency>
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-spec</artifactId>
<version>${taglibs-standard.version}</version>
@@ -1982,16 +1936,6 @@
<!-- Websocket support -->
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-client</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>websocket-client</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
<groupId>javax.websocket</groupId>
<artifactId>javax.websocket-api</artifactId>
<version>${javax.websocket-api.version}</version>
@@ -2003,33 +1947,6 @@
</dependency>
<dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>websocket-api</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>websocket-server</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>websocket-servlet</artifactId>
- <version>${jetty.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>javax-websocket-server-impl</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.websocket</groupId>
- <artifactId>javax-websocket-client-impl</artifactId>
- <version>${jetty.version}</version>
- </dependency>
-
- <dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-core</artifactId>
<version>${metrics.version}</version>
@@ -2141,17 +2058,6 @@
</exclusions>
</dependency>
- <!-- Upgrade pac4j-saml dependencies to avoid known CVEs -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- <version>${spring-core.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-orm</artifactId>
- <version>${spring-core.version}</version>
- </dependency>
<dependency>
<groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
@@ -2216,30 +2122,15 @@
</dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- <version>${spring-core.version}</version>
+ <groupId>org.aspectj</groupId>
+ <artifactId>aspectjrt</artifactId>
+ <version>${aspectj.version}</version>
</dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-beans</artifactId>
- <version>${spring-core.version}</version>
+ <groupId>org.aspectj</groupId>
+ <artifactId>aspectjweaver</artifactId>
+ <version>${aspectj.version}</version>
</dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <version>${spring-core.version}</version>
- </dependency>
- <dependency>
- <groupId>org.aspectj</groupId>
- <artifactId>aspectjrt</artifactId>
- <version>${aspectj.version}</version>
- </dependency>
- <dependency>
- <groupId>org.aspectj</groupId>
- <artifactId>aspectjweaver</artifactId>
- <version>${aspectj.version}</version>
- </dependency>
<dependency>
<groupId>de.thetaphi</groupId>
