This is an automated email from the ASF dual-hosted git repository. desruisseaux pushed a commit to branch geoapi-4.0 in repository https://gitbox.apache.org/repos/asf/sis.git
commit 8f637cfe82bb8ad661eb443bda1e0b1213a07061 Author: Martin Desruisseaux <martin.desruisse...@geomatys.com> AuthorDate: Fri Jul 26 11:30:24 2024 +0200 Upgrade dependencies (JAXB, JUnit, databases). --- buildSrc/build.gradle.kts | 4 ++-- netbeans-project/ivy.xml | 16 ++++++++-------- settings.gradle.kts | 20 +++++++++++--------- 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts index 630909921b..eb6808a8dd 100644 --- a/buildSrc/build.gradle.kts +++ b/buildSrc/build.gradle.kts @@ -35,8 +35,8 @@ repositories { } dependencies { implementation (group = "org.apache.commons", name = "commons-compress", version = "1.23.0") - testCompileOnly(group = "org.junit.jupiter", name = "junit-jupiter-api", version = "5.10.2") - testRuntimeOnly(group = "org.junit.jupiter", name = "junit-jupiter-engine", version = "5.10.2") + testCompileOnly(group = "org.junit.jupiter", name = "junit-jupiter-api", version = "5.10.3") + testRuntimeOnly(group = "org.junit.jupiter", name = "junit-jupiter-engine", version = "5.10.3") } /* diff --git a/netbeans-project/ivy.xml b/netbeans-project/ivy.xml index 0e796640c4..82171f9227 100644 --- a/netbeans-project/ivy.xml +++ b/netbeans-project/ivy.xml @@ -12,28 +12,28 @@ <info organisation="org.apache" module="sis"/> <dependencies defaultconf="default"> <dependency org="javax.measure" name="unit-api" rev="2.1.3"/> - <dependency org="org.glassfish.jaxb" name="jaxb-runtime" rev="4.0.4"/> + <dependency org="org.glassfish.jaxb" name="jaxb-runtime" rev="4.0.5"/> <dependency org="org.eclipse" name="yasson" rev="3.0.3"/> <dependency org="com.esri.geometry" name="esri-geometry-api" rev="2.2.4"/> <dependency org="org.locationtech.jts" name="jts-core" rev="1.19.0"/> - <dependency org="org.postgresql" name="postgresql" rev="42.6.0"/> + <dependency org="org.postgresql" name="postgresql" rev="42.7.3"/> <dependency org="edu.ucar" name="cdm-core" rev="5.5.3"/> <dependency org="edu.ucar" name="udunits" rev="5.5.3"/> <dependency org="org.jdom" name="jdom2" rev="2.0.6"/> <dependency org="joda-time" name="joda-time" rev="2.10.3"/> <dependency org="com.google.guava" name="guava" rev="30.1-jre"/> - <dependency org="org.libreoffice" name="libreoffice" rev="7.6.1"/> - <dependency org="software.amazon.awssdk" name="s3" rev="2.20.155"/> + <dependency org="org.libreoffice" name="libreoffice" rev="7.6.7"/> + <dependency org="software.amazon.awssdk" name="s3" rev="2.26.24"/> <dependency org="org.antlr" name="antlr4-maven-plugin" rev="4.11.1"/> <dependency org="jakarta.servlet" name="jakarta.servlet-api" rev="6.0.0"/> <dependency org="org.osgi" name="osgi.core" rev="8.0.0"/> - <dependency org="org.junit.platform" name="junit-platform-launcher" rev="1.10.2"/> - <dependency org="org.junit.jupiter" name="junit-jupiter-api" rev="5.10.2"/> + <dependency org="org.junit.platform" name="junit-platform-launcher" rev="1.10.3"/> + <dependency org="org.junit.jupiter" name="junit-jupiter-api" rev="5.10.3"/> <dependency org="org.apache.derby" name="derby" rev="10.15.2.0"/> <dependency org="org.apache.derby" name="derbytools" rev="10.15.2.0"/> <dependency org="org.apache.derby" name="derbyshared" rev="10.15.2.0"/> - <dependency org="org.hsqldb" name="hsqldb" rev="2.7.2"/> - <dependency org="com.h2database" name="h2" rev="2.2.224"/> + <dependency org="org.hsqldb" name="hsqldb" rev="2.7.3"/> + <dependency org="com.h2database" name="h2" rev="2.3.230"/> <dependency org="gov.nist.math" name="jama" rev="1.0.3"/> <dependency org="net.sf.geographiclib" name="GeographicLib-Java" rev="2.0"/> </dependencies> diff --git a/settings.gradle.kts b/settings.gradle.kts index d86d91b196..794ea37440 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -61,19 +61,19 @@ dependencyResolutionManagement { create("libs") { library("geoapi", "org.opengis", "geoapi-pending") .version {strictly(geoapiVersion)} library("units", "javax.measure", "unit-api") .version {strictly("[2.1, 3.0["); prefer("2.1.3")} - library("jaxb.api", "jakarta.xml.bind", "jakarta.xml.bind-api").version {strictly("[4.0, 5.0["); prefer("4.0.1")} - library("jaxb.impl", "org.glassfish.jaxb", "jaxb-runtime") .version {strictly("[4.0, 5.0["); prefer("4.0.4")} + library("jaxb.api", "jakarta.xml.bind", "jakarta.xml.bind-api").version {strictly("[4.0, 5.0["); prefer("4.0.2")} + library("jaxb.impl", "org.glassfish.jaxb", "jaxb-runtime") .version {strictly("[4.0, 5.0["); prefer("4.0.5")} library("yasson", "org.eclipse", "yasson") .version {strictly("[3.0, 4.0["); prefer("3.0.3")} library("jts.core", "org.locationtech.jts", "jts-core") .version {strictly("[1.15, 2.0["); prefer("1.19.0")} library("esri.geometry", "com.esri.geometry", "esri-geometry-api") .version {strictly("[2.0, 3.0["); prefer("2.2.4")} - library("libreoffice", "org.libreoffice", "libreoffice") .version {strictly("[7.0, 8.0["); prefer("7.6.1")} + library("libreoffice", "org.libreoffice", "libreoffice") .version {strictly("[7.0, 8.0["); prefer("7.6.7")} library("ucar", "edu.ucar", "cdm-core") .version {strictly("[5.0, 6.0["); prefer("5.5.3")} - library("aws.s3", "software.amazon.awssdk", "s3") .version {strictly("[2.0, 3.0["); prefer("2.20.155")} + library("aws.s3", "software.amazon.awssdk", "s3") .version {strictly("[2.0, 3.0["); prefer("2.26.24")} } create("tests") { library("geoapi", "org.opengis", "geoapi-conformance") .version {strictly(geoapiVersion)} - library("junit5", "org.junit.jupiter", "junit-jupiter-api") .version {strictly("5.10.2")} - library("jupiter", "org.junit.jupiter", "junit-jupiter-engine") .version {strictly("5.10.2")} + library("junit5", "org.junit.jupiter", "junit-jupiter-api") .version {strictly("5.10.3")} + library("jupiter", "org.junit.jupiter", "junit-jupiter-engine") .version {strictly("5.10.3")} library("jama", "gov.nist.math", "jama") .version {strictly("1.0.3")} library("geographiclib", "net.sf.geographiclib", "GeographicLib-Java") .version {strictly("2.0")} library("slf4j", "org.slf4j", "slf4j-jdk14").version { @@ -85,11 +85,13 @@ dependencyResolutionManagement { strictly("[10.0, 11.0[") prefer("10.15.2.0") // 10.15 is the last series compatible with JDK 11. } + // Derby vulnerabiliy: https://nvd.nist.gov/vuln/detail/CVE-2022-46337 + // Fix would require an upgrade to Java 21. library("derby.core", "org.apache.derby", "derby") .versionRef("derby") library("derby.tools", "org.apache.derby", "derbytools") .versionRef("derby") - library("postgres", "org.postgresql", "postgresql") .version {prefer("42.6.0")} - library("hsql", "org.hsqldb", "hsqldb") .version {strictly("[2.0, 3.0["); prefer("2.7.2")} - library("h2", "com.h2database", "h2") .version {strictly("[2.0, 3.0["); prefer("2.2.224")} + library("postgres", "org.postgresql", "postgresql") .version {prefer("42.7.3")} + library("hsql", "org.hsqldb", "hsqldb") .version {strictly("[2.0, 3.0["); prefer("2.7.3")} + library("h2", "com.h2database", "h2") .version {strictly("[2.0, 3.0["); prefer("2.3.230")} } } }