Author: gk Date: Tue Oct 10 09:20:42 2023 New Revision: 1912855 URL: http://svn.apache.org/viewvc?rev=1912855&view=rev Log: - Updating build dependencies after owasp test failure. - update in torque generator org.eclipse.jgit from 5.13.0.202109080827-r to 6.6.1.202309021850-r - suppress CVE-2022-40160 CVE-2022-40159 found be invalid and CVE-2022-41852 as rejected for commons-jx-path. - updating changes.xml in torque-generator and torque-runtime
Modified: db/torque/trunk/pom.xml db/torque/trunk/suppression-owasp-fp.xml db/torque/trunk/torque-ant-tasks/pom.xml db/torque/trunk/torque-generator/pom.xml db/torque/trunk/torque-generator/src/changes/changes.xml db/torque/trunk/torque-maven-plugin/pom.xml db/torque/trunk/torque-runtime/src/changes/changes.xml Modified: db/torque/trunk/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/pom.xml (original) +++ db/torque/trunk/pom.xml Tue Oct 10 09:20:42 2023 @@ -360,7 +360,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> - <version>2.9.0</version> + <version>2.10.0</version> </dependency> <dependency> @@ -372,7 +372,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> - <version>3.12.0</version> + <version>3.13.0</version> </dependency> <dependency> @@ -384,7 +384,8 @@ <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> - <version>4.2.0</version> + <!-- 5 requires java 11 --> + <version>5.5.0</version> <scope>test</scope> </dependency> @@ -469,7 +470,7 @@ <dependency> <groupId>org.xmlunit</groupId> <artifactId>xmlunit-core</artifactId> - <version>2.8.4</version> + <version>2.9.1</version> <scope>test</scope> </dependency> @@ -505,7 +506,7 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <!-- with error https://issues.apache.org/jira/browse/MPMD-325 and workaround --> - <version>3.15.0</version> + <version>3.21.0</version> <configuration> <linkXRef>true</linkXRef> <targetJdk>${maven.compiler.target}</targetJdk> @@ -514,19 +515,19 @@ <dependency> <groupId>org.ow2.asm</groupId> <artifactId>asm</artifactId> - <version>9.2</version> + <version>9.6</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jxr-plugin</artifactId> - <version>3.1.1</version> + <version>3.3.0</version> </plugin> <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> - <version>4.7.2.1</version> + <version>4.7.3.6</version> <dependencies> <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs --> <dependency> @@ -542,7 +543,7 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> - <version>3.0.0</version> + <version>3.4.1</version> <executions> <execution> <id>enforce-maven</id> @@ -562,12 +563,12 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> - <version>3.1.2</version> + <version>3.3.0</version> <dependencies> <dependency> <groupId>com.puppycrawl.tools</groupId> <artifactId>checkstyle</artifactId> - <version>8.45.1</version> + <version>10.12.4</version> </dependency> </dependencies> </plugin> @@ -579,17 +580,17 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> - <version>3.0.0</version> + <version>3.1.2</version> </plugin> <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> - <version>8.2.1</version> + <version>8.4.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-site-plugin</artifactId> - <version>3.10.0</version> + <version>3.12.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -870,15 +871,15 @@ <maven.compiler.target>11</maven.compiler.target> <dependency.check.skip>true</dependency.check.skip> - <junit.jupiter.version>5.8.2</junit.jupiter.version> - <junit.launcher.version>1.8.2</junit.launcher.version> + <junit.jupiter.version>5.10.0</junit.jupiter.version> + <junit.launcher.version>1.10.0</junit.launcher.version> <log4j2.version>2.20.0</log4j2.version> <torque.compiler.fork>false</torque.compiler.fork> <torque.compiler.compilerVersion>11</torque.compiler.compilerVersion> <!--suppress UnresolvedMavenProperty --> <torque.compiler.javac>${JAVA_HOME}/bin/javac</torque.compiler.javac> - <!-- derby 10.15 requires java 11, 10.16 requries java 12 --> + <!-- derby 10.15 requires java 9 (11), 10.16.1.1 requires java 17 --> <derby.version>10.15.2.0</derby.version> <project.build.outputTimestamp>1</project.build.outputTimestamp> Modified: db/torque/trunk/suppression-owasp-fp.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/suppression-owasp-fp.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/suppression-owasp-fp.xml (original) +++ db/torque/trunk/suppression-owasp-fp.xml Tue Oct 10 09:20:42 2023 @@ -40,4 +40,25 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> + <suppress> + <notes><![CDATA[ + file name: commons-jxpath-1.3.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> + <cve>CVE-2022-40159</cve> + </suppress> + <suppress> + <notes><![CDATA[ + file name: commons-jxpath-1.3.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> + <cve>CVE-2022-40160</cve> + </suppress> + <suppress> + <notes><![CDATA[ + file name: commons-jxpath-1.3.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> + <vulnerabilityName>CVE-2022-41852</vulnerabilityName> + </suppress> </suppressions> \ No newline at end of file Modified: db/torque/trunk/torque-ant-tasks/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-ant-tasks/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/torque-ant-tasks/pom.xml (original) +++ db/torque/trunk/torque-ant-tasks/pom.xml Tue Oct 10 09:20:42 2023 @@ -62,11 +62,6 @@ <artifactId>commons-io</artifactId> <scope>test</scope> </dependency> - <!--dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-lang3</artifactId> - <version>3.9</version> - </dependency--> <dependency> <groupId>org.apache.derby</groupId> <artifactId>derby</artifactId> Modified: db/torque/trunk/torque-generator/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/torque-generator/pom.xml (original) +++ db/torque/trunk/torque-generator/pom.xml Tue Oct 10 09:20:42 2023 @@ -42,7 +42,7 @@ <dependency> <groupId>org.eclipse.jgit</groupId> <artifactId>org.eclipse.jgit</artifactId> - <version>5.13.0.202109080827-r</version> + <version>6.7.0.202309050840-r</version> </dependency> <dependency> @@ -162,14 +162,8 @@ </exclusions> </dependency> <!-- - java 11 has org.xml packages, which conflicts without expicit settings: removed xerces - --> - <!--dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <version>2.12.1</version> - </dependency--> - + java 11 has org.xml packages, which conflicts without expicit settings: removed xerces xercesImpl + --> <dependency> <groupId>org.xmlunit</groupId> <artifactId>xmlunit-core</artifactId> Modified: db/torque/trunk/torque-generator/src/changes/changes.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/src/changes/changes.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/torque-generator/src/changes/changes.xml (original) +++ db/torque/trunk/torque-generator/src/changes/changes.xml Tue Oct 10 09:20:42 2023 @@ -21,8 +21,15 @@ <properties> <title>Changes</title> </properties> - <body> - <release version="5.1-SNAPSHOT" date="in SVN"> + <body> <release version="5.2-SNAPSHOT" date="in SVN"> + <action type="update" dev="gk"> + dependencies: eclipse-jgit 6.7.0.202309050840-r + </action> + <action type="fix" dev="gk" issue="TORQUE-361"> + Class loader issue fix, Thanks for the report to Max Philipp Wriedt. + </action> + </release> + <release version="5.1" date="2022-01-05"> <action type="update" dev="gk"> dependencies: eclipse-jgit 5.13.0.202109080827, velocity 2.3, groovy-all 3.0.7, xerces 2.12.1, xmlunit-core 2.8.3 </action> Modified: db/torque/trunk/torque-maven-plugin/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-maven-plugin/pom.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/torque-maven-plugin/pom.xml (original) +++ db/torque/trunk/torque-maven-plugin/pom.xml Tue Oct 10 09:20:42 2023 @@ -58,7 +58,7 @@ <dependency> <groupId>org.apache.maven.plugin-tools</groupId> <artifactId>maven-plugin-annotations</artifactId> - <version>3.6.2</version> + <version>3.9.0</version> <!-- annotations are not used at runtime because @Retention(value=CLASS), they are needed only to build the plugin --> <optional>true</optional> <exclusions> @@ -69,13 +69,8 @@ </exclusions> </dependency> <!-- - java 11 has org.xml packages, removed xerces + java 11 has org.xml packages, removed xerces xercesImpl --> - <!--dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <version>2.12.1</version> - </dependency--> <dependency> <groupId>commons-io</groupId> @@ -134,13 +129,13 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-plugin-plugin</artifactId> - <version>3.6.2</version> + <version>3.9.0</version> </plugin> </plugins> </reporting> <properties> - <maven.api.version>3.8.4</maven.api.version> + <maven.api.version>3.9.5</maven.api.version> </properties> </project> Modified: db/torque/trunk/torque-runtime/src/changes/changes.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-runtime/src/changes/changes.xml?rev=1912855&r1=1912854&r2=1912855&view=diff ============================================================================== --- db/torque/trunk/torque-runtime/src/changes/changes.xml (original) +++ db/torque/trunk/torque-runtime/src/changes/changes.xml Tue Oct 10 09:20:42 2023 @@ -21,8 +21,15 @@ <properties> <title>Changes</title> </properties> - <body> - <release version="5.1-SNAPSHOT" date="in SVN"> + <body> <release version="5.2-SNAPSHOT" date="in SVN"> + <action type="add" dev="gk"> + Support for Mariadb driver (default to mysql behaviour) + </action> + <action type="fix" dev="gk" issue="TORQUE-363"> + Criterion "is Null" fix, Thanks for the report to Max Philipp Wriedt. + </action> + </release> + <release version="5.1" date="2022-01-05"> <action type="change" dev="painter">Adding AvgHelper which works similarly to the CountHelper util for providing extra criteria to the Avg function </action> </release> --------------------------------------------------------------------- To unsubscribe, e-mail: torque-dev-unsubscr...@db.apache.org For additional commands, e-mail: torque-dev-h...@db.apache.org