yesamer commented on code in PR #3454:
URL:
https://github.com/apache/incubator-kie-tools/pull/3454#discussion_r2833112495
##########
packages/dev-deployment-quarkus-blank-app/pom.xml:
##########
@@ -60,13 +60,13 @@
<version.org.iq80.snappy>0.5</version.org.iq80.snappy>
<version.commons-io>2.16.1</version.commons-io>
<version.com.google.protobuf>3.25.5</version.com.google.protobuf>
- <version.io.netty>4.1.129.Final</version.io.netty>
+ <version.io.netty>4.1.130.Final</version.io.netty>
<!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities.
They need to be checked with Quarkus and Spring Boot upgrades and
eventually removed, if they are not needed anymore. -->
<version.angus.mail>2.0.5</version.angus.mail>
- <version.nimbus.jose.jwt>9.37.4</version.nimbus.jose.jwt>
- <version.io.vertx>4.5.22</version.io.vertx>
+ <version.nimbus.jose.jwt>10.4.2</version.nimbus.jose.jwt>
+ <version.io.vertx>4.5.23</version.io.vertx>
Review Comment:
@nrknithin As the comment explain, those dependencies are transitive
dependencies declared just to fix CVEs. That means are not directly used in the
code. I guess we can remove
```
<version.nimbus.jose.jwt>10.4.2</version.nimbus.jose.jwt>
<version.io.vertx>4.5.23</version.io.vertx>
```
declaration at all.
Can you please check if now the <version.angus.mail> transitively imports
2.0.5 or higher? In that case, you can remove
<version.angus.mail>2.0.5</version.angus.mail> as well. If not, please keep it.
After removing them PLEASE CHECK if the transitively iimported version is
the expected one!!!
Thanks!
##########
packages/serverless-workflow-vscode-extension/e2e-tests/resources/greeting-flow/pom.xml:
##########
@@ -28,11 +28,11 @@
<version>1.0</version>
<properties>
<compiler-plugin.version>3.13.0</compiler-plugin.version>
- <maven.compiler.release>11</maven.compiler.release>
+ <maven.compiler.release>17</maven.compiler.release>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
- <version.quarkus>2.13.1.Final</version.quarkus>
+ <version.quarkus>3.27.2</version.quarkus>
<skipITs>true</skipITs>
<surefire-plugin.version>3.0.0-M7</surefire-plugin.version>
Review Comment:
@nrknithin Can you please update this old surefire version (3.5.0)?
##########
packages/dev-deployment-quarkus-blank-app/pom.xml:
##########
@@ -60,13 +60,13 @@
<version.org.iq80.snappy>0.5</version.org.iq80.snappy>
<version.commons-io>2.16.1</version.commons-io>
Review Comment:
@nrknithin We updated that version to 2.20.0 in drools.
https://github.com/apache/incubator-kie-drools/pull/6575/changes#diff-150bdf617c2dc80dc5a9d5f1313f44a73950a96ca7b166b79a35b15f4c84f193R58
Please check all dependencies for consistency with drools and runtimes repos.
##########
packages/maven-base/pom.xml:
##########
@@ -122,31 +122,31 @@
<version.maven.surefire.plugin>3.5.0</version.maven.surefire.plugin>
<!-- Apache KIE -->
- <version.org.kie.kogito>999-20260206-local</version.org.kie.kogito>
+ <version.org.kie.kogito>999-20260220-local</version.org.kie.kogito>
<!-- Quarkus -->
- <version.quarkus>3.20.3</version.quarkus>
+ <version.quarkus>3.27.2</version.quarkus>
<!-- 3rd party dependencies -->
<version.junit>4.13.2</version.junit>
<version.org.apache.commons.commons-compress>1.27.1</version.org.apache.commons.commons-compress>
<version.org.iq80.snappy>0.5</version.org.iq80.snappy>
- <version.org.apache.mime4j>0.8.11</version.org.apache.mime4j>
+ <version.org.apache.mime4j>0.8.12</version.org.apache.mime4j>
<version.org.freemarker>2.3.32</version.org.freemarker>
Review Comment:
@nrknithin This should be 2.3.34
https://github.com/apache/incubator-kie-drools/pull/6575/changes#diff-150bdf617c2dc80dc5a9d5f1313f44a73950a96ca7b166b79a35b15f4c84f193R98
##########
packages/maven-base/pom.xml:
##########
@@ -122,31 +122,31 @@
<version.maven.surefire.plugin>3.5.0</version.maven.surefire.plugin>
<!-- Apache KIE -->
- <version.org.kie.kogito>999-20260206-local</version.org.kie.kogito>
+ <version.org.kie.kogito>999-20260220-local</version.org.kie.kogito>
<!-- Quarkus -->
- <version.quarkus>3.20.3</version.quarkus>
+ <version.quarkus>3.27.2</version.quarkus>
<!-- 3rd party dependencies -->
<version.junit>4.13.2</version.junit>
<version.org.apache.commons.commons-compress>1.27.1</version.org.apache.commons.commons-compress>
<version.org.iq80.snappy>0.5</version.org.iq80.snappy>
- <version.org.apache.mime4j>0.8.11</version.org.apache.mime4j>
+ <version.org.apache.mime4j>0.8.12</version.org.apache.mime4j>
<version.org.freemarker>2.3.32</version.org.freemarker>
<version.org.assertj>3.27.7</version.org.assertj>
<version.org.junit.jupiter>5.12.2</version.org.junit.jupiter>
<version.org.mockito>4.11.0</version.org.mockito>
<version.org.kie.j2cl.tools.yaml.mapper>0.4</version.org.kie.j2cl.tools.yaml.mapper>
- <version.io.netty>4.1.129.Final</version.io.netty>
+ <version.io.netty>4.1.130.Final</version.io.netty>
<!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities.
They need to be checked with Quarkus and Spring Boot upgrades and
eventually removed, if they are not needed anymore. -->
- <version.tomcat.embed.core>10.1.48</version.tomcat.embed.core>
+ <version.tomcat.embed.core>10.1.50</version.tomcat.embed.core>
<version.apache.commons.lang3>3.18.0</version.apache.commons.lang3>
<version.angus.mail>2.0.5</version.angus.mail>
- <version.nimbus.jose.jwt>9.37.4</version.nimbus.jose.jwt>
- <version.io.vertx>4.5.22</version.io.vertx>
- <version.org.lz4.java>1.8.1</version.org.lz4.java>
+ <version.nimbus.jose.jwt>10.4.2</version.nimbus.jose.jwt>
+ <version.io.vertx>4.5.23</version.io.vertx>
+ <version.at.yawk.lz4.java>1.10.1</version.at.yawk.lz4.java>
Review Comment:
@nrknithin Same of
https://github.com/apache/incubator-kie-tools/pull/3454/changes#r2833112495 .
All updated versions could be removed.
After removing them PLEASE CHECK if the transitively imported version is the
expected one!!!
Thanks!
##########
packages/maven-base/pom.xml:
##########
@@ -122,31 +122,31 @@
<version.maven.surefire.plugin>3.5.0</version.maven.surefire.plugin>
<!-- Apache KIE -->
- <version.org.kie.kogito>999-20260206-local</version.org.kie.kogito>
+ <version.org.kie.kogito>999-20260220-local</version.org.kie.kogito>
<!-- Quarkus -->
- <version.quarkus>3.20.3</version.quarkus>
+ <version.quarkus>3.27.2</version.quarkus>
<!-- 3rd party dependencies -->
<version.junit>4.13.2</version.junit>
<version.org.apache.commons.commons-compress>1.27.1</version.org.apache.commons.commons-compress>
<version.org.iq80.snappy>0.5</version.org.iq80.snappy>
- <version.org.apache.mime4j>0.8.11</version.org.apache.mime4j>
+ <version.org.apache.mime4j>0.8.12</version.org.apache.mime4j>
<version.org.freemarker>2.3.32</version.org.freemarker>
<version.org.assertj>3.27.7</version.org.assertj>
<version.org.junit.jupiter>5.12.2</version.org.junit.jupiter>
Review Comment:
@nrknithin This should be 5.13.4
https://github.com/apache/incubator-kie-drools/pull/6575/changes#diff-150bdf617c2dc80dc5a9d5f1313f44a73950a96ca7b166b79a35b15f4c84f193R124
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
