(royale-compiler) branch develop updated: royale-maven-plugin: update Velocity Engine to 2.3

Thu, 20 Jun 2024 13:42:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

joshtynjala pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/royale-compiler.git


The following commit(s) were added to refs/heads/develop by this push:
     new 0a7d2f2c7 royale-maven-plugin: update Velocity Engine to 2.3
0a7d2f2c7 is described below

commit 0a7d2f2c75aa323c3a7b9f7369cc1a1f99f7dd60
Author: Josh Tynjala <[email protected]>
AuthorDate: Thu Jun 20 13:41:48 2024 -0700

    royale-maven-plugin: update Velocity Engine to 2.3
    
    Was on 1.7, which had a high severity security vulnerability.
    
    Followed upgrade advice in 
https://velocity.apache.org/engine/2.0/upgrading.html
---
 royale-maven-plugin/pom.xml                                           | 4 ++--
 .../src/main/java/org/apache/royale/maven/BaseMojo.java               | 3 +++
 .../src/main/java/org/apache/royale/maven/CompileTestsMojo.java       | 3 +++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/royale-maven-plugin/pom.xml b/royale-maven-plugin/pom.xml
index 29dbdc509..38348a7ba 100644
--- a/royale-maven-plugin/pom.xml
+++ b/royale-maven-plugin/pom.xml
@@ -56,8 +56,8 @@
     <!-- Apache Velocity templating engine for generating config files -->
     <dependency>
       <groupId>org.apache.velocity</groupId>
-      <artifactId>velocity</artifactId>
-      <version>1.7</version>
+      <artifactId>velocity-engine-core</artifactId>
+      <version>2.3</version>
     </dependency>
 
     <dependency>
diff --git 
a/royale-maven-plugin/src/main/java/org/apache/royale/maven/BaseMojo.java 
b/royale-maven-plugin/src/main/java/org/apache/royale/maven/BaseMojo.java
index 79e455246..e929f337a 100644
--- a/royale-maven-plugin/src/main/java/org/apache/royale/maven/BaseMojo.java
+++ b/royale-maven-plugin/src/main/java/org/apache/royale/maven/BaseMojo.java
@@ -331,6 +331,9 @@ public abstract class BaseMojo
         VelocityEngine velocityEngine = new VelocityEngine();
         velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, 
"classpath");
         velocityEngine.setProperty("classpath.resource.loader.class", 
ClasspathResourceLoader.class.getName());
+        velocityEngine.setProperty(RuntimeConstants.SPACE_GOBBLING, "bc");
+        velocityEngine.setProperty("directive.if.emptycheck", false);
+        velocityEngine.setProperty("runtime.conversion.handler", "none");
         velocityEngine.init();
         VelocityContext context = getVelocityContext();
         
diff --git 
a/royale-maven-plugin/src/main/java/org/apache/royale/maven/CompileTestsMojo.java
 
b/royale-maven-plugin/src/main/java/org/apache/royale/maven/CompileTestsMojo.java
index fd215058a..3108a5798 100644
--- 
a/royale-maven-plugin/src/main/java/org/apache/royale/maven/CompileTestsMojo.java
+++ 
b/royale-maven-plugin/src/main/java/org/apache/royale/maven/CompileTestsMojo.java
@@ -226,6 +226,9 @@ public class CompileTestsMojo extends BaseMojo {
         VelocityEngine velocityEngine = new VelocityEngine();
         velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, 
"classpath");
         velocityEngine.setProperty("classpath.resource.loader.class", 
ClasspathResourceLoader.class.getName());
+        velocityEngine.setProperty(RuntimeConstants.SPACE_GOBBLING, "bc");
+        velocityEngine.setProperty("directive.if.emptycheck", false);
+        velocityEngine.setProperty("runtime.conversion.handler", "none");
         velocityEngine.init();
                VelocityContext context = 
getTestsApplicationVelocityContext(testQualifiedNames);
         File royaleUnitAppFile = new File(testGeneratedSrcDirectory, 
getRoyaleUnitApplicationOutputFileName());

Reply via email to