svn commit: r1882459 - in /turbine/fulcrum/trunk: intake/pom.xml quartz/pom.xml testcontainer/pom.xml yaafi-crypto/pom.xml

Tue, 13 Oct 2020 05:46:37 -0700 

Author: gk
Date: Tue Oct 13 12:45:50 2020
New Revision: 1882459

URL: http://svn.apache.org/viewvc?rev=1882459&view=rev
Log:
- update jaxb to allow java 9+ to suppress illegal reflection access
- update junit to 4.13.1
- use quartz v.2.3.2 due to CVE-2019-13990
- update yaafi-crypto/pom.xml to use testcontainer snapshot dependency

Modified:
    turbine/fulcrum/trunk/intake/pom.xml
    turbine/fulcrum/trunk/quartz/pom.xml
    turbine/fulcrum/trunk/testcontainer/pom.xml
    turbine/fulcrum/trunk/yaafi-crypto/pom.xml

Modified: turbine/fulcrum/trunk/intake/pom.xml
URL: 
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/intake/pom.xml?rev=1882459&r1=1882458&r2=1882459&view=diff
==============================================================================
--- turbine/fulcrum/trunk/intake/pom.xml (original)
+++ turbine/fulcrum/trunk/intake/pom.xml Tue Oct 13 12:45:50 2020
@@ -82,10 +82,17 @@
 
   <dependencies>
        <dependency>
-           <groupId>com.sun.xml.bind</groupId>
-           <artifactId>jaxb-impl</artifactId>
-           <version>2.1.2</version>
-       </dependency>
+        <groupId>jakarta.xml.bind</groupId>
+        <artifactId>jakarta.xml.bind-api</artifactId>
+        <version>2.3.3</version>
+    </dependency>
+    <dependency>
+        <groupId>com.sun.xml.bind</groupId>
+        <artifactId>jaxb-impl</artifactId>
+        <version>2.3.3</version>
+        <scope>runtime</scope>
+    </dependency>
+
 
     <dependency>
       <groupId>org.apache.avalon.framework</groupId>

Modified: turbine/fulcrum/trunk/quartz/pom.xml
URL: 
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/quartz/pom.xml?rev=1882459&r1=1882458&r2=1882459&view=diff
==============================================================================
--- turbine/fulcrum/trunk/quartz/pom.xml (original)
+++ turbine/fulcrum/trunk/quartz/pom.xml Tue Oct 13 12:45:50 2020
@@ -87,11 +87,11 @@
                        <artifactId>avalon-framework-api</artifactId>
                        <version>4.3.1</version>
                </dependency>
-    <!-- 2.3.1 fixes https://github.com/quartz-scheduler/quartz/issues/316 -->
+    <!-- 2.3.1 fixes https://github.com/quartz-scheduler/quartz/issues/316 , 
resolve CVE-2019-13990-->
                <dependency>
                        <groupId>org.quartz-scheduler</groupId>
                        <artifactId>quartz</artifactId>
-                       <version>2.3.1</version>
+                       <version>2.3.2</version>
                </dependency>
                <dependency>
                        <groupId>org.quartz-scheduler</groupId>

Modified: turbine/fulcrum/trunk/testcontainer/pom.xml
URL: 
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/testcontainer/pom.xml?rev=1882459&r1=1882458&r2=1882459&view=diff
==============================================================================
--- turbine/fulcrum/trunk/testcontainer/pom.xml (original)
+++ turbine/fulcrum/trunk/testcontainer/pom.xml Tue Oct 13 12:45:50 2020
@@ -58,7 +58,7 @@
                <dependency>
                        <groupId>junit</groupId>
                        <artifactId>junit</artifactId>
-                       <version>4.13</version>
+                       <version>4.13.1</version>
                </dependency>
         <dependency>
           <groupId>org.junit.jupiter</groupId>
@@ -71,11 +71,13 @@
                        <groupId>org.junit.platform</groupId>
                        <artifactId>junit-platform-runner</artifactId>
                        <version>${junit.platform}</version>
+             <scope>test</scope>
                </dependency>
                <dependency>
                        <groupId>org.junit.platform</groupId>
                        <artifactId>junit-platform-launcher</artifactId>
                        <version>${junit.platform}</version>
+            <scope>test</scope>
                </dependency>
 
                <!-- Needed if testing with YAAFI -->

Modified: turbine/fulcrum/trunk/yaafi-crypto/pom.xml
URL: 
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/pom.xml?rev=1882459&r1=1882458&r2=1882459&view=diff
==============================================================================
--- turbine/fulcrum/trunk/yaafi-crypto/pom.xml (original)
+++ turbine/fulcrum/trunk/yaafi-crypto/pom.xml Tue Oct 13 12:45:50 2020
@@ -71,30 +71,12 @@
 
   <dependencies>
     <!-- testing dependencies -->
-       <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <version>5.6.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-                       <groupId>junit</groupId>
-                       <artifactId>junit</artifactId>
-                       <version>4.13</version>
-              <scope>test</scope>
-               </dependency>
-        <dependency>
-            <groupId>org.apache.fulcrum</groupId>
-            <artifactId>fulcrum-testcontainer</artifactId>
-            <version>1.0.8</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-            <scope>test</scope>
-      </dependency>
+    <dependency>
+         <groupId>org.apache.fulcrum</groupId>
+         <artifactId>fulcrum-testcontainer</artifactId>
+         <version>1.0.9-SNAPSHOT</version>
+         <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-core</artifactId>

Reply via email to