[
https://issues.apache.org/jira/browse/WW-5067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082112#comment-17082112
]
ASF subversion and git services commented on WW-5067:
-----------------------------------------------------
Commit 77cfae3084dbf789afcbae38f2f5fa71e06810ee in struts's branch
refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=77cfae3 ]
Proposed WW-5067 change.
------
Proposed list of library version updates:
---
- cdi-api 1.0-SP4 -> 1.2
- weld-core 1.0.1-SP4 -> 2.2.16.SP1
- weld-se 1.0.1-Final -> weld-se-core 2.2.16.SP1
- slf4j-api 1.7.28 -> 1.7.30
- slf4j-simple 1.7.28 -> 1.7.30
- jackson 2.10.0 -> 2.10.3
- ognl 3.1.26 -> 3.1.28
- asm 7.1 -> 7.3.1
- spring 4.3.25.RELEASE -> 4.3.26.RELEASE
- freemarker 2.3.28 -> 2.3.30
- org.apache.felix.main 4.6.1 -> 6.0.3
---
Proposed list of Maven plugin version updates:
---
- doxia-core 1.8 -> 1.9.1
- doxia-module-markdown 1.7 -> 1.9.1
- maven-project-info-reports-plugin 2.7 -> 3.0.0
- updateimpact-maven-plugin 1.0.10 -> 1.0.12
- maven-surefire-plugin 2.22.1 -> 3.0.0-M4
- maven-war-plugin 2.1 -> 3.2.3
- maven-dependency-plugin 2.10 -> 3.1.2
- dependency-check-maven 3.3.4 -> 5.3.2
Note: Unable to upgrade maven-bundle-plugin past 2.1.0 as it introduced
OOM during JDK7 builds with default heap settings.
---
> Update multiple Struts 2.5.x libraries / Maven build plugin versions
> --------------------------------------------------------------------
>
> Key: WW-5067
> URL: https://issues.apache.org/jira/browse/WW-5067
> Project: Struts 2
> Issue Type: Dependency
> Components: Build Management, Other
> Affects Versions: 2.5.22
> Environment: All
> Reporter: James Chaplin
> Priority: Minor
> Labels: build
> Fix For: 2.5.23
>
>
> Hello Apache Struts Team.
> This Jira is to track proposed introduction of newer (believed to be
> compatible) library versions for the Struts 2.5.x line, as well as newer
> (believed to be compatible) Maven build plugin versions for the build.
> Modifications to some pom.xml build files will be all that is required.
> As no code changes are involved, the risk should be pretty low and end-users
> could manually back-level any problematic jars if issues arise. If any Maven
> build plugin version change presents an issue it can be easily reverted in
> the PR.
> The proposed list of library version updates is:
> ------
> * cdi-api 1.0-SP4 -> 1.2
> * weld-core 1.0.1-SP4 -> 2.2.16.SP1
> * weld-se 1.0.1-Final -> weld-se-core 2.2.16.SP1
> * slf4j-api 1.7.28 -> 1.7.30
> * slf4j-simple 1.7.28 -> 1.7.30
> * jackson 2.10.0 -> 2.10.3
> * ognl 3.1.26 -> 3.1.28
> * asm 7.1 -> 7.3.1
> * spring 4.3.25.RELEASE -> 4.3.26.RELEASE
> * freemarker 2.3.28 -> 2.3.30
> * org.apache.felix.main 4.6.1 -> 6.0.3
> ------
> The proposed list of Maven plugin version updates is:
> ------
> * doxia-core 1.8 -> 1.9.1
> * doxia-module-markdown 1.7 -> 1.9.1
> * maven-project-info-reports-plugin 2.7 -> 3.0.0
> * updateimpact-maven-plugin 1.0.10 -> 1.0.12
> * maven-surefire-plugin 2.22.1 -> 3.0.0-M4
> * maven-war-plugin 2.1 -> 3.2.3
> * maven-dependency-plugin 2.10 -> 3.1.2
> * dependency-check-maven 3.3.4 -> 5.3.2
> Note: Unable to upgrade maven-bundle-plugin past 2.1.0 as it introduced OOM
> during JDK7 builds with default heap settings.
> ------
> A PR for this proposal should be available shortly for review.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
