[jira] [Work logged] (WW-5532) Upgrade and align various dependencies

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/WW-5532?focusedWorklogId=958596&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-958596
 ]

ASF GitHub Bot logged work on WW-5532:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Feb/25 01:40
            Start Date: 25/Feb/25 01:40
    Worklog Time Spent: 10m 
      Work Description: kusalk commented on code in PR #1232:
URL: https://github.com/apache/struts/pull/1232#discussion_r1968683115


##########
pom.xml:
##########
@@ -900,52 +806,12 @@
             </dependency>
 
             <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-core</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-databind</artifactId>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
                 <version>${jackson.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
             </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.dataformat</groupId>
-                <artifactId>jackson-dataformat-xml</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>org.apache.juneau</groupId>
-                <artifactId>juneau-marshall</artifactId>
-                <version>8.1.3</version>
-            </dependency>

Review Comment:
   I moved version management for dependencies that are specific to only 1 
plugin and are unlikely to ever be needed elsewhere as I thought it made the 
root POM slightly neater. I did the same with the Weld dependencies which are 
specific to the CDI plugin.
   
   But I don't have a strong opinion here and am happy to revert these specific 
changes, let me know what your preference is 🙂 
   
   It'd be good to be consistent though, so if we decide to keep them in the 
root POM, I'd like to version manage the other dependencies that are currently 
only defined in their plugins (e.g. `org.jfree:jfreechart`, 
`net.sf.jasperreports:jasperreports` and any others).





Issue Time Tracking
-------------------

    Worklog Id:     (was: 958596)
    Time Spent: 1h 20m  (was: 1h 10m)

> Upgrade and align various dependencies
> --------------------------------------
>
>                 Key: WW-5532
>                 URL: https://issues.apache.org/jira/browse/WW-5532
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 7.0.3
>            Reporter: Kusal Kithul-Godage
>            Priority: Minor
>             Fix For: 7.1.0
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Dependencies:
>  * Spring: {{6.0.13}} -> {{6.2.3}}
>  * Hibernate-Validator: {{8.0.1.Final}} -> {{8.0.2.Final}}
> Adopt BOMs:
>  * {{jakarta.platform:jakarta.jakartaee-bom}}
>  * {{org.springframework:spring-framework-bom}}
>  * {{org.apache.logging.log4j:log4j-bom}}
>  * {{com.fasterxml.jackson:jackson-bom}}
> Test dependencies:
>  * ByteBuddy: {{1.16.1}} -> {{1.17.1}}
>  * Mockito: {{5.8.0}} -> {{5.15.2}}
>  * AssertJ: {{3.26.3}} -> {{3.27.3}}
>  * TestNG: {{7.5.1}} -> {{7.11.0}}
> Remove or minimise usages of test dependencies:
>  * {{org.springframework:spring-test:4.3.0.RELEASE}} -> 
> {{com.github.h-thurow:simple-jndi}}
>  * EasyMock
>  * Mockobjects



--
This message was sent by Atlassian Jira
(v8.20.10#820010)