Michael Brohl created OFBIZ-9674:
------------------------------------
Summary: Update build.gradle to the latest dependencies
Key: OFBIZ-9674
URL: https://issues.apache.org/jira/browse/OFBIZ-9674
Project: OFBiz
Issue Type: Improvement
Components: ALL COMPONENTS
Affects Versions: Trunk
Reporter: Michael Brohl
Assignee: Michael Brohl
Priority: Minor
I wondered how up-to-date our project dependencies are and searched for an
efficient way how to check this. I found the gradle-versions-plugin [1] which
analyzes the dependencies and checks if there are newer versions available.
I ran the check with
{code:java}
./gradlew dependencyUpdates -Drevision=release
{code}
and got the following result:
------------------------------------------------------------
: Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- net.sf.barcode4j:barcode4j:2.1
- net.sf.barcode4j:barcode4j-fop-ext:2.1
- org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
- org.apache.commons:commons-collections4:4.1
- com.googlecode.ez-vcard:ez-vcard:0.9.10
- org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
- org.apache.geronimo.components:geronimo-transaction:3.1.4
- at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
- com.github.ben-manes:gradle-versions-plugin:0.15.0
- org.hamcrest:hamcrest-all:1.3
- net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
- javax.el:javax.el-api:3.0.1-b04
- de.odysseus.juel:juel-impl:2.2.7
- de.odysseus.juel:juel-spi:2.2.7
- junit:junit:4.12
- oro:oro:2.0.8
- apache-xerces:xercesImpl:2.9.1
The following dependencies exceed the version found at the release revision
level:
- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
[20160628.1 <- 1.1]
The following dependencies have later release versions:
- org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
- org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
- org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
- org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
- org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
- commons-cli:commons-cli [1.3.1 -> 1.4]
- org.apache.commons:commons-csv [1.1 -> 1.5]
- org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
- commons-net:commons-net [3.3 -> 3.6]
- commons-validator:commons-validator [1.5.1 -> 1.6]
- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 ->
1.4.2]
- com.google.zxing:core [3.2.1 -> 3.3.0]
- org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
- org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
- org.apache.xmlgraphics:fop [2.1 -> 2.2]
- org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
- org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
- org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
- com.ibm.icu:icu4j [57.1 -> 59.1]
- com.lowagie:itext [2.1.7 -> 4.2.2]
- org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
- com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
- javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
- javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
- junit:junit-dep [4.10 -> 4.11]
- com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
- org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
- org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
- org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
- org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
- org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
- org.mockito:mockito-core [1.10.19 -> 2.9.0]
- org.apache.poi:poi [3.14 -> 3.17-beta1]
- org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
- org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
- org.apache.tika:tika-core [1.12 -> 1.16]
- org.apache.tika:tika-parsers [1.12 -> 1.16]
- org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
- org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
- org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
- org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
- wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
- org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
- org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
- com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]
Failed to determine the latest version for the following dependencies (use
--info for details):
- com.sun.syndication:com.springsource.com.sun.syndication
- org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec
Generated report file build/dependencyUpdates/report.txt
===
If there are no objections, I would try to update the dependencies to the
latest release versions, which means I would skip the milestone versions for
e.g. Tomcat here.
We can run this check from time to time to see if we have missed updates to the
dependencies.
What do you think? Is this reasonable?
Thanks,
Michael
[1] https://github.com/ben-manes/gradle-versions-plugin
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
