Author: gk Date: Thu Mar 28 12:59:14 2024 New Revision: 1916599 URL: http://svn.apache.org/viewvc?rev=1916599&view=rev Log: - Update dependencies. Minor updates for Commons-configuration2 to 2.10.1, commons-dbcp2 to 2.12.0, commons-lang3 to 3.14.0, commons-io to 2.15.1, mockito to 5.11.0. - Plugins pmd to 3.21.2, jxr to 3.3.2, spotbugs-mavdn-plugin to 4.8.3.1,spotbugs to 4.8.3, checkstyle to 3.3.1, compiler to 3.11.0, rat to 0.16.1 - set minimal maven version to 3.9.0 - suppress CVE-2022-41852/ and add preliminary fix in SourcePath - Site build fix (in root: mvn site post-site -rf :torque-site still throws xml error with workaround remove sections): Update torque-maven-plugin
Modified: db/torque/trunk/pom.xml db/torque/trunk/suppression-owasp-fp.xml db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java db/torque/trunk/torque-maven-plugin/pom.xml db/torque/trunk/torque-site/pom.xml Modified: db/torque/trunk/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff ============================================================================== --- db/torque/trunk/pom.xml (original) +++ db/torque/trunk/pom.xml Thu Mar 28 12:59:14 2024 @@ -342,7 +342,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-configuration2</artifactId> - <version>2.9.0</version> + <version>2.10.1</version> </dependency> <dependency> @@ -360,7 +360,7 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> - <version>2.10.0</version> + <version>2.12.0</version> </dependency> <dependency> @@ -372,20 +372,20 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> - <version>3.13.0</version> + <version>3.14.0</version> </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> - <version>2.11.0</version> + <version>2.15.1</version> </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <!-- 5 requires java 11 --> - <version>5.5.0</version> + <version>5.11.0</version> <scope>test</scope> </dependency> @@ -506,7 +506,7 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <!-- with error https://issues.apache.org/jira/browse/MPMD-325 and workaround --> - <version>3.21.0</version> + <version>3.21.2</version> <configuration> <linkXRef>true</linkXRef> <targetJdk>${maven.compiler.target}</targetJdk> @@ -522,18 +522,18 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jxr-plugin</artifactId> - <version>3.3.0</version> + <version>3.3.2</version> </plugin> <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> - <version>4.7.3.6</version> + <version>4.8.3.1</version> <dependencies> <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs --> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs</artifactId> - <version>4.7.3</version> + <version>4.8.3</version> </dependency> </dependencies> <configuration> @@ -553,7 +553,7 @@ <configuration> <rules> <requireMavenVersion> - <version>3.3.9</version> + <version>3.9.0</version> </requireMavenVersion> </rules> </configuration> @@ -563,19 +563,19 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-checkstyle-plugin</artifactId> - <version>3.3.0</version> + <version>3.3.1</version> <dependencies> <dependency> <groupId>com.puppycrawl.tools</groupId> <artifactId>checkstyle</artifactId> - <version>10.12.4</version> + <version>10.14.4</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>xml-maven-plugin</artifactId> - <version>1.0.2</version> + <version>1.1.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -595,7 +595,7 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> - <version>3.8.1</version> + <version>3.11.0</version> <configuration> <source>${maven.compiler.source}</source> <target>${maven.compiler.target}</target> @@ -608,7 +608,7 @@ </plugin> <plugin> <artifactId>maven-javadoc-plugin</artifactId> - <version>3.5.0</version> + <version>3.6.3</version> <configuration> <doclint>none</doclint> <source>${maven.compiler.source}</source> @@ -805,7 +805,7 @@ <plugin> <groupId>org.apache.rat</groupId> <artifactId>apache-rat-plugin</artifactId> - <version>0.13</version> + <version>0.16.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> Modified: db/torque/trunk/suppression-owasp-fp.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/suppression-owasp-fp.xml?rev=1916599&r1=1916598&r2=1916599&view=diff ============================================================================== --- db/torque/trunk/suppression-owasp-fp.xml (original) +++ db/torque/trunk/suppression-owasp-fp.xml Thu Mar 28 12:59:14 2024 @@ -20,6 +20,13 @@ <!-- general cft. https://jeremylong.github.io/DependencyCheck/general/suppression.html --> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> <suppress> + <notes><![CDATA[ + file name: commons-jxpath-1.3.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons\-jxpath/commons\-jxpath@.*$</packageUrl> + <cpe>cpe:/a:apache:commons_jxpath</cpe> + </suppress> + <suppress> <notes><![CDATA[ file name: jython-standalone-2.7.1.jar (shaded: org.apache.commons:commons-compress:1.14) ]]></notes> Modified: db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java?rev=1916599&r1=1916598&r2=1916599&view=diff ============================================================================== --- db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java (original) +++ db/torque/trunk/torque-generator/src/main/java/org/apache/torque/generator/source/SourcePath.java Thu Mar 28 12:59:14 2024 @@ -366,6 +366,9 @@ public final class SourcePath e); } + // https://github.com/apache/commons-jxpath/pull/26 set to empty lib + // // getValue will throw org.apache.commons.jxpath.JXPathFunctionNotFoundException + context.setFunctions(new org.apache.commons.jxpath.FunctionLibrary()); Object pathValue = context.getValue("."); if (pathValue != base) { Modified: db/torque/trunk/torque-maven-plugin/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-maven-plugin/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff ============================================================================== --- db/torque/trunk/torque-maven-plugin/pom.xml (original) +++ db/torque/trunk/torque-maven-plugin/pom.xml Thu Mar 28 12:59:14 2024 @@ -47,6 +47,7 @@ <groupId>org.apache.maven</groupId> <artifactId>maven-core</artifactId> <version>${maven.api.version}</version> + <scope>provided</scope> <!-- guava throws an owasp warning and is used in indexer-core to run maven, but not to build this plugin --> <exclusions> <exclusion> @@ -58,15 +59,9 @@ <dependency> <groupId>org.apache.maven.plugin-tools</groupId> <artifactId>maven-plugin-annotations</artifactId> - <version>3.9.0</version> + <version>3.11.0</version> <!-- annotations are not used at runtime because @Retention(value=CLASS), they are needed only to build the plugin --> - <optional>true</optional> - <exclusions> - <exclusion> - <groupId>*</groupId> - <artifactId>*</artifactId> - </exclusion> - </exclusions> + <scope>provided</scope> </dependency> <!-- java 11 has org.xml packages, removed xerces xercesImpl @@ -121,21 +116,26 @@ </suppressionFiles> </configuration> </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-plugin-plugin</artifactId> + <version>3.11.0</version> + </plugin> </plugins> </build> <reporting> <plugins> - <plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-plugin-plugin</artifactId> - <version>3.9.0</version> + <artifactId>maven-plugin-report-plugin</artifactId> + <version>3.11.0</version> </plugin> </plugins> </reporting> <properties> - <maven.api.version>3.9.5</maven.api.version> + <maven.api.version>3.9.6</maven.api.version> </properties> </project> Modified: db/torque/trunk/torque-site/pom.xml URL: http://svn.apache.org/viewvc/db/torque/trunk/torque-site/pom.xml?rev=1916599&r1=1916598&r2=1916599&view=diff ============================================================================== --- db/torque/trunk/torque-site/pom.xml (original) +++ db/torque/trunk/torque-site/pom.xml Thu Mar 28 12:59:14 2024 @@ -35,6 +35,7 @@ <properties> <project.reporting.outputDirectory>${project.build.directory}/site</project.reporting.outputDirectory> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <scm> --------------------------------------------------------------------- To unsubscribe, e-mail: torque-dev-unsubscr...@db.apache.org For additional commands, e-mail: torque-dev-h...@db.apache.org