diff --git a/build.gradle b/build.gradle index c83c415c12..1ffa4c81aa 100644 --- a/build.gradle +++ b/build.gradle @@ -224,9 +224,9 @@ allprojects { // brought in by SequenceAnalysis, jbrowse force "org.apache.logging.log4j:log4j-slf4j-impl:${log4j2Version}" force "org.apache.commons:commons-vfs2:${commonsVfs2Version}" - // force version for consistency with saml, query, LDK, and pipeline + // force version for consistency with query, LDK, and pipeline force "commons-lang:commons-lang:${commonsLangVersion}" - // force version for consistency with workflow, api, SequenceAnalysis + // force version for consistency with api, SequenceAnalysis force "org.apache.commons:commons-lang3:${commonsLang3Version}" force "commons-dbcp:commons-dbcp:${commonsDbcpVersion}" force "commons-io:commons-io:${commonsIoVersion}" @@ -236,9 +236,9 @@ allprojects { force "org.apache.commons:commons-text:${commonsTextVersion}" // force version for consistency with search, premium, api force "org.apache.commons:commons-collections4:${commonsCollections4Version}" - // force version for consistency with query, saml, LDK, api + // force version for consistency with LDK, api force "commons-collections:commons-collections:${commonsCollectionsVersion}" - // force version for ms2, saml, fileTransfer, harvest, api, accounts, docker + // force version for ms2, fileTransfer, harvest, api, accounts, docker force "commons-codec:commons-codec:${commonsCodecVersion}" // force version consistency in TCRdb, SequenceAnalysis, API force "org.apache.commons:commons-math3:${commonsMath3Version}" @@ -249,7 +249,7 @@ allprojects { // force version for cloud, docker, fileTransfer, googledrive, tcrb, wnprc_ehr force "org.apache.httpcomponents:httpclient:${httpclientVersion}" force "org.apache.httpcomponents.client5:httpclient5:${httpclient5Version}" - // force version for postgresql jdbc, cloud, docker, fileTransfer, saml, query, GoogleDrive, WNPRC_EHR + // force version for postgresql jdbc, cloud, docker, fileTransfer, GoogleDrive, WNPRC_EHR force "org.checkerframework:checker-qual:${checkerQualVersion}" // force version for SequenceAnalysis, api, cloud force "com.google.guava:guava:${guavaVersion}" @@ -266,17 +266,15 @@ allprojects { force "jakarta.xml.bind:jakarta.xml.bind-api:${jaxbApiVersion}" // force version for accounts, api, query force "javax.validation:validation-api:${validationApiVersion}" - // force version for accounts, docker, api, workflow + // force version for accounts, docker, api force "com.fasterxml.jackson.core:jackson-annotations:${jacksonAnnotationsVersion}" - // saml and query bring in different versions transitively; we force the later one - force "xalan:xalan:${xalanVersion}" // genotyping brings in a much older version of this, so we force a newer version for compatibility force "org.apache.commons:commons-compress:${commonsCompressVersion}" // Force ant to be a newer version (transitive dependency of query > eigenbase-resgen > eigenbase-xom) force "org.apache.ant:ant:${antVersion}" // Transitive dependency of commons-compress -- Transitive dependency com.github.samtools:htsjdk which references an older version force "org.tukaani:xz:${tukaaniXZVersion}" - // force version for api, LDK, pipeline, query, saml, but not for the xsdDoc configuration, which requires + // force version for api and LDK, but not for the xsdDoc configuration, which requires // an older version for the docflex library we use if (!config.name.equals('xsdDoc')) force "xml-apis:xml-apis:${xmlApisVersion}" @@ -350,9 +348,6 @@ allprojects { force "org.apache.tika:tika-core:${tikaVersion}" // OpenLDAPSync and premium have transitive dependency on a broken version of MINA force "org.apache.mina:mina-core:${apacheMinaVersion}" - // saml has transitive dependencies on old versions of batik and xmlgraphics-commons, which conflict with more recent versions in api - force "org.apache.xmlgraphics:batik-css:${batikVersion}" - force "org.apache.xmlgraphics:xmlgraphics-commons:${fopVersion}" // force consistency in TCRdb, WNPRC force "org.javassist:javassist:${javassistVersion}" force "org.jetbrains:annotations:${annotationsVersion}" @@ -365,12 +360,11 @@ allprojects { // The hamcrest dependencies come through transitively from jackson, junit, jmock force "org.hamcrest:hamcrest:${hamcrestVersion}" force "junit:junit:${junitVersion}" - // force consistency in nlp and saml that bring these in transitively + // SAML brings these in transitively force "org.codehaus.woodstox:stax2-api:${stax2ApiVersion}" force "com.fasterxml.woodstox:woodstox-core:${woodstoxCoreVersion}" - // force consistency in docker and connectors, saml, nlp + // force consistency in docker, connectors, and saml force "org.bouncycastle:bcprov-jdk18on:${bouncycastleVersion}" - // force consistency in docker and connectors and saml force "org.bouncycastle:bcpkix-jdk18on:${bouncycastleVersion}" // Force consistency for dependencies from pipeline and query @@ -387,7 +381,7 @@ allprojects { // Force snappy-java version for CVE-2023-43642. Remove once HTSJDK bumps its preferred version. force "org.xerial.snappy:snappy-java:${snappyJavaVersion}" - // Consistency between cloud, pipeline, and query + // Consistency between cloud, pipeline force "javax.xml.bind:jaxb-api:${jaxbApiOldVersion}" // Force consistency for dependencies from cloud diff --git a/gradle.properties b/gradle.properties index 79f3c044f9..7871510f32 100644 --- a/gradle.properties +++ b/gradle.properties @@ -102,7 +102,7 @@ apacheTomcatVersion=11.0.22 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm # tika -asmVersion=9.9.1 +asmVersion=9.10 awsSdkVersion=2.29.50 @@ -194,15 +194,15 @@ httpcoreVersion=4.4.16 intellijKotlinVersion=2.3.10 # Update the three Jackson dependency versions below in tandem, unless one gets a patch release out-of-sync with the others -jacksonVersion=2.21.3 -jacksonDatabindVersion=2.21.3 -jacksonJaxrsBaseVersion=2.21.3 +jacksonVersion=2.21.4 +jacksonDatabindVersion=2.21.4 +jacksonJaxrsBaseVersion=2.21.4 # Note the inconsistent version numbering for "annotations"... it no longer matches the above jacksonAnnotationsVersion=2.21 # Spring Boot brings in a transitive dependency on Jackson 3.x. It has changed package names and can coexist with Jackson 2.x. -jackson3Version=3.1.3 +jackson3Version=3.1.4 # The Jakarta Activation API version that Angus Activation implements. Keep in sync with angusActivationVersion (above). jakartaActivationApiVersion=2.1.4 @@ -219,7 +219,7 @@ jaxbOldVersion=2.3.3 # All other direct and indirect uses of JAXB use the current, jakarta-packaged versions jaxbApiVersion=4.0.5 -jaxbVersion=4.0.7 +jaxbVersion=4.0.8 jaxrpcVersion=1.1 @@ -233,12 +233,12 @@ jmockVersion=2.6.0 # Transitive dependency via azure-identity and docker; force for consistency jnaVersion=5.18.1 -jodaTimeVersion=2.14.1 +jodaTimeVersion=2.14.2 # brought in transitively by Cloud, FileTransfer, SequenceAnalysis, etc. Need to resolve consistently jsr305Version=3.0.2 -orgJsonVersion=20251224 +orgJsonVersion=20260522 jsoupVersion=1.22.2 @@ -255,12 +255,12 @@ lombokVersion=1.18.46 luceneVersion=10.4.0 # Microsoft library for sending OAuth2-authenticated notification emails via the Microsoft Graph API -microsoftGraphVersion=6.59.0 +microsoftGraphVersion=6.65.0 mssqlJdbcVersion=13.4.0.jre11 # Netty - transitive dependency via azure-core-http-netty; force for CVE-2026-33871, CVE-2026-33870 -nettyVersion=4.2.13.Final +nettyVersion=4.2.14.Final # Reactor - transitive dependency via azure-core; force for version consistency across modules reactorCoreVersion=3.8.1 @@ -293,9 +293,9 @@ romeVersion=2.1.0 servletApiVersion=6.1.0 # this version is forced for compatibility with pipeline and tika -slf4jLog4j12Version=2.0.17 +slf4jLog4j12Version=2.0.18 # this version is forced for compatibility with api, LDK, and workflow -slf4jLog4jApiVersion=2.0.17 +slf4jLog4jApiVersion=2.0.18 # This is a dependency for HTSJDK. Force version for CVE-2023-43642 snappyJavaVersion=1.1.10.8 @@ -306,26 +306,23 @@ springBootVersion=4.0.6 springVersion=7.0.7 springAiVersion=2.0.0-M6 -sqliteJdbcVersion=3.53.0.0 +sqliteJdbcVersion=3.53.1.0 -# NLP and SAML bring stax2-api in as a transitive dependency but with very different versions. We force the later version. +# SAML brings stax2-api in as a transitive dependency. We force the latest version. stax2ApiVersion=4.2.2 thumbnailatorVersion=0.4.21 # used for tika-core in API and tika-parsers in search -tikaVersion=3.3.0 +tikaVersion=3.3.1 # sync with Tika tukaaniXZVersion=1.12 validationApiVersion=1.1.0.Final -# NLP and SAML bring woodstox-core in as a transitive dependency but with very different versions. We force the later version. -woodstoxCoreVersion=7.1.1 - -# saml and query bring in different versions transitively; we force the later one -xalanVersion=2.7.2 +# SAML brings woodstox-core in as a transitive dependency. We force the latest version. +woodstoxCoreVersion=7.2.0 # sync with Tika xercesImplVersion=2.12.2