Skip to content
Permalink
Browse files
remove some duplicate jars
  • Loading branch information
ahgittin committed Mar 31, 2021
1 parent 02fc68f commit 9db10d8f333bf0660ad83c40447f79e9f4c96ae9
Showing 1 changed file with 129 additions and 19 deletions.
@@ -27,7 +27,7 @@
-->


<blacklistedRepositories>
<blacklistedRepositories> <!-- don't let a rogue definition pull in a snapshot repo; shouldn't happen but seems to -->
<repository>mvn:org.apache.karaf.features/framework/4.3.0-SNAPSHOT/xml/features</repository>
<repository>mvn:org.apache.karaf.features/standard/4.3.0-SNAPSHOT/xml/features</repository>
<repository>mvn:org.apache.karaf.features/enterprise/4.3.0-SNAPSHOT/xml/features</repository>
@@ -37,30 +37,140 @@
</blacklistedRepositories>


<!--
Upgrades BouncyCastle (to fix vulnerabilities), and related dependencies.
The old versions are referenced by jclouds.
<!--
For more info on the override mechanism used here, see:
- https://issues.apache.org/jira/browse/KARAF-5376?focusedCommentId=16431939&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16431939
- https://github.com/apache/karaf/blob/master/features/core/src/test/resources/org/apache/karaf/features/internal/service/org.apache.karaf.features.xml
- https://stackoverflow.com/a/53589206
-->
<bundleReplacements>
<bundle originalUri="mvn:net.i2p.crypto/eddsa/0.1.0"
replacement="mvn:net.i2p.crypto/eddsa/0.2.0" />
<bundle originalUri="mvn:com.hierynomus/sshj/0.20.0"
replacement="mvn:com.hierynomus/sshj/${sshj.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcprov-ext-jdk15on/1.51"
replacement="mvn:org.bouncycastle/bcprov-ext-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcpkix-jdk15on/1.51"
replacement="mvn:org.bouncycastle/bcpkix-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcprov-ext-jdk15on/1.66"
replacement="mvn:org.bouncycastle/bcprov-ext-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcpkix-jdk15on/1.66"
replacement="mvn:org.bouncycastle/bcpkix-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:net.i2p.crypto/eddsa/0.1.0"
replacement="mvn:net.i2p.crypto/eddsa/0.2.0" />
<!-- Several things declare javax for annotation-api, but jakarta replaces those; having just one speeds up dependency resolution -->
<bundle originalUri="mvn:javax.annotation/javax.annotation-api/[1.3,1.4)"
replacement="mvn:jakarta.annotation/jakarta.annotation-api/${jakarta.annotation-api.version}" />

<!-- For crypto, both the karaf ssh feature and jclouds use lower versions than we want;
(some lower versions may have CVEs, and in any case it is preferable to have one version where compatible) -->
<bundle originalUri="mvn:org.bouncycastle/bcprov-jdk15on/[1.51,${bouncycastle.version}]"
replacement="mvn:org.bouncycastle/bcprov-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcprov-ext-jdk15on/[1.51,${bouncycastle.version}]"
replacement="mvn:org.bouncycastle/bcprov-ext-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:org.bouncycastle/bcpkix-jdk15on/[1.51,${bouncycastle.version}]"
replacement="mvn:org.bouncycastle/bcpkix-jdk15on/${bouncycastle.version}" />
<bundle originalUri="mvn:net.i2p.crypto/eddsa/[0.1.0,${eddsa.version}]"
replacement="mvn:net.i2p.crypto/eddsa/${eddsa.version}" />
<bundle originalUri="mvn:com.hierynomus/sshj/[0.20.0,${sshj.version}]"
replacement="mvn:com.hierynomus/sshj/${sshj.version}" />


<!-- Lower versions of these pulled in by cxf-jackson and possibly others -->

<bundle originalUri="mvn:org.yaml/snakeyaml/[1,${snakeyaml.version}]"
replacement="mvn:org.yaml/snakeyaml/${snakeyaml.version}" />

<bundle originalUri="mvn:com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/${fasterxml.jackson.version}" />
<bundle originalUri="mvn:com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/${fasterxml.jackson.version}" />
<bundle originalUri="mvn:com.fasterxml.jackson.core/jackson-core/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.core/jackson-core/${fasterxml.jackson.version}" />
<bundle originalUri="mvn:com.fasterxml.jackson.core/jackson-annotations/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.core/jackson-annotations/${fasterxml.jackson.version}" />
<bundle originalUri="mvn:com.fasterxml.jackson.core/jackson-databind/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.core/jackson-databind/${fasterxml.jackson.version}" />
<bundle originalUri="mvn:com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/[2.10,${fasterxml.jackson.version}]"
replacement="mvn:com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/${fasterxml.jackson.version}" />


<!-- Others discovered by looking at the build -->

<!-- Guava SHOULD have two versions as Swagger is more recent than what jclouds supports
<bundle originalUri="mvn:com.google.guava/guava/[18.0, 27.0.1-jre]" ... />
-->


<bundle originalUri="mvn:javax.mail/mail/[1.4.4,${javax.mail.version}]"
replacement="mvn:javax.mail/mail/${javax.mail.version}" />

<bundle originalUri="mvn:javax.ws.rs/javax.ws.rs-api/[2,${jax-rs-api.version}]"
replacement="mvn:javax.ws.rs/javax.ws.rs-api/${jax-rs-api.version}" />

<bundle originalUri="mvn:org.apache.httpcomponents/httpcore-osgi/[4.4,${httpcomponents.httpcore.version}]"
replacement="mvn:org.apache.httpcomponents/httpcore-osgi/${httpcomponents.httpcore.version}" />

<bundle originalUri="mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jzlib/[1,${jzlib.osgi.version}]"
replacement="mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jzlib/${jzlib.version}" />

<!-- jetty we need to replace a lot of things pulled in by eclipse to the version we prefer -->
<bundle originalUri="mvn:org.eclipse.jetty.websocket/javax-websocket-client-impl/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/javax-websocket-client-impl/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/javax-websocket-server-impl/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/javax-websocket-server-impl/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/websocket-api/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/websocket-api/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/websocket-client/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/websocket-client/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/websocket-common/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/websocket-common/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/websocket-server/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/websocket-server/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty.websocket/websocket-servlet/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty.websocket/websocket-servlet/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-client/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-client/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-continuation/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-continuation/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-deploy/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-deploy/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-http/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-http/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-io/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-io/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-jaas/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-jaas/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-jaspi/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-jaspi/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-jmx/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-jmx/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-jndi/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-jndi/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-plus/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-plus/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-proxy/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-proxy/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-rewrite/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-rewrite/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-security/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-security/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-server/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-server/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-servlet/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-servlet/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-servlets/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-servlets/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-util-ajax/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-util-ajax/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-util/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-util/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-webapp/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-webapp/${jetty.version}" />
<bundle originalUri="mvn:org.eclipse.jetty/jetty-xml/[9.4,${jetty.version}]"
replacement="mvn:org.eclipse.jetty/jetty-xml/${jetty.version}" />

<!-- the objectweb (dis)assembly jars are usually needed at multiple major version levels;
see brooklyn-server/pom.xml for discussion; no choice but to allow the multiple versions,
unless we jarjar or drop some of the dependencies.
<bundle originalUri="mvn:org.ow2.asm/asm-analysis/[8,${ow2.asm.version}]"
replacement="mvn:org.ow2.asm/asm-analysis/${ow2.asm.version}" />
<bundle originalUri="mvn:org.ow2.asm/asm-commons/[8,${ow2.asm.version}]"
replacement="mvn:org.ow2.asm/asm-commons/${ow2.asm.version}" />
<bundle originalUri="mvn:org.ow2.asm/asm-tree/[8,${ow2.asm.version}]"
replacement="mvn:org.ow2.asm/asm-tree/${ow2.asm.version}" />
<bundle originalUri="mvn:org.ow2.asm/asm-util/[8,${ow2.asm.version}]"
replacement="mvn:org.ow2.asm/asm-util/${ow2.asm.version}" />
<bundle originalUri="mvn:org.ow2.asm/asm/[8,${ow2.asm.version}]"
replacement="mvn:org.ow2.asm/asm/${ow2.asm.version}" />
-->

</bundleReplacements>

</featuresProcessing>

0 comments on commit 9db10d8

Please sign in to comment.