Skip to content

Commit

Permalink
Update of various dependencies (#1399)
Browse files Browse the repository at this point in the history 
Resolves: https://jira.duraspace.org/browse/FCREPO-2974

* Incomplete update of various dependencies
* Update Amazon AWS SDK from version 1.11.405 to 1.11.407
* Update Amazon AWS SDK from version 1.11.407 to 1.11.408
* Add explicit depdency on xerces 2.12.0, replacing implicit dependency on xerces 2.11.0
* Update Apache commons-collections from version 3.2.1 to 3.2.2, get rid of CVE-2015-6420 and CVE-2017-15708
* Centralize version number for Apache commons-collections in main pom.xml
* Centralize Jetty version number in main pom.xml
* Revert "Centralize Jetty version number in main pom.xml"
This reverts commit b454d63.
* Remove duplicate jboss-logging entry from main pom.xml
* Bump Jena to 3.8.0
A notable difference compared to earlier Jena versions is that support for
QName literal types (in RDF/XML) has been removed.  The RDF/XML syntax
spec suggests that it SHOUD NOT be used.  Technically, this would break
backwards compatibility for acccepting RDF/XML that has literals of this
type.
* Update Amazon AWS SDK from version 1.11.408 to 1.11.409
* Amazon AWS SDK 1.11.410
* Amazon AWS SDK 1.11.411
* Apache Tika 1.18 -> 1.19 (CVE-2018-11761)
* Amazon AWS SDK 1.11.412
* PostgreSQL 42.2.5
* Amazon AWS SDK 1.11.413
  • Loading branch information
@hardfalcon
hardfalcon authored and Andrew Woods committed Jan 24, 2019
1 parent 58440bc commit cf66fc7
Show file tree
Hide file tree
Showing 9 changed files with 102 additions and 36 deletions.
16 changes: 16 additions & 0 deletions fcrepo-auth-common/pom.xml
View file
Expand Up @@ -145,6 +145,22 @@
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
</dependency>

<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<exclusions>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
</dependencies>

<build>
Expand Down
2 changes: 1 addition & 1 deletion fcrepo-boms/fcrepo4-bom/pom.xml
View file
Expand Up @@ -76,7 +76,7 @@
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.6</version>
<version>${commons-codec.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
Expand Down
12 changes: 12 additions & 0 deletions fcrepo-http-commons/pom.xml
View file
Expand Up @@ -192,6 +192,12 @@
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<exclusions>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
Expand Down Expand Up @@ -280,6 +286,12 @@
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
</dependencies>

<build>
Expand Down
4 changes: 4 additions & 0 deletions fcrepo-kernel-api/pom.xml
View file
Expand Up @@ -58,6 +58,10 @@
<groupId>org.apache.jena</groupId>
<artifactId>jena-arq</artifactId>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>

<!-- test gear -->
<dependency>
Expand Down
5 changes: 5 additions & 0 deletions fcrepo-kernel-modeshape/pom.xml
View file
Expand Up @@ -57,6 +57,11 @@
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
<version>${tika.version}</version>
</dependency>
<dependency>
<groupId>org.modeshape</groupId>
<artifactId>modeshape-jcr</artifactId>
Expand Down
3 changes: 1 addition & 2 deletions ...odeshape/src/test/java/org/fcrepo/kernel/modeshape/rdf/converters/ValueConverterTest.java
View file
Expand Up @@ -51,7 +51,6 @@
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDNCName;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDNMTOKEN;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDName;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDQName;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDanyURI;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDbase64Binary;
import static org.apache.jena.datatypes.xsd.XSDDatatype.XSDdate;
Expand Down Expand Up @@ -139,7 +138,7 @@ public static Iterable<Object[]> data() {
{createTypedLiteral("some:uri", XSDanyURI)},
{createTypedLiteral("tokenize this", XSDtoken)},
{createTypedLiteral("name", XSDName)},
{createTypedLiteral("qname", XSDQName)},
// Not supported any more by Jena {createTypedLiteral("qname", XSDQName)},
{createTypedLiteral("en-us", XSDlanguage)},
{createTypedLiteral("name", XSDNMTOKEN)},
{createTypedLiteral("some-id", XSDID)},
Expand Down
2 changes: 1 addition & 1 deletion fcrepo-parent/pom.xml
View file
Expand Up @@ -57,7 +57,7 @@
<scm-provider-gitexe.plugin.version>1.9.4</scm-provider-gitexe.plugin.version>
<site.plugin.version>3.4</site.plugin.version>
<source.plugin.version>2.4</source.plugin.version>
<surefire.plugin.version>2.18.1</surefire.plugin.version>
<surefire.plugin.version>2.22.0</surefire.plugin.version>
<versions.plugin.version>2.1</versions.plugin.version>
<!-- jacoco and sonar configuration -->
<jacoco.outputDir>${project.build.directory}</jacoco.outputDir>
Expand Down
4 changes: 4 additions & 0 deletions jena-patch/pom.xml
View file
Expand Up @@ -25,6 +25,10 @@
<groupId>org.apache.jena</groupId>
<artifactId>jena-core</artifactId>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
Expand Down
90 changes: 58 additions & 32 deletions pom.xml
View file
Expand Up @@ -23,49 +23,52 @@
<project_name>fcrepo4</project_name>
<project_organization>fcrepo4</project_organization>
<!-- Dependency version properties -->
<activemq.version>5.14.1</activemq.version>
<commons-codec.version>1.10</commons-codec.version>
<commons-io.version>2.5</commons-io.version>
<commons-lang.version>3.5</commons-lang.version>
<narayana-jta.version>5.7.0.Final</narayana-jta.version>
<jetty.version>9.3.1.v20150714</jetty.version>
<guava.version>20.0</guava.version>
<hk2.version>2.3.0</hk2.version>
<activemq.version>5.15.5</activemq.version>
<commons-codec.version>1.11</commons-codec.version>
<commons-collections.version>3.2.2</commons-collections.version>
<commons-io.version>2.6</commons-io.version>
<commons-lang.version>3.7</commons-lang.version>
<narayana-jta.version>5.9.0.Final</narayana-jta.version>
<jetty.version>9.3.25.v20180904</jetty.version>
<guava.version>25.1-jre</guava.version>
<hk2.version>2.5.0-b62</hk2.version>
<htmlunit.version>2.27</htmlunit.version>
<httpclient.version>4.5.3</httpclient.version>
<httpmime.version>4.5.3</httpmime.version>
<httpcore.version>4.4.6</httpcore.version>
<javax.servlet-api.version>3.1.0</javax.servlet-api.version>
<javaee-api.version>7.0</javaee-api.version>
<jackson2.version>2.8.4</jackson2.version>
<jboss-logging.version>3.3.0.Final</jboss-logging.version>
<httpclient.version>4.5.6</httpclient.version>
<httpmime.version>4.5.6</httpmime.version>
<httpcore.version>4.4.10</httpcore.version>
<javax.servlet-api.version>4.0.1</javax.servlet-api.version>
<javaee-api.version>8.0</javaee-api.version>
<jackson2.version>2.9.6</jackson2.version>
<jboss-logging.version>3.3.2.Final</jboss-logging.version>
<jcr.version>2.0</jcr.version>
<jena.version>3.1.1</jena.version>
<jersey.version>2.24</jersey.version>
<jgroups.version>3.6.11.Final</jgroups.version>
<jsonld.version>0.8.3</jsonld.version>
<logback.version>1.1.7</logback.version>
<metrics.version>3.1.2</metrics.version>
<modeshape.version>5.4.0.Final</modeshape.version>
<slf4j.version>1.7.21</slf4j.version>
<snappy-java.version>1.1.2.6</snappy-java.version>
<spring.version>4.3.3.RELEASE</spring.version>
<jena.version>3.8.0</jena.version>
<jersey.version>2.25.1</jersey.version>
<jgroups.version>4.0.13.Final</jgroups.version>
<jsonld.version>0.12.1</jsonld.version>
<logback.version>1.2.3</logback.version>
<metrics.version>3.2.6</metrics.version>
<modeshape.version>5.4.1.Final</modeshape.version>
<slf4j.version>1.7.25</slf4j.version>
<snappy-java.version>1.1.7.2</snappy-java.version>
<spring.version>5.0.9.RELEASE</spring.version>
<tika.version>1.19</tika.version>
<xerces.version>2.12.0</xerces.version>
<xml-apis.version>1.4.01</xml-apis.version>
<velocity.version>1.7</velocity.version>
<!-- JCBC dependencies -->
<postgresql.version>9.4.1211</postgresql.version>
<mysql.version>5.1.38</mysql.version>
<postgresql.version>42.2.5</postgresql.version>
<mysql.version>5.1.46</mysql.version>
<!-- AWS S3 dependencies -->
<aws.client.version>1.11.95</aws.client.version>
<aws.client.version>1.11.413</aws.client.version>
<!-- test gear -->
<awaitility.version>1.7.0</awaitility.version>
<grizzly.version>2.3.28</grizzly.version>
<grizzly.version>2.4.3</grizzly.version>
<junit.version>4.12</junit.version>
<mockito.version>1.10.19</mockito.version>
<!-- fcrepo4-specific plugins -->
<enforcer.plugin.version>1.4</enforcer.plugin.version>
<enforcer.plugin.version>1.4.1</enforcer.plugin.version>
<enforce-victims.rule.version>1.3.4</enforce-victims.rule.version>
<war.plugin.version>2.6</war.plugin.version>
<war.plugin.version>3.2.2</war.plugin.version>
<!-- default properties that can be altered on the command line -->
<fcrepo.test.context.path />
</properties>
Expand All @@ -92,7 +95,7 @@
"dependenciesManagement" section defaults for all of the modules we might
need, but we still have to include in the "dependencies" section the modules
we DO need. The benefit is that we don't have to specify the versions of
any of those modules. -->
any of those modules. -->
<dependency>
<groupId>org.modeshape.bom</groupId>
<artifactId>modeshape-bom-embedded</artifactId>
Expand Down Expand Up @@ -178,6 +181,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand All @@ -193,6 +200,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand Down Expand Up @@ -229,6 +240,12 @@
<groupId>com.github.jsonld-java</groupId>
<artifactId>jsonld-java</artifactId>
<version>${jsonld.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient-osgi</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
Expand Down Expand Up @@ -301,6 +318,11 @@
<artifactId>commons-lang3</artifactId>
<version>${commons-lang.version}</version>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
Expand All @@ -325,6 +347,10 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand Down

0 comments on commit cf66fc7

Please sign in to comment.