From 65fd98781a68fc6e83794363b83e5e22ce2fbdd3 Mon Sep 17 00:00:00 2001 From: Rob Rudin Date: Tue, 30 Sep 2025 10:56:02 -0400 Subject: [PATCH] MLE-24504 Bumping all dependencies Should make Black Duck happy as well. Not touching the Jakarta APIs yet, going to take care of that in a follow up PR as that needs more testing. --- .copyrightconfig | 2 +- CONTRIBUTING.md | 6 +---- examples/build.gradle | 12 +++++----- gradle.properties | 2 ++ .../build.gradle | 13 +++++----- marklogic-client-api/build.gradle | 24 +++++++++---------- ml-development-tools/build.gradle | 2 +- test-app/build.gradle | 10 ++++---- 8 files changed, 34 insertions(+), 37 deletions(-) diff --git a/.copyrightconfig b/.copyrightconfig index 6a060caea..0253be82f 100644 --- a/.copyrightconfig +++ b/.copyrightconfig @@ -11,4 +11,4 @@ startyear: 2010 # - Dotfiles already skipped automatically # Enable by removing the leading '# ' from the next line and editing values. # filesexcluded: third_party/*, docs/generated/*.md, assets/*.png, scripts/temp_*.py, vendor/lib.js -filesexcluded: .github/*, README.md, Jenkinsfile, gradle/*, docker-compose.yml, *.gradle, gradle.properties, gradlew, gradlew.bat \ No newline at end of file +filesexcluded: .github/*, README.md, Jenkinsfile, gradle/*, docker-compose.yml, *.gradle, gradle.properties, gradlew, gradlew.bat, **/test/resources/**, *.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b9c2bb310..68b2f8c37 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,11 +7,7 @@ To build the client locally, complete the following steps: 1. Clone this repository on your machine. 2. Choose the appropriate branch (usually develop) -3. Ensure you are using Java 8 or Java 11 or Java 17 (the JVM version used to compile should not matter as compiler flags -are set to ensure the compiled code will run on Java 8; Jenkins pipelines also exist to ensure that the tests pass on -Java 8, 11, and 17, and thus they should for you locally as well; note that if you load the project into an IDE, you -should use Java 8 in case your IDE does not process the build.gradle config that conditionally brings in JAXB dependencies -required by Java 9+.) +3. Ensure you are using Java 17. 4. Verify that you can build the client by running `./gradlew build -x test` "Running the tests" in the context of developing and submitting a pull request refers to running the tests found diff --git a/examples/build.gradle b/examples/build.gradle index ba3dfc93c..7bf452058 100644 --- a/examples/build.gradle +++ b/examples/build.gradle @@ -10,19 +10,19 @@ dependencies { // The 'api' configuration is used so that the test configuration in marklogic-client-api doesn't have to declare // all of these dependencies. This library project won't otherwise be depended on by anything else as it's not // setup for publishing. - api 'com.squareup.okhttp3:okhttp:4.12.0' - api 'io.github.rburgst:okhttp-digest:2.7' + api "com.squareup.okhttp3:okhttp:${okhttpVersion}" + api 'io.github.rburgst:okhttp-digest:3.1.1' api 'org.slf4j:slf4j-api:2.0.17' api "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}" api 'org.jdom:jdom2:2.0.6.1' - api 'org.dom4j:dom4j:2.1.4' - api 'com.google.code.gson:gson:2.10.1' + api 'org.dom4j:dom4j:2.2.0' + api 'com.google.code.gson:gson:2.13.2' api 'net.sourceforge.htmlcleaner:htmlcleaner:2.29' - api ('com.opencsv:opencsv:5.11.2') { + api ('com.opencsv:opencsv:5.12.0') { // Excluding this due to a security vulnerability, and the test for the example that uses this library // passes without this on the classpath. exclude module: "commons-beanutils" } - api 'org.apache.commons:commons-lang3:3.18.0' + api 'org.apache.commons:commons-lang3:3.19.0' } diff --git a/gradle.properties b/gradle.properties index 8d8fe5986..60f18ae19 100644 --- a/gradle.properties +++ b/gradle.properties @@ -3,6 +3,8 @@ version=8.0-SNAPSHOT describedName=MarkLogic Java Client API publishUrl=file:../marklogic-java/releases +okhttpVersion=5.1.0 + # See https://github.com/FasterXML/jackson for more information on the Jackson libraries. jacksonVersion=2.19.0 diff --git a/marklogic-client-api-functionaltests/build.gradle b/marklogic-client-api-functionaltests/build.gradle index 489a1d077..0fce007ad 100755 --- a/marklogic-client-api-functionaltests/build.gradle +++ b/marklogic-client-api-functionaltests/build.gradle @@ -18,23 +18,22 @@ dependencies { testImplementation project(':marklogic-client-api') testImplementation 'org.skyscreamer:jsonassert:1.5.3' testImplementation 'org.slf4j:slf4j-api:2.0.17' - testImplementation 'commons-io:commons-io:2.17.0' - testImplementation 'com.squareup.okhttp3:okhttp:5.1.0' + testImplementation 'commons-io:commons-io:2.20.0' + testImplementation "com.squareup.okhttp3:okhttp:${okhttpVersion}" testImplementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}" testImplementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}" testImplementation "org.jdom:jdom2:2.0.6.1" - testImplementation 'org.apache.commons:commons-lang3:3.18.0' + testImplementation 'org.apache.commons:commons-lang3:3.19.0' + // Allows talking to the Manage API. - testImplementation("com.marklogic:ml-app-deployer:5.0.0") { + testImplementation("com.marklogic:ml-app-deployer:6.0.1") { exclude module: "marklogic-client-api" - // Use the commons-lang3 declared above to keep Black Duck happy. - exclude module: "commons-lang3" } testImplementation 'ch.qos.logback:logback-classic:1.5.18' testImplementation 'org.junit.jupiter:junit-jupiter:5.13.4' - testImplementation 'org.xmlunit:xmlunit-legacy:2.10.0' + testImplementation 'org.xmlunit:xmlunit-legacy:2.10.4' // Without this, once using JUnit 5.12 or higher, Gradle will not find any tests and report an error of: // org.junit.platform.commons.JUnitException: TestEngine with ID 'junit-jupiter' failed to discover tests diff --git a/marklogic-client-api/build.gradle b/marklogic-client-api/build.gradle index 7bb2b8ffe..a77b1f882 100644 --- a/marklogic-client-api/build.gradle +++ b/marklogic-client-api/build.gradle @@ -18,8 +18,8 @@ dependencies { api "jakarta.xml.bind:jakarta.xml.bind-api:3.0.1" implementation "org.glassfish.jaxb:jaxb-runtime:3.0.2" - implementation 'com.squareup.okhttp3:okhttp:5.1.0' - implementation 'com.squareup.okhttp3:logging-interceptor:5.1.0' + implementation "com.squareup.okhttp3:okhttp:${okhttpVersion}" + implementation "com.squareup.okhttp3:logging-interceptor:${okhttpVersion}" implementation 'io.github.rburgst:okhttp-digest:3.1.1' // We tried upgrading to the org.eclipse.angus:angus-mail dependency, but we ran into significant performance issues @@ -27,7 +27,7 @@ dependencies { // take 50s instead of 2 to 3s. Haven't dug into the details, but seems like the call isn't lazy and the entire set // of URIs is being retrieved. This implementation - in the old "com.sun.mail" package but still adhering to the new // jakarta.mail API - works fine and performs well for eval calls. - implementation "com.sun.mail:jakarta.mail:2.0.1" + implementation "com.sun.mail:jakarta.mail:2.0.2" implementation 'javax.ws.rs:javax.ws.rs-api:2.1.1' implementation 'org.slf4j:slf4j-api:2.0.17' @@ -36,22 +36,21 @@ dependencies { // Only used by extras (which some examples then depend on) compileOnly 'org.jdom:jdom2:2.0.6.1' - compileOnly 'org.dom4j:dom4j:2.1.4' - compileOnly 'com.google.code.gson:gson:2.10.1' + compileOnly 'org.dom4j:dom4j:2.2.0' + compileOnly 'com.google.code.gson:gson:2.13.2' testImplementation 'org.junit.jupiter:junit-jupiter:5.13.4' // Forcing junit version to avoid vulnerability with older version in xmlunit testImplementation 'junit:junit:4.13.2' - testImplementation 'org.xmlunit:xmlunit-legacy:2.10.0' + testImplementation 'org.xmlunit:xmlunit-legacy:2.10.4' testImplementation project(':examples') - testImplementation 'org.apache.commons:commons-lang3:3.18.0' + testImplementation 'org.apache.commons:commons-lang3:3.19.0' + // Allows talking to the Manage API. - testImplementation ("com.marklogic:ml-app-deployer:5.0.0") { + testImplementation ("com.marklogic:ml-app-deployer:6.0.1") { exclude module: "marklogic-client-api" - // Use the commons-lang3 declared above to keep Black Duck happy. - exclude module: "commons-lang3" } // Starting with mockito 5.x, Java 11 is required, so sticking with 4.x as we have to support Java 8. @@ -65,11 +64,12 @@ dependencies { // Using this to avoid a schema validation issue with the regular xercesImpl testImplementation 'org.opengis.cite.xerces:xercesImpl-xsd11:2.12-beta-r1667115' - testImplementation('com.opencsv:opencsv:5.11.2') { + testImplementation('com.opencsv:opencsv:5.12.0') { // Excluding this due to a security vulnerability, and the test for the example that uses this library // passes without this on the classpath. exclude module: "commons-beanutils" } + testImplementation 'org.skyscreamer:jsonassert:1.5.3' // Automatic loading of test framework implementation dependencies is deprecated. @@ -101,7 +101,7 @@ javadoc { options.overview = "src/main/javadoc/overview.html" options.windowTitle = "$rootProject.describedName $rootProject.version" options.docTitle = "$rootProject.describedName $rootProject.version" - options.bottom = "Copyright © 2024 MarkLogic Corporation. All Rights Reserved." + options.bottom = "Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved." options.links = [ 'http://docs.oracle.com/javase/8/docs/api/' ] options.use = true if (JavaVersion.current().isJava9Compatible()) { diff --git a/ml-development-tools/build.gradle b/ml-development-tools/build.gradle index 82dfc7513..847a98b9c 100644 --- a/ml-development-tools/build.gradle +++ b/ml-development-tools/build.gradle @@ -23,7 +23,7 @@ dependencies { testImplementation 'xmlunit:xmlunit:1.6' testCompileOnly gradleTestKit() - testImplementation 'com.squareup.okhttp3:okhttp:4.12.0' + testImplementation "com.squareup.okhttp3:okhttp:${okhttpVersion}" } // Added to avoid problem where processResources fails because - somehow - the plugin properties file is getting diff --git a/test-app/build.gradle b/test-app/build.gradle index 86cd75b11..c7f8a1072 100644 --- a/test-app/build.gradle +++ b/test-app/build.gradle @@ -1,16 +1,16 @@ plugins { - id 'com.marklogic.ml-gradle' version '5.0.0' + id 'com.marklogic.ml-gradle' version '6.0.1' id 'java' id "com.github.psxpaul.execfork" version "0.2.2" } dependencies { - implementation "io.undertow:undertow-core:2.2.37.Final" - implementation "io.undertow:undertow-servlet:2.2.37.Final" + implementation "io.undertow:undertow-core:2.3.19.Final" + implementation "io.undertow:undertow-servlet:2.3.19.Final" implementation 'org.slf4j:slf4j-api:2.0.17' - implementation 'ch.qos.logback:logback-classic:1.3.15' + implementation 'ch.qos.logback:logback-classic:1.5.18' implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}" - implementation 'com.squareup.okhttp3:okhttp:4.12.0' + implementation "com.squareup.okhttp3:okhttp:${okhttpVersion}" } // See https://github.com/psxpaul/gradle-execfork-plugin for docs.