[jira] [Updated] (OFBIZ-9674) Update build.gradle to the latest dependencies

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (OFBIZ-9674) Update build.gradle to the latest dependencies

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/OFBIZ-9674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Julian Leichert updated OFBIZ-9674:
-----------------------------------
    Attachment: OFBIZ-9674_Update_buildgradle.patch

- removed gradle-versions-plugin from patch file

> Update build.gradle to the latest dependencies
> ----------------------------------------------
>
>                 Key: OFBIZ-9674
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9674
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Michael Brohl
>            Assignee: Michael Brohl
>            Priority: Minor
>         Attachments: OFBIZ-9674_Update_buildgradle.patch
>
>
> I wondered how up-to-date our project dependencies are and searched for an efficient way how to check this. I found the gradle-versions-plugin [1] which analyzes the dependencies and checks if there are newer versions available.
> I ran the check with
> {code:java}
> ./gradlew dependencyUpdates -Drevision=release
> {code}
> and got the following result:
> ------------------------------------------------------------
> : Project Dependency Updates (report to plain text file)
> ------------------------------------------------------------
> The following dependencies are using the latest release version:
>  - net.sf.barcode4j:barcode4j:2.1
>  - net.sf.barcode4j:barcode4j-fop-ext:2.1
>  - org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
>  - org.apache.commons:commons-collections4:4.1
>  - com.googlecode.ez-vcard:ez-vcard:0.9.10
>  - org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
>  - org.apache.geronimo.components:geronimo-transaction:3.1.4
>  - at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
>  - com.github.ben-manes:gradle-versions-plugin:0.15.0
>  - org.hamcrest:hamcrest-all:1.3
>  - net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
>  - javax.el:javax.el-api:3.0.1-b04
>  - de.odysseus.juel:juel-impl:2.2.7
>  - de.odysseus.juel:juel-spi:2.2.7
>  - junit:junit:4.12
>  - oro:oro:2.0.8
>  - apache-xerces:xercesImpl:2.9.1
> The following dependencies exceed the version found at the release revision level:
>  - com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer [20160628.1 <- 1.1]
> The following dependencies have later release versions:
>  - org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
>  - org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
>  - org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
>  - org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
>  - org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
>  - commons-cli:commons-cli [1.3.1 -> 1.4]
>  - org.apache.commons:commons-csv [1.1 -> 1.5]
>  - org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
>  - commons-net:commons-net [3.3 -> 3.6]
>  - commons-validator:commons-validator [1.5.1 -> 1.6]
>  - com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 -> 1.4.2]
>  - com.google.zxing:core [3.2.1 -> 3.3.0]
>  - org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
>  - org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
>  - org.apache.xmlgraphics:fop [2.1 -> 2.2]
>  - org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
>  - org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
>  - org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
>  - com.ibm.icu:icu4j [57.1 -> 59.1]
>  - com.lowagie:itext [2.1.7 -> 4.2.2]
>  - org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
>  - com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
>  - javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
>  - javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
>  - junit:junit-dep [4.10 -> 4.11]
>  - com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
>  - org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
>  - org.mockito:mockito-core [1.10.19 -> 2.9.0]
>  - org.apache.poi:poi [3.14 -> 3.17-beta1]
>  - org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
>  - org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
>  - org.apache.tika:tika-core [1.12 -> 1.16]
>  - org.apache.tika:tika-parsers [1.12 -> 1.16]
>  - org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
>  - org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
>  - org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
>  - org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
>  - wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
>  - org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
>  - org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
>  - com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]
> Failed to determine the latest version for the following dependencies (use --info for details):
>  - com.sun.syndication:com.springsource.com.sun.syndication
>  - org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec
> Generated report file build/dependencyUpdates/report.txt
> ===
> If there are no objections, I would try to update the dependencies to the latest release versions, which means I would skip the milestone versions for e.g. Tomcat here.
> We can run this check from time to time to see if we have missed updates to the dependencies.
> What do you think? Is this reasonable?
> Thanks,
> Michael
> [1] https://github.com/ben-manes/gradle-versions-plugin



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)