Skip to content

Commit

Permalink
more lib updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@epag
epag committed Oct 17, 2024
1 parent 7017be8 commit b2d7094
Showing 1 changed file with 19 additions and 19 deletions.
38 changes: 19 additions & 19 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ plugins {
id 'com.github.seanrl.jaxb' version '2.5.4'

// For ability to use git ids for versioning jar files:
id 'org.ajoberstar.grgit' version '5.2.2'
id 'org.ajoberstar.grgit' version '5.3.0'

// To compile user documentation (not working: blows up on compileMarkdown)
//id 'org.uulib.gradle.markdown' version '0.0.1'
Expand All @@ -62,7 +62,7 @@ plugins {
id 'com.adarshr.test-logger' version '4.0.0'

// To discover library versions with known vulnerabilities
id 'org.owasp.dependencycheck' version '10.0.2'
id 'org.owasp.dependencycheck' version '10.0.4'

// Task to assist in downloading artifacts
id 'de.undercouch.download' version '5.6.0'
Expand All @@ -79,7 +79,7 @@ plugins {
id 'org.kordamp.gradle.markdown' version '2.2.0'

// To generate API documentation from JAX-RS annotations and javadocs
id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.23"
id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.25"

// To generate JPMS images more easily with 3rd-party "automatic" modules
id 'org.beryx.jlink' version '2.26.0'
Expand Down Expand Up @@ -359,7 +359,7 @@ project(':wres-io') {
exclude group: 'com.google.guava', module: 'guava'
}
// Include later dependency versions for the excluded dependencies above
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

// to use native postgres copy, need this on compile, otherwise runtime
implementation('org.postgresql:postgresql:42.7.4') {
Expand Down Expand Up @@ -403,7 +403,7 @@ project(':wres-io') {
runtimeOnly 'org.slf4j:jcl-over-slf4j:2.1.0-alpha1'

//JB @ 02/16/17
testImplementation 'com.google.guava:guava-testlib:33.3.0-jre'
testImplementation 'com.google.guava:guava-testlib:33.3.1-jre'

// Mocking help
testImplementation 'org.mockito:mockito-inline:5.2.0'
Expand Down Expand Up @@ -532,7 +532,7 @@ project(':wres-writing') {
exclude group: 'com.google.guava', module: 'guava'
}
// Include later dependency versions for the excluded dependencies above
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

// Better-than-Java's HTTP client
implementation 'com.squareup.okhttp3:okhttp:4.12.0'
Expand Down Expand Up @@ -578,7 +578,7 @@ project(':wres-reading') {
implementation group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1'

// For Java 8 java.time support
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0'

implementation('edu.ucar:cdm-core:5.4.2') {
// Because we use slf4j, not jcl:
Expand All @@ -591,7 +591,7 @@ project(':wres-reading') {
exclude group: 'com.google.guava', module: 'guava'
}
// Include later dependency versions for the excluded dependencies above
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

implementation 'org.apache.commons:commons-compress:1.27.1'

Expand Down Expand Up @@ -623,7 +623,7 @@ project(':wres-reading') {
annotationProcessor 'org.projectlombok:lombok:1.18.34'

//JB @ 02/16/17
testImplementation 'com.google.guava:guava-testlib:33.3.0-jre'
testImplementation 'com.google.guava:guava-testlib:33.3.1-jre'

// Mocking help
testImplementation 'org.mockito:mockito-inline:5.2.0'
Expand Down Expand Up @@ -965,8 +965,8 @@ project(':wres-config') {
implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.0'
implementation 'com.fasterxml.jackson.core:jackson-annotations:2.18.0'
implementation 'com.fasterxml.jackson.core:jackson-core:2.18.0'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2'
implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2'
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0'
implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.18.0'
implementation('com.hubspot.jackson:jackson-datatype-protobuf:0.9.15') {
// Exclude old modules to eliminate several CVEs
// Remove older protobuf version and include later version below
Expand All @@ -977,7 +977,7 @@ project(':wres-config') {
}
// Include later dependency versions for the excluded dependencies above
implementation 'com.google.protobuf:protobuf-java:3.21.12'
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

// To validate WKT strings as geometries
implementation group: 'org.locationtech.jts', name: 'jts-core', version: '1.20.0'
Expand All @@ -992,7 +992,7 @@ project(':wres-config') {
implementation group: 'com.opencsv', name: 'opencsv', version: '5.9'

// YAML/JSON schema validation
implementation 'com.networknt:json-schema-validator:1.5.1'
implementation 'com.networknt:json-schema-validator:1.5.2'

// To auto-generate builders for Java records through annotation processing
annotationProcessor 'io.soabase.record-builder:record-builder-processor:41'
Expand All @@ -1009,7 +1009,7 @@ project(':wres-config') {
jaxb 'commons-beanutils:commons-beanutils:1.9.4'

// commons-io is transitive dependency of jaxb2-basics-annotate, has CVE
jaxb 'commons-io:commons-io:2.16.1'
jaxb 'commons-io:commons-io:2.17.0'

// jaxb-xjc transitively includes bind-api and jaxb-core
jaxb 'org.glassfish.jaxb:jaxb-xjc:2.3.8'
Expand All @@ -1028,7 +1028,7 @@ project(':wres-config') {
testImplementation 'org.mockito:mockito-core:5.14.2'

testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.2'
testImplementation 'org.junit.jupiter:junit-jupiter-params:5.11.0'
testImplementation 'org.junit.jupiter:junit-jupiter-params:5.11.2'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.2'

// In-memory implementation of a java.nio.file abstract file system api
Expand Down Expand Up @@ -1529,7 +1529,7 @@ project(':wres-eventsbroker') {
}

// Include later dependency versions for the excluded dependencies above
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

// Include later dependency version
implementation group: 'org.apache.commons', name: 'commons-configuration2', version: '2.11.0'
Expand Down Expand Up @@ -1558,7 +1558,7 @@ project(':wres-eventsbroker') {
runtimeOnly 'org.slf4j:jcl-over-slf4j:2.1.0-alpha1'

// Qpid AMQP 1.0 Jakarta Messaging API client to test interaction with the embedded broker
testImplementation('org.apache.qpid:qpid-jms-client:2.5.0') {
testImplementation('org.apache.qpid:qpid-jms-client:2.6.1') {
// Because of CVE-2022-24823. TODO: remove when Qpid catches up
exclude group: 'io.netty'
}
Expand Down Expand Up @@ -1593,7 +1593,7 @@ project(':wres-events') {
implementation group: 'jakarta.jms', name: 'jakarta.jms-api', version: '3.1.0'

// Qpid AMQP 1.0 Jakarta Messaging API client
implementation('org.apache.qpid:qpid-jms-client:2.5.0') {
implementation('org.apache.qpid:qpid-jms-client:2.6.1') {
// Because of CVE-2022-24823. TODO: remove when Qpid catches up
exclude group: 'io.netty'
}
Expand Down Expand Up @@ -1913,7 +1913,7 @@ dependencies {
exclude group: 'com.google.guava', module: 'guava'
}
// Include later dependency versions for the excluded dependencies above
implementation 'com.google.guava:guava:33.3.0-jre'
implementation 'com.google.guava:guava:33.3.1-jre'

// JCIP annotations
compileOnly group: 'net.jcip', name: 'jcip-annotations', version: '1.0'
Expand Down

0 comments on commit b2d7094

Please sign in to comment.