build: Update dependencies in hale-platform to resolve security issues

update libraries ING-4067
halestudio · Nov 6, 2023 · e15bb02 · e15bb02
1 parent 5c040a0
commit e15bb02
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/build.gradle b/build.gradle
@@ -91,7 +91,7 @@ include {
 	}
 
 	from('modules/shared/logging.gradle') {
-		slf4jAndLogback '1.7.10', '1.0.13'
+		slf4jAndLogback '1.7.25', '1.0.13'
 	}
 
 	from 'modules/shared/orientdb.gradle', {
@@ -281,7 +281,7 @@ platform {
 	bnd group: 'net.sf.trove4j', name: 'trove4j', {
 		instructions 'Eclipse-BuddyPolicy': 'registered'
 	}
-	bundle 'commons-io:commons-io:2.4'
+	bundle 'commons-io:commons-io:2.14.0'
 	// https://www.cve.org/CVERecord?id=CVE-2022-42889
 	bundle 'org.apache.commons:commons-text:1.10.0'
 	bundle 'net.sf.ehcache:ehcache-core:2.6.6'
@@ -297,10 +297,10 @@ platform {
 	bundle 'asm:asm-analysis:3.3.1'
 
 	// ivy with at least 2.4 because of bug in IvySettings
-	bundle 'org.apache.ivy:ivy:2.4.0'
+	bundle 'org.apache.ivy:ivy:2.5.2'
 
 	// web stuff
-	bundle 'commons-fileupload:commons-fileupload:1.3.1'
+	bundle 'commons-fileupload:commons-fileupload:1.5'
 	bundle 'org.openid4java:openid4java:0.9.8'
 	bundle 'net.tanesha.recaptcha4j:recaptcha4j:0.0.8'
 	bundle "org.wicketstuff:wicketstuff-html5:$wicketVersion"
@@ -321,7 +321,7 @@ platform {
 //	bundle 'com.ning:async-http-client:1.8.15'
 
 	// quartz scheduler
-	bundle 'org.quartz-scheduler:quartz:1.7.3'
+	bundle 'org.quartz-scheduler:quartz:2.3.2'
 
 	// XML
 //	bundle 'org.apache.ws.xmlschema:xmlschema-core:2.0.2'
@@ -638,7 +638,7 @@ platform {
 	}
 	bnd group: 'ru.yandex.qatools.allure', name: 'allure-java-adaptor-api', {
 		// tika exported package version does not seem to resemble bundle version
-		instruction 'Import-Package', 'org.apache.tika.*;version="[1.0.0,2.0.0)",*'
+		instruction 'Import-Package', 'org.apache.tika.*;version="[1.28.4,2.9.1)",*'
 	}
 	bnd group: 'ru.yandex.qatools.allure', name: 'allure-java-aspects', {
 		// see http://wiki.eclipse.org/Equinox_Weaving_QuickStart
@@ -667,7 +667,7 @@ platform {
 	}
 
 	// YAML library
-	bundle 'org.yaml:snakeyaml:1.21'
+	bundle 'org.yaml:snakeyaml:2.2'
 
 	// Pebble template engine
 	def pebbleVersion = '3.0.1'

diff --git a/modules/jetty-support/jetty-support.gradle b/modules/jetty-support/jetty-support.gradle
@@ -1,6 +1,6 @@
 // Adapted jetty related bundles
 platform {
-	def jettyVersion = '9.2.1.v20140609'
+	def jettyVersion = '9.4.53.v20231009'
 	//def jettyVersion = '9.4.10.v20180503' // Originally upgraded during the platform migration to Photon. Not sure why anymore, so left out for the moment
 	def jettyGroup = 'org.eclipse.jetty'
 

diff --git a/modules/schemacrawler.gradle b/modules/schemacrawler.gradle
@@ -19,7 +19,7 @@ platform {
 				instruction 'DynamicImport-Package', '*'
 			}
 		}
-		bundle 'com.thoughtworks.xstream:xstream:1.4.5', { // dependency of schemacrawler not listed in pom!
+		bundle 'com.thoughtworks.xstream:xstream:1.4.20', { // dependency of schemacrawler not listed in pom!
 			bnd {
 				optionalImport 'sun.misc'
 			}