GEODE-10387: bump dependencies (#7805)

* GEODE-10387: Bump 3rd-party dependency versions Geode endeavors to update to the latest version of 3rd-party dependencies on develop wherever possible. Doing so increases the shelf life of releases and increases security and reliability. Doing so regularly makes the occasional hiccups this can cause easier to pinpoint and address. Dependency bumps in this batch: * Bump cargo-core-uberjar from 1.9.10 to 1.9.12 * Bump classgraph from 4.8.146 to 4.8.147 * Bump jackson from 2.13.2 to 2.13.3 * Bump junit-pioneer from 1.6.2 to 1.7.1 * Bump micrometer-core from 1.9.0 to 1.9.1 * Bump mockito-core from 4.4.0 to 4.6.1 * Bump spring from 5.3.20 to 5.3.21 * Bump spring-hateoas from 1.4.2 to 1.5.0 * Bump spring-ldap-core from 2.3.7.RELEASE to 2.4.0 * Bump swagger-annotations from 2.2.0 to 2.2.1
apache · Jun 17, 2022 · 06d3b2a · 06d3b2a
1 parent 1e2e347
commit 06d3b2a
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 77 deletions.
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -180,7 +180,7 @@
       <dependency>
         <groupId>io.github.classgraph</groupId>
         <artifactId>classgraph</artifactId>
-        <version>4.8.146</version>
+        <version>4.8.147</version>
       </dependency>
       <dependency>
         <groupId>io.github.resilience4j</groupId>
@@ -195,12 +195,12 @@
       <dependency>
         <groupId>io.micrometer</groupId>
         <artifactId>micrometer-core</artifactId>
-        <version>1.9.0</version>
+        <version>1.9.1</version>
       </dependency>
       <dependency>
         <groupId>io.swagger.core.v3</groupId>
         <artifactId>swagger-annotations</artifactId>
-        <version>2.2.0</version>
+        <version>2.2.1</version>
       </dependency>
       <dependency>
         <groupId>it.unimi.dsi</groupId>
@@ -350,7 +350,7 @@
       <dependency>
         <groupId>org.codehaus.cargo</groupId>
         <artifactId>cargo-core-uberjar</artifactId>
-        <version>1.9.10</version>
+        <version>1.9.12</version>
       </dependency>
       <dependency>
         <groupId>org.eclipse.jetty</groupId>
@@ -420,12 +420,12 @@
       <dependency>
         <groupId>org.springframework.hateoas</groupId>
         <artifactId>spring-hateoas</artifactId>
-        <version>1.4.2</version>
+        <version>1.5.0</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.ldap</groupId>
         <artifactId>spring-ldap-core</artifactId>
-        <version>2.3.7.RELEASE</version>
+        <version>2.4.0</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.shell</groupId>
@@ -455,42 +455,42 @@
       <dependency>
         <groupId>org.junit-pioneer</groupId>
         <artifactId>junit-pioneer</artifactId>
-        <version>1.6.2</version>
+        <version>1.7.1</version>
       </dependency>
       <dependency>
         <groupId>org.mockito</groupId>
         <artifactId>mockito-core</artifactId>
-        <version>4.4.0</version>
+        <version>4.6.1</version>
       </dependency>
       <dependency>
         <groupId>org.mockito</groupId>
         <artifactId>mockito-junit-jupiter</artifactId>
-        <version>4.4.0</version>
+        <version>4.6.1</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-annotations</artifactId>
-        <version>2.13.2</version>
+        <version>2.13.3</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-core</artifactId>
-        <version>2.13.2</version>
+        <version>2.13.3</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-databind</artifactId>
-        <version>2.13.2.2</version>
+        <version>2.13.3</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.datatype</groupId>
         <artifactId>jackson-datatype-joda</artifactId>
-        <version>2.13.2</version>
+        <version>2.13.3</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.datatype</groupId>
         <artifactId>jackson-datatype-jsr310</artifactId>
-        <version>2.13.2</version>
+        <version>2.13.3</version>
       </dependency>
       <dependency>
         <groupId>com.jayway.jsonpath</groupId>
@@ -665,52 +665,52 @@
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-aspects</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-beans</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-context</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-core</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-expression</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-oxm</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-test</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-tx</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-web</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-webmvc</artifactId>
-        <version>5.3.20</version>
+        <version>5.3.21</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.boot</groupId>

diff --git a/...y-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/...y-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -40,14 +40,14 @@ class DependencyConstraints {
     deps.put("javax.transaction-api.version", "1.3")
     deps.put("jgroups.version", "3.6.14.Final")
     deps.put("log4j.version", "2.17.2")
-    deps.put("micrometer.version", "1.9.0")
+    deps.put("micrometer.version", "1.9.1")
     deps.put("shiro.version", "1.9.0")
     deps.put("slf4j-api.version", "1.7.32")
     deps.put("jboss-modules.version", "1.11.0.Final")
-    deps.put("jackson.version", "2.13.2")
-    deps.put("jackson.databind.version", "2.13.2.2")
+    deps.put("jackson.version", "2.13.3")
+    deps.put("jackson.databind.version", "2.13.3")
     deps.put("springshell.version", "1.2.0.RELEASE")
-    deps.put("springframework.version", "5.3.20")
+    deps.put("springframework.version", "5.3.21")
 
     // These version numbers are used in testing various versions of tomcat and are consumed explicitly
     // in will be called explicitly in the relevant extensions module, and respective configurations
@@ -115,11 +115,11 @@ class DependencyConstraints {
         api(group: 'commons-modeler', name: 'commons-modeler', version: '2.0.1')
         api(group: 'commons-validator', name: 'commons-validator', version: get('commons-validator.version'))
         // Careful when upgrading this dependency: see GEODE-7370 and GEODE-8150.
-        api(group: 'io.github.classgraph', name: 'classgraph', version: '4.8.146')
+        api(group: 'io.github.classgraph', name: 'classgraph', version: '4.8.147')
         api(group: 'io.github.resilience4j', name: 'resilience4j-retry', version: '1.7.1')
         api(group: 'io.lettuce', name: 'lettuce-core', version: '6.1.8.RELEASE')
         api(group: 'io.micrometer', name: 'micrometer-core', version: get('micrometer.version'))
-        api(group: 'io.swagger.core.v3', name: 'swagger-annotations', version: '2.2.0')
+        api(group: 'io.swagger.core.v3', name: 'swagger-annotations', version: '2.2.1')
         api(group: 'it.unimi.dsi', name: 'fastutil', version: get('fastutil.version'))
         api(group: 'javax.annotation', name: 'javax.annotation-api', version: '1.3.2')
         api(group: 'javax.annotation', name: 'jsr250-api', version: '1.0')
@@ -149,7 +149,7 @@ class DependencyConstraints {
         api(group: 'org.assertj', name: 'assertj-core', version: '3.22.0')
         api(group: 'org.awaitility', name: 'awaitility', version: '4.2.0')
         api(group: 'org.buildobjects', name: 'jproc', version: '2.8.0')
-        api(group: 'org.codehaus.cargo', name: 'cargo-core-uberjar', version: '1.9.10')
+        api(group: 'org.codehaus.cargo', name: 'cargo-core-uberjar', version: '1.9.12')
         api(group: 'org.eclipse.jetty', name: 'jetty-server', version: get('jetty.version'))
         api(group: 'org.eclipse.jetty', name: 'jetty-webapp', version: get('jetty.version'))
         api(group: 'org.eclipse.persistence', name: 'javax.persistence', version: '2.2.1')
@@ -163,18 +163,18 @@ class DependencyConstraints {
         api(group: 'org.postgresql', name: 'postgresql', version: '42.2.8')
         api(group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0')
         api(group: 'org.slf4j', name: 'slf4j-api', version: get('slf4j-api.version'))
-        api(group: 'org.springframework.hateoas', name: 'spring-hateoas', version: '1.4.2')
-        api(group: 'org.springframework.ldap', name: 'spring-ldap-core', version: '2.3.7.RELEASE')
+        api(group: 'org.springframework.hateoas', name: 'spring-hateoas', version: '1.5.0')
+        api(group: 'org.springframework.ldap', name: 'spring-ldap-core', version: '2.4.0')
         api(group: 'org.springframework.shell', name: 'spring-shell', version: get('springshell.version'))
         api(group: 'org.testcontainers', name: 'testcontainers', version: '1.15.3')
         api(group: 'pl.pragmatists', name: 'JUnitParams', version: '1.1.0')
         api(group: 'xerces', name: 'xercesImpl', version: '2.12.0')
         api(group: 'xml-apis', name: 'xml-apis', version: '1.4.01')
-        api(group: 'org.junit-pioneer', name: 'junit-pioneer', version: '1.6.2')
+        api(group: 'org.junit-pioneer', name: 'junit-pioneer', version: '1.7.1')
       }
     }
 
-    dependencySet(group: 'org.mockito', version: '4.4.0') {
+    dependencySet(group: 'org.mockito', version: '4.6.1') {
       entry('mockito-core')
       entry('mockito-junit-jupiter')
     }

diff --git a/dev-tools/dependencies/bump.sh b/dev-tools/dependencies/bump.sh
@@ -28,7 +28,7 @@ if [ "$2" = "-l" ] ; then
   find . | grep build/dependencyUpdates/report.txt | xargs cat \
    | grep ' -> ' | egrep -v '(Gradle|antlr|lucene|JUnitParams|docker-compose-rule|javax.servlet-api|springdoc|derby|selenium|jgroups|jmh|\[6.0.37|commons-collections|jaxb|testcontainers|gradle-tooling-api|slf4j|archunit)' \
    | sort -u | tr -d '][' | sed -e 's/ -> / /' -e 's#.*:#'"$0 $1"' #'
-  echo "cd .. ; geode/dev-tools/release/license_review.sh -v HEAD && echo ':)' || echo 'ERROR(S) WERE FOUND, SEE ABOVE' ; cd $(pwd)"
+  echo "cd .. ; geode/dev-tools/release/license_review.sh -v HEAD ; cd $(pwd)"
   echo "#Also: manually check for newer version of plugins listed in build.gradle (search on https://plugins.gradle.org/)"
   echo "#Tip: prepend SKIP=true to some lines to bump a few dependencies at once between validation checks.  Push in small batches.  Add Windows label to PR before pushing final batch."
   exit 0
@@ -80,4 +80,4 @@ if [ $(git diff | wc -l) -gt 0 ] ; then
   git stash
   git stash drop
 fi
-[ -n "$SKIP" ] || ./gradlew devBuild checkPom :geode-assembly:integrationTest --tests AssemblyContentsIntegrationTest --tests GeodeDependencyJarIntegrationTest --tests BundledJarsJUnitTest --tests GemfireCoreClasspathTest --tests GfshDependencyJarIntegrationTest
+[ -n "$SKIP" ] || ./gradlew devBuild checkPom :geode-assembly:integrationTest --tests AssemblyContentsIntegrationTest --tests GeodeDependencyJarIntegrationTest --tests BundledJarsJUnitTest --tests GemfireCoreClasspathTest --tests GfshDependencyJarIntegrationTest -x srcDistTar
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -967,7 +967,7 @@ lib/HdrHistogram-2.1.12.jar
 lib/HikariCP-4.0.3.jar
 lib/LatencyUtils-2.0.3.jar
 lib/antlr-2.7.7.jar
-lib/classgraph-4.8.146.jar
+lib/classgraph-4.8.147.jar
 lib/commons-beanutils-1.9.4.jar
 lib/commons-codec-1.15.jar
 lib/commons-collections-3.2.2.jar
@@ -1004,9 +1004,9 @@ lib/gfsh-dependencies.jar
 lib/httpclient-4.5.13.jar
 lib/httpcore-4.4.15.jar
 lib/istack-commons-runtime-4.0.1.jar
-lib/jackson-annotations-2.13.2.jar
-lib/jackson-core-2.13.2.jar
-lib/jackson-databind-2.13.2.2.jar
+lib/jackson-annotations-2.13.3.jar
+lib/jackson-core-2.13.3.jar
+lib/jackson-databind-2.13.3.jar
 lib/javax.activation-api-1.2.0.jar
 lib/javax.mail-api-1.6.2.jar
 lib/javax.resource-api-1.7.1.jar
@@ -1038,7 +1038,7 @@ lib/lucene-analyzers-phonetic-6.6.6.jar
 lib/lucene-core-6.6.6.jar
 lib/lucene-queries-6.6.6.jar
 lib/lucene-queryparser-6.6.6.jar
-lib/micrometer-core-1.9.0.jar
+lib/micrometer-core-1.9.1.jar
 lib/mx4j-3.0.2.jar
 lib/mx4j-remote-3.0.2.jar
 lib/mx4j-tools-3.0.1.jar
@@ -1055,13 +1055,13 @@ lib/shiro-event-1.9.0.jar
 lib/shiro-lang-1.9.0.jar
 lib/slf4j-api-1.7.32.jar
 lib/snappy-0.4.jar
-lib/spring-beans-5.3.20.jar
-lib/spring-context-5.3.20.jar
-lib/spring-core-5.3.20.jar
-lib/spring-jcl-5.3.20.jar
+lib/spring-beans-5.3.21.jar
+lib/spring-context-5.3.21.jar
+lib/spring-core-5.3.21.jar
+lib/spring-jcl-5.3.21.jar
 lib/spring-shell-1.2.0.RELEASE.jar
-lib/spring-web-5.3.20.jar
-lib/swagger-annotations-2.2.0.jar
+lib/spring-web-5.3.21.jar
+lib/swagger-annotations-2.2.1.jar
 tools/Extensions/geode-web-0.0.0.war
 tools/Extensions/geode-web-api-0.0.0.war
 tools/Extensions/geode-web-management-0.0.0.war
@@ -1070,6 +1070,6 @@ tools/Modules/Apache_Geode_Modules-0.0.0-Tomcat.zip
 tools/Modules/Apache_Geode_Modules-0.0.0-tcServer.zip
 tools/Modules/Apache_Geode_Modules-0.0.0-tcServer30.zip
 tools/Pulse/geode-pulse-0.0.0.war
-lib/jackson-datatype-joda-2.13.2.jar
-lib/jackson-datatype-jsr310-2.13.2.jar
+lib/jackson-datatype-joda-2.13.3.jar
+lib/jackson-datatype-jsr310-2.13.3.jar
 lib/joda-time-2.10.14.jar
diff --git a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -18,21 +18,21 @@ geode-common-0.0.0.jar
 geode-unsafe-0.0.0.jar
 geode-deployment-legacy-0.0.0.jar
 spring-shell-1.2.0.RELEASE.jar
-spring-web-5.3.20.jar
+spring-web-5.3.21.jar
 commons-lang3-3.12.0.jar
 rmiio-2.1.2.jar
-jackson-annotations-2.13.2.jar
-jackson-core-2.13.2.jar
-jackson-databind-2.13.2.2.jar
-swagger-annotations-2.2.0.jar
+jackson-annotations-2.13.3.jar
+jackson-core-2.13.3.jar
+jackson-databind-2.13.3.jar
+swagger-annotations-2.2.1.jar
 jopt-simple-5.0.4.jar
 log4j-slf4j-impl-2.17.2.jar
 log4j-core-2.17.2.jar
 log4j-jcl-2.17.2.jar
 log4j-jul-2.17.2.jar
 log4j-api-2.17.2.jar
-spring-context-5.3.20.jar
-spring-core-5.3.20.jar
+spring-context-5.3.21.jar
+spring-core-5.3.21.jar
 lucene-analyzers-phonetic-6.6.6.jar
 lucene-analyzers-common-6.6.6.jar
 lucene-queryparser-6.6.6.jar
@@ -53,8 +53,8 @@ commons-collections-3.2.2.jar
 commons-digester-2.1.jar
 commons-io-2.11.0.jar
 commons-logging-1.2.jar
-classgraph-4.8.146.jar
-micrometer-core-1.9.0.jar
+classgraph-4.8.147.jar
+micrometer-core-1.9.1.jar
 fastutil-8.5.8.jar
 javax.resource-api-1.7.1.jar
 jetty-webapp-9.4.46.v20220331.jar
@@ -74,11 +74,11 @@ shiro-event-1.9.0.jar
 shiro-crypto-core-1.9.0.jar
 shiro-lang-1.9.0.jar
 slf4j-api-1.7.32.jar
-spring-beans-5.3.20.jar
+spring-beans-5.3.21.jar
 javax.activation-api-1.2.0.jar
 jline-2.12.jar
 lucene-queries-6.6.6.jar
-spring-jcl-5.3.20.jar
+spring-jcl-5.3.21.jar
 HdrHistogram-2.1.12.jar
 LatencyUtils-2.0.3.jar
 javax.transaction-api-1.3.jar
@@ -87,6 +87,6 @@ jetty-http-9.4.46.v20220331.jar
 jetty-io-9.4.46.v20220331.jar
 jetty-util-ajax-9.4.46.v20220331.jar
 jetty-util-9.4.46.v20220331.jar
-jackson-datatype-joda-2.13.2.jar
-jackson-datatype-jsr310-2.13.2.jar
+jackson-datatype-joda-2.13.3.jar
+jackson-datatype-jsr310-2.13.3.jar
 joda-time-2.10.14.jar
diff --git a/geode-assembly/src/main/dist/LICENSE b/geode-assembly/src/main/dist/LICENSE
@@ -1065,7 +1065,7 @@ The MIT License (http://opensource.org/licenses/mit-license.html)
 
 Apache Geode bundles the following files under the MIT License:
 
-  - ClassGraph v4.8.146 (https://github.com/classgraph/classgraph), Copyright
+  - ClassGraph v4.8.147 (https://github.com/classgraph/classgraph), Copyright
     (c) 2019 Luke Hutchison
   - HTML5 Shiv vpre3.5 (https://github.com/aFarkas/html5shiv), Copyright
     (c) 2014 Alexander Farkas (aFarkas)