diff --git a/build.gradle b/build.gradle index 85ff032e6..96fb67dc2 100755 --- a/build.gradle +++ b/build.gradle @@ -44,7 +44,7 @@ plugins { id 'com.github.seanrl.jaxb' version '2.5.4' // For ability to use git ids for versioning jar files: - id 'org.ajoberstar.grgit' version '5.2.2' + id 'org.ajoberstar.grgit' version '5.3.0' // To compile user documentation (not working: blows up on compileMarkdown) //id 'org.uulib.gradle.markdown' version '0.0.1' @@ -62,7 +62,7 @@ plugins { id 'com.adarshr.test-logger' version '4.0.0' // To discover library versions with known vulnerabilities - id 'org.owasp.dependencycheck' version '10.0.2' + id 'org.owasp.dependencycheck' version '10.0.4' // Task to assist in downloading artifacts id 'de.undercouch.download' version '5.6.0' @@ -79,7 +79,7 @@ plugins { id 'org.kordamp.gradle.markdown' version '2.2.0' // To generate API documentation from JAX-RS annotations and javadocs - id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.23" + id "io.swagger.core.v3.swagger-gradle-plugin" version "2.2.25" // To generate JPMS images more easily with 3rd-party "automatic" modules id 'org.beryx.jlink' version '2.26.0' @@ -359,7 +359,7 @@ project(':wres-io') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' // to use native postgres copy, need this on compile, otherwise runtime implementation('org.postgresql:postgresql:42.7.4') { @@ -403,7 +403,7 @@ project(':wres-io') { runtimeOnly 'org.slf4j:jcl-over-slf4j:2.1.0-alpha1' //JB @ 02/16/17 - testImplementation 'com.google.guava:guava-testlib:33.3.0-jre' + testImplementation 'com.google.guava:guava-testlib:33.3.1-jre' // Mocking help testImplementation 'org.mockito:mockito-inline:5.2.0' @@ -532,7 +532,7 @@ project(':wres-writing') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' // Better-than-Java's HTTP client implementation 'com.squareup.okhttp3:okhttp:4.12.0' @@ -578,7 +578,7 @@ project(':wres-reading') { implementation group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1' // For Java 8 java.time support - implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2' + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0' implementation('edu.ucar:cdm-core:5.4.2') { // Because we use slf4j, not jcl: @@ -591,7 +591,7 @@ project(':wres-reading') { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' implementation 'org.apache.commons:commons-compress:1.27.1' @@ -623,7 +623,7 @@ project(':wres-reading') { annotationProcessor 'org.projectlombok:lombok:1.18.34' //JB @ 02/16/17 - testImplementation 'com.google.guava:guava-testlib:33.3.0-jre' + testImplementation 'com.google.guava:guava-testlib:33.3.1-jre' // Mocking help testImplementation 'org.mockito:mockito-inline:5.2.0' @@ -965,8 +965,8 @@ project(':wres-config') { implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.0' implementation 'com.fasterxml.jackson.core:jackson-annotations:2.18.0' implementation 'com.fasterxml.jackson.core:jackson-core:2.18.0' - implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2' - implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2' + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0' + implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.18.0' implementation('com.hubspot.jackson:jackson-datatype-protobuf:0.9.15') { // Exclude old modules to eliminate several CVEs // Remove older protobuf version and include later version below @@ -977,7 +977,7 @@ project(':wres-config') { } // Include later dependency versions for the excluded dependencies above implementation 'com.google.protobuf:protobuf-java:3.21.12' - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' // To validate WKT strings as geometries implementation group: 'org.locationtech.jts', name: 'jts-core', version: '1.20.0' @@ -992,7 +992,7 @@ project(':wres-config') { implementation group: 'com.opencsv', name: 'opencsv', version: '5.9' // YAML/JSON schema validation - implementation 'com.networknt:json-schema-validator:1.5.1' + implementation 'com.networknt:json-schema-validator:1.5.2' // To auto-generate builders for Java records through annotation processing annotationProcessor 'io.soabase.record-builder:record-builder-processor:41' @@ -1009,7 +1009,7 @@ project(':wres-config') { jaxb 'commons-beanutils:commons-beanutils:1.9.4' // commons-io is transitive dependency of jaxb2-basics-annotate, has CVE - jaxb 'commons-io:commons-io:2.16.1' + jaxb 'commons-io:commons-io:2.17.0' // jaxb-xjc transitively includes bind-api and jaxb-core jaxb 'org.glassfish.jaxb:jaxb-xjc:2.3.8' @@ -1028,7 +1028,7 @@ project(':wres-config') { testImplementation 'org.mockito:mockito-core:5.14.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.2' - testImplementation 'org.junit.jupiter:junit-jupiter-params:5.11.0' + testImplementation 'org.junit.jupiter:junit-jupiter-params:5.11.2' testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.2' // In-memory implementation of a java.nio.file abstract file system api @@ -1529,7 +1529,7 @@ project(':wres-eventsbroker') { } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' // Include later dependency version implementation group: 'org.apache.commons', name: 'commons-configuration2', version: '2.11.0' @@ -1558,7 +1558,7 @@ project(':wres-eventsbroker') { runtimeOnly 'org.slf4j:jcl-over-slf4j:2.1.0-alpha1' // Qpid AMQP 1.0 Jakarta Messaging API client to test interaction with the embedded broker - testImplementation('org.apache.qpid:qpid-jms-client:2.5.0') { + testImplementation('org.apache.qpid:qpid-jms-client:2.6.1') { // Because of CVE-2022-24823. TODO: remove when Qpid catches up exclude group: 'io.netty' } @@ -1593,7 +1593,7 @@ project(':wres-events') { implementation group: 'jakarta.jms', name: 'jakarta.jms-api', version: '3.1.0' // Qpid AMQP 1.0 Jakarta Messaging API client - implementation('org.apache.qpid:qpid-jms-client:2.5.0') { + implementation('org.apache.qpid:qpid-jms-client:2.6.1') { // Because of CVE-2022-24823. TODO: remove when Qpid catches up exclude group: 'io.netty' } @@ -1913,7 +1913,7 @@ dependencies { exclude group: 'com.google.guava', module: 'guava' } // Include later dependency versions for the excluded dependencies above - implementation 'com.google.guava:guava:33.3.0-jre' + implementation 'com.google.guava:guava:33.3.1-jre' // JCIP annotations compileOnly group: 'net.jcip', name: 'jcip-annotations', version: '1.0'