Skip to content

Commit

Permalink
Improved: Update build.gradle to the latest dependencies (OFBIZ-13194)
Browse files Browse the repository at this point in the history
Thanks to previous precious Danny Trunk's work at OFBIZ-13123, this time the
effort was not too hard.

There are 2 aspects:
1) In build.gradle:
  Uses <<version "latest.release">> for plugins following
  https://docs.gradle.org/7.0/release-notes.html#using-dynamic-versions-in-the-plugins-block

  Updates junitReport to 'org.apache.ant:ant-junit:1.10.15'
          checkstyle to toolVersion = '10.20.2'

  Adds a commented out "useLatestVersions" section. Commented out because
  I tried to use the recommended useLatestVersions and useLatestVersionsCheck
  ie gradlew -PenableDependencyUpdates useLatestVersions
         && gradlew -PenableDependencyUpdates useLatestVersionsCheck
  and got an issue:
  Execution failed for task ':useLatestVersionsCheck'
  Maybe because of:
  Failed to determine the latest version for the following dependencies
   - org.apereo.cas:cas-server-support-ldap-core
   - org.safehaus.jug:jug
  This said it was useful, could be more if we complete the "useLatestVersions"
  section

2) In Dependencies the "standard" updates with new comments when needed
   ie removing or commenting issues in code with the help of useLatestVersions
   feature
  • Loading branch information
JacquesLeRoux committed Dec 14, 2024
1 parent 80f61f1 commit 610e249
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 37 deletions.
60 changes: 49 additions & 11 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,21 @@ import org.asciidoctor.gradle.jvm.AsciidoctorTask
* Project setup
* ======================================================== */
plugins {
id 'application'
id 'application' // plugins that are versioned as part of Gradle are using simple quotes to differentiate them
id 'groovy'
id 'eclipse'
id 'checkstyle'
id 'codenarc'
id 'maven-publish'
id 'org.asciidoctor.jvm.convert' version '4.0.2'
id 'org.asciidoctor.jvm.pdf' version '4.0.2'
id 'org.owasp.dependencycheck' version '10.0.2' apply false
id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
id 'com.github.ben-manes.versions' version '0.51.0' apply false
id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
id "com.github.jakemarsden.git-hooks" version "0.0.2"
id "com.github.node-gradle.node" version '7.0.2' apply false
id "org.asciidoctor.jvm.convert" version "latest.release"
id "org.asciidoctor.jvm.pdf" version "latest.release"
id "org.owasp.dependencycheck" version "latest.release" apply false
//id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
id "se.patrikerdes.use-latest-versions" version "latest.release" apply false
id "com.github.ben-manes.versions" version "latest.release" apply false
id "com.github.ManifestClasspath" version "latest.release"
id "com.github.jakemarsden.git-hooks" version "latest.release"
id "com.github.node-gradle.node" version "latest.release" apply false
}

/* OWASP plugin
Expand Down Expand Up @@ -71,6 +72,43 @@ if (project.hasProperty('enableDependencyUpdates')) {
apply plugin: 'se.patrikerdes.use-latest-versions'
}

/* Configuration and default values. By default not available as it breacks Gradle build even when useLatestVersionsCheck (see above) is used.
useLatestVersions {
// A whitelist of dependencies to update, in the format of group:name
// Equal to command line: --update-dependency=[values]
updateWhitelist = []
// A blacklist of dependencies to update, in the format of group:name
// Equal to command line: --ignore-dependency=[values]
updateBlacklist = []
// When enabled, root project gradle.properties will also be populated with
// versions from subprojects in multi-project build
// Equal to command line: --update-root-properties
updateRootProperties = false
// By default plugin tries to find all relevant gradle files (e.g. *.gradle, gradle.properties etc).
// This can be slow in some cases when project has a lot of gradle files. For example when using conventions
// in buildSrc. With this option you can specify what files should plugin search and check. Plugin will ignore
// files that don't exist. Empty list means use default strategy. File paths are relative to project dir.
//
// Example:
// versionFiles = ["gradle.build", "gradle.properties"]
// Will check just $projectDir/gradle.build and $projectDir/gradle.properties
//
// Note:
// You always have to specify file that has dependencies in some common dependency format with artifact coordinates,
// e.g. compileOnly "group:module:version" or compileOnly("group:module:version") or val dependency = "group:module:version" etc.
// For example if you set just versionFiles = ["gradle.properties"] this won't work, since plugin
// won't be able to correlate variable with artifact coordinates.
//
// Equal to command line: --version-files=[values]
versionFiles = []
// List of root project files to update when updateRootProperties is enabled.
// `build.gradle` is not an acceptable entry here as it breaks other expected
// functionality. Version variables in `build.gradle` need to be moved into
// a separate file which can be listed here.
// Equal to command line: --root-version-files=[values]
//rootVersionFiles = ['gradle.properties']
}*/

apply from: 'common.gradle'
apply from: 'dependencies.gradle'

Expand Down Expand Up @@ -218,7 +256,7 @@ dependencies {
}

junitReport 'junit:junit:4.13.2'
junitReport 'org.apache.ant:ant-junit:1.10.14'
junitReport 'org.apache.ant:ant-junit:1.10.15'

// Libraries downloaded manually
implementation fileTree(dir: file("${rootDir}/lib"), include: '**/*.jar')
Expand Down Expand Up @@ -295,7 +333,7 @@ checkstyle {
// Currently there are no errors so we can show new one when they appear
showViolations = true
// Specify tool version so we can keep it up-to-date
toolVersion = '10.17.0'
toolVersion = '10.20.2'
}
gitHooks {
hooks = ['pre-push': 'checkstyleMain codenarcMain codenarcTest']
Expand Down
52 changes: 26 additions & 26 deletions dependencies.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -18,64 +18,64 @@
*/
dependencies {
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
implementation 'com.google.guava:guava:33.2.1-jre'
implementation 'com.google.guava:guava:33.3.1-jre'
implementation 'com.google.zxing:core:3.5.3'
implementation 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.31'
implementation 'com.ibm.icu:icu4j:74.2'
implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.52'
implementation 'com.ibm.icu:icu4j:76.1'
implementation ('com.lowagie:itext:2.1.7') { // Don't update due to license change in newer versions, see OFBIZ-10455
exclude group: 'bouncycastle', module: 'bcmail-jdk14'
exclude group: 'bouncycastle', module: 'bcprov-jdk14'
exclude group: 'bouncycastle', module: 'bctsp-jdk14'
}
implementation 'com.sun.mail:javax.mail:1.6.2'
implementation 'com.rometools:rome:2.1.0'
implementation 'com.thoughtworks.xstream:xstream:1.4.20'
implementation 'com.thoughtworks.xstream:xstream:1.4.21'
implementation 'commons-cli:commons-cli:1.5.0' // with 1.6.0, 2 tests of OfbizStartupUnitTests don't pass
implementation 'commons-fileupload:commons-fileupload:1.5'
implementation 'commons-net:commons-net:3.10.0'
implementation 'commons-validator:commons-validator:1.8.0'
implementation 'commons-net:commons-net:3.11.1'
implementation 'commons-validator:commons-validator:1.9.0'
implementation 'de.odysseus.juel:juel-impl:2.2.7'
implementation 'javax.transaction:javax.transaction-api:1.3'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
implementation 'net.lingala.zip4j:zip4j:2.11.5'
implementation 'org.apache.ant:ant-junit:1.10.14'
implementation 'org.apache.ant:ant-junit:1.10.15'
implementation 'org.apache.commons:commons-collections4:4.4'
implementation 'org.apache.commons:commons-csv:1.10.0'
implementation 'org.apache.commons:commons-csv:1.12.0'
implementation 'org.apache.commons:commons-dbcp2:2.13.0'
implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha but OK, "Imaging was working and was used by a number of projects in production even before reaching its initial release as an Apache Commons component." Since 1.0.0-alpha4 (note the use of semver) the API has changed. Better wait an "official release" to rewrite OFBiz code...
implementation 'org.apache.commons:commons-text:1.11.0'
implementation 'org.apache.commons:commons-text:1.12.0'
implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.5' // 4.0.0 does not compile
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
implementation 'org.apache.logging.log4j:log4j-api:2.24.2' // the API of log4j 2
implementation 'org.apache.logging.log4j:log4j-core:2.24.2' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:5.3.0'
implementation 'org.apache.pdfbox:pdfbox:2.0.32' // 3.0.1 does not compile
implementation 'org.apache.shiro:shiro-core:1.13.0'
implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.0'
implementation 'org.apache.sshd:sshd-core:2.13.1'
implementation 'org.apache.sshd:sshd-sftp:2.13.1'
implementation 'org.apache.tika:tika-core:2.9.2'
implementation 'org.apache.tika:tika-parsers:2.9.2'
implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2'
implementation 'org.apache.shiro:shiro-core:1.13.0' // Got "Exception in thread "main" java.lang.UnsupportedOperationException: Cannot create a hash with the given algorithm: argon2" with 2.0.2 in integration tests
implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.2'
implementation 'org.apache.sshd:sshd-core:2.14.0'
implementation 'org.apache.sshd:sshd-sftp:2.14.0'
implementation 'org.apache.tika:tika-core:2.9.2' // To be compatible with tika-parser-pdf-module below
implementation 'org.apache.tika:tika-parsers:2.9.2' // To be compatible with tika-parser-pdf-module below
implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2' // > 2.9.2 does not compile, see OFBIZ-13155
implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.6.4' // 4.x+ requires javax.xml.bind -> jakarta.xml.bind namespace change
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.97' // Remember to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.97'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
implementation 'org.apache.xmlgraphics:batik-anim:1.17'
implementation 'org.apache.xmlgraphics:batik-util:1.17'
implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
implementation 'org.apache.xmlgraphics:batik-anim:1.18'
implementation 'org.apache.xmlgraphics:batik-util:1.18'
implementation 'org.apache.xmlgraphics:batik-bridge:1.18'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4 dependencies are messed up. See https://github.com/moqui/moqui-fop/blob/master/build.gradle
implementation 'org.clojure:clojure:1.11.3'
implementation 'org.apache.groovy:groovy-all:4.0.22'
implementation 'org.clojure:clojure:1.12.0'
implementation 'org.apache.groovy:groovy-all:5.0.0-alpha-11'
implementation 'org.freemarker:freemarker:2.3.34-SNAPSHOT' // Remember to change the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if >= 2.4
implementation 'org.owasp.esapi:esapi:2.5.4.0'
implementation 'org.owasp.esapi:esapi:2.6.0.0'
implementation 'org.cyberneko:html:1.9.8'
implementation 'org.springframework:spring-test:5.3.29' // 6.1.4 does not compile
implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
implementation 'com.auth0:java-jwt:4.4.0'
Expand All @@ -88,7 +88,7 @@ dependencies {
}

testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to not depend on hamcrest-1.3
testImplementation 'org.mockito:mockito-core:5.10.0'
testImplementation 'org.mockito:mockito-core:5.14.2'
testImplementation 'org.jmockit:jmockit:1.49'
testImplementation 'com.pholser:junit-quickcheck-generators:1.0'

Expand All @@ -108,7 +108,7 @@ dependencies {
runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.24.2' // need to constrain to version to avoid classpath conflict (ReflectionUtil)

// specify last codenarc version for java 17 compliance
codenarc('org.codenarc:CodeNarc:3.4.0')
codenarc('org.codenarc:CodeNarc:3.5.0')

// use constraints to update transitive dependencies
constraints {
Expand Down

0 comments on commit 610e249

Please sign in to comment.