Skip to content

Dependency updates #725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Oct 2, 2025
Merged

Dependency updates #725

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f6a2956
Update swagger, guava, jwks-rsa, geoip
mwtrew Sep 29, 2025
ae798c6
Update dependency-check
mwtrew Sep 29, 2025
80f37d7
Update log4j and swagger
mwtrew Oct 1, 2025
2c7c0a7
Update lang3, bouncycastle, junit-5
mwtrew Oct 1, 2025
9bd7f76
Update surefire, snakeyaml, assertj, postgres
mwtrew Oct 1, 2025
7909bc4
Update resteasy
mwtrew Oct 1, 2025
429b4ff
Update jetty
mwtrew Oct 1, 2025
1d30daa
Update jackson, use BOM package to align indirect dependencies
mwtrew Oct 1, 2025
2f39262
Resolve merge conflict
mwtrew Oct 1, 2025
018e936
Restore jackson-databind variable, add comments for BOM and jackson-a…
mwtrew Oct 2, 2025
c632c13
Resolve merge conflict
mwtrew Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 32 additions & 37 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,32 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<segue.version>v3.20.11-SNAPSHOT</segue.version>
<log4j.version>2.25.1</log4j.version>
<resteasy.version>6.2.12.Final</resteasy.version>
<log4j.version>2.25.2</log4j.version>
<resteasy.version>6.2.14.Final</resteasy.version>
<guice.version>7.0.0</guice.version>
<oauth-client.version>1.39.0</oauth-client.version>
<jackson.version>2.19.2</jackson.version>
<jackson-databind.version>2.19.2</jackson-databind.version>
<jackson.version>2.20.0</jackson.version>
<!-- 'jackson-databind' is kept separate to make it easier to update to later patch versions for security
reasons. -->
<jackson-databind.version>2.20.0</jackson-databind.version>
<!-- todo: 'jackson-annotations' would normally have the same version string as 'jackson'. This looks like a
typo from the maintainers - hopefully we can remove this next update. -->
<jackson-annotations.version>2.20</jackson-annotations.version>
<powermock.version>2.0.9</powermock.version>
<junit-4.version>4.13.2</junit-4.version>
<junit-5.version>5.13.4</junit-5.version>
<junit-5.version>5.14.0</junit-5.version>
<swagger-ui-version>4.13.2</swagger-ui-version>
<prometheus.version>0.16.0</prometheus.version>
<jetty-version>11.0.25</jetty-version>
<jetty-version>11.0.26</jetty-version>
<jetty.port.api>8080</jetty.port.api>
<jetty.port.etl>8090</jetty.port.etl>
<testcontainers.version>1.21.3</testcontainers.version>
<web.xml>web-api-live.xml</web.xml>
<web.xml.etl>web-etl.xml</web.xml.etl>
<web.xml.local>web-api-local.xml</web.xml.local>
<dependency-check.version>12.1.3</dependency-check.version>
<dependency-check.version>12.1.6</dependency-check.version>
<ossindex.version>3.2.0</ossindex.version>
<swagger-core.version>2.2.34</swagger-core.version>
<swagger-core.version>2.2.38</swagger-core.version>
<jgit.version>6.10.1.202505221210-r</jgit.version>
<surefire.jacoco.args />
<failsafe.jacoco.args />
Expand All @@ -52,7 +57,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.4</version>
<version>2.5</version>
</dependency>
<dependency>
<groupId>org.isaacphysics.thirdparty</groupId>
Expand Down Expand Up @@ -148,7 +153,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.8-jre</version>
<version>33.5.0-jre</version>
</dependency>

<dependency>
Expand Down Expand Up @@ -223,7 +228,7 @@
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>3.27.3</version>
<version>3.27.6</version>
<scope>test</scope>
</dependency>

Expand All @@ -235,7 +240,7 @@
<dependency>
<groupId>com.auth0</groupId>
<artifactId>jwks-rsa</artifactId>
<version>0.22.2</version>
<version>0.23.0</version>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
Expand Down Expand Up @@ -314,7 +319,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
<version>${jackson-annotations.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jakarta.rs</groupId>
Expand All @@ -325,7 +330,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.18.0</version>
<version>3.19.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
Expand Down Expand Up @@ -382,7 +387,7 @@
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.7.7</version>
<version>42.7.8</version>
</dependency>

<dependency>
Expand Down Expand Up @@ -471,13 +476,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.81</version>
<version>1.82</version>
</dependency>

<dependency>
<groupId>com.maxmind.geoip2</groupId>
<artifactId>geoip2</artifactId>
<version>4.3.1</version>
<version>4.4.0</version>
</dependency>

<!-- These two don't need to be included in the war package so their scope is "provided" which means we
Expand Down Expand Up @@ -557,7 +562,7 @@
See https://maven.apache.org/surefire/maven-surefire-plugin/examples/junit.html#manually-specifying-a-provider -->
<groupId>org.apache.maven.surefire</groupId>
<artifactId>surefire-junit47</artifactId>
<version>3.5.3</version>
<version>3.5.4</version>
</dependency>
</dependencies>
<configuration>
Expand Down Expand Up @@ -722,29 +727,19 @@
</resources>
</build>

<!-- This block pins versions of indirect dependencies - useful to address security issues -->
<!-- This block pins versions of indirect dependencies - useful to address security issues, or to resolve
incompatibilities. -->
<!-- TODO: When doing dependency updates, please make sure these are still necessary, and remove them if not -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<version>2.19.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jdk8</artifactId>
<version>2.19.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jakarta.rs</groupId>
<artifactId>jackson-jakarta-rs-base</artifactId>
<version>2.19.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jakarta-xmlbind-annotations</artifactId>
<version>2.19.2</version>
<!-- This "BOM" package ensures we get a compatible set of Jackson plugins across our indirect
dependencies. More info here: https://github.com/FasterXML/jackson-bom -->
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Expand Down
Loading