forked from apache/ofbiz-framework
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dependencies.gradle
125 lines (121 loc) · 7.7 KB
/
dependencies.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
dependencies {
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
implementation 'com.google.guava:guava:33.2.1-jre'
implementation 'com.google.zxing:core:3.5.3'
implementation 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.31'
implementation 'com.ibm.icu:icu4j:74.2'
implementation ('com.lowagie:itext:2.1.7') { // Don't update due to license change in newer versions, see OFBIZ-10455
exclude group: 'bouncycastle', module: 'bcmail-jdk14'
exclude group: 'bouncycastle', module: 'bcprov-jdk14'
exclude group: 'bouncycastle', module: 'bctsp-jdk14'
}
implementation 'com.sun.mail:javax.mail:1.6.2'
implementation 'com.rometools:rome:2.1.0'
implementation 'com.thoughtworks.xstream:xstream:1.4.20'
implementation 'commons-cli:commons-cli:1.5.0' // with 1.6.0, 2 tests of OfbizStartupUnitTests don't pass
implementation 'commons-fileupload:commons-fileupload:1.5'
implementation 'commons-net:commons-net:3.10.0'
implementation 'commons-validator:commons-validator:1.8.0'
implementation 'de.odysseus.juel:juel-impl:2.2.7'
implementation 'javax.transaction:javax.transaction-api:1.3'
implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
implementation 'net.lingala.zip4j:zip4j:2.11.5'
implementation 'org.apache.ant:ant-junit:1.10.14'
implementation 'org.apache.commons:commons-collections4:4.4'
implementation 'org.apache.commons:commons-csv:1.10.0'
implementation 'org.apache.commons:commons-dbcp2:2.10.0'// 2.11.0 does not compile.
implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha but OK, "Imaging was working and was used by a number of projects in production even before reaching its initial release as an Apache Commons component." Since 1.0.0-alpha4 (note the use of semver) the API has changed. Better wait an "official release" to rewrite OFBiz code...
implementation 'org.apache.commons:commons-text:1.11.0'
implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.5' // 4.0.0 does not compile
implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
implementation 'org.apache.logging.log4j:log4j-api:2.20.0' // the API of log4j 2
implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:5.3.0'
implementation 'org.apache.pdfbox:pdfbox:2.0.32' // 3.0.1 does not compile
implementation 'org.apache.shiro:shiro-core:1.13.0'
implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.0'
implementation 'org.apache.sshd:sshd-core:2.13.1'
implementation 'org.apache.sshd:sshd-sftp:2.13.1'
implementation 'org.apache.tika:tika-core:2.9.2'
implementation 'org.apache.tika:tika-parsers:2.9.2'
implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2'
implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.6.4' // 4.x+ requires javax.xml.bind -> jakarta.xml.bind namespace change
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.97' // Remember to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.97'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
implementation 'org.apache.xmlgraphics:batik-anim:1.17'
implementation 'org.apache.xmlgraphics:batik-util:1.17'
implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4 dependencies are messed up. See https://github.com/moqui/moqui-fop/blob/master/build.gradle
implementation 'org.clojure:clojure:1.11.3'
implementation 'org.apache.groovy:groovy-all:4.0.22'
implementation 'org.freemarker:freemarker:2.3.34-SNAPSHOT' // Remember to change the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if >= 2.4
implementation 'org.owasp.esapi:esapi:2.5.4.0'
implementation 'org.cyberneko:html:1.9.8'
implementation 'org.springframework:spring-test:5.3.29' // 6.1.4 does not compile
implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
implementation 'com.auth0:java-jwt:4.4.0'
implementation 'org.jdom:jdom2:2.0.6.1'
implementation 'com.google.re2j:re2j:1.7'
implementation 'xerces:xercesImpl:2.12.2'
implementation('org.mustangproject:library:2.8.0') { // 2.10.0 did not work, cf. OFBIZ-12920 (https://github.com/apache/ofbiz-framework/pull/712#issuecomment-1968960963)
exclude group: 'pull-parser', module: 'pull-parser'
exclude group: 'xpp3', module: 'xpp3'
}
testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to not depend on hamcrest-1.3
testImplementation 'org.mockito:mockito-core:5.10.0'
testImplementation 'org.jmockit:jmockit:1.49'
testImplementation 'com.pholser:junit-quickcheck-generators:1.0'
runtimeOnly 'javax.xml.soap:javax.xml.soap-api:1.4.0'
runtimeOnly 'de.odysseus.juel:juel-spi:2.2.7'
runtimeOnly 'net.sf.barcode4j:barcode4j-fop-ext:2.1'
runtimeOnly 'net.sf.barcode4j:barcode4j:2.1'
runtimeOnly 'org.apache.axis2:axis2-transport-http:1.8.2'
runtimeOnly 'org.apache.axis2:axis2-transport-local:1.8.2'
runtimeOnly 'org.apache.derby:derby:10.16.1.1' // 10.17.x.x requires Java 21
runtimeOnly 'org.apache.derby:derbytools:10.16.1.1' // 10.17.x.x requires Java 21
runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.20.0' // for external jars using the old log4j1.2: routes logging to log4j 2
runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.20.0' // for external jars using the java.util.logging: routes logging to log4j 2
runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.20.0' // for external jars using slf4j: routes logging to log4j 2
runtimeOnly 'org.apache.logging.log4j:log4j-web:2.20.0' //???
runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.20.0' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
// specify last codenarc version for java 17 compliance
codenarc('org.codenarc:CodeNarc:3.4.0')
// use constraints to update transitive dependencies
constraints {
implementation('org.apache.james:apache-mime4j-core:0.8.10') {
because 'CVE-2024-21742'
}
implementation('org.bouncycastle:bcprov-jdk18on:1.78') {
because 'CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-34447'
}
implementation('org.testng:testng:7.7.0') {
because 'CVE-2022-4065'
}
}
}