From 2b331366848df06183912e15482f73de698fb15e Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Thu, 2 Jun 2022 11:49:19 +0100 Subject: MRM-2051: upgrade dom4j due to cves (#106) * upgrade dom4j due to cves --- .../1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom | 4 ++-- .../metadata/storage/Maven2RepositoryMetadataResolverTest.java | 6 +++--- .../1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom | 4 ++-- .../target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom | 4 ++-- .../apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom | 4 ++-- .../resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom | 4 ++-- .../resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom | 4 ++-- .../org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom | 4 ++-- pom.xml | 1 + 9 files changed, 18 insertions(+), 17 deletions(-) diff --git a/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom b/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom index efa42d3f0..b45a5f3a5 100644 --- a/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom +++ b/archiva-modules/archiva-base/archiva-repository-scanner/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom @@ -34,9 +34,9 @@ archiva-common - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} jaxen diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java index 6f5f72c1d..ea46c624a 100644 --- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java +++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/java/org/apache/archiva/maven/repository/metadata/storage/Maven2RepositoryMetadataResolverTest.java @@ -225,7 +225,7 @@ public class Maven2RepositoryMetadataResolverTest assertDependency( dependencies.get( 3 ), "org.codehaus.plexus", "plexus-component-api", "1.0-alpha-22" ); assertDependency( dependencies.get( 4 ), "org.codehaus.plexus", "plexus-spring", "1.2", "test" ); assertDependency( dependencies.get( 5 ), "xalan", "xalan", "2.7.0" ); - assertDependency( dependencies.get( 6 ), "dom4j", "dom4j", "1.6.1", "test" ); + assertDependency( dependencies.get( 6 ), "org.dom4j", "dom4j", "${dom4j.version}", "test" ); assertDependency( dependencies.get( 7 ), "junit", "junit", "3.8.1", "test" ); assertDependency( dependencies.get( 8 ), "easymock", "easymock", "1.2_Java1.3", "test" ); assertDependency( dependencies.get( 9 ), "easymock", "easymockclassextension", "1.2", "test" ); @@ -682,8 +682,8 @@ public class Maven2RepositoryMetadataResolverTest assertArtifact( artifacts.get( 0 ), "plexus-spring-1.2-sources.jar", 0, EMPTY_SHA1, EMPTY_MD5 ); assertArtifact( artifacts.get( 1 ), "plexus-spring-1.2.jar", 0, EMPTY_SHA1, EMPTY_MD5 ); - assertArtifact( artifacts.get( 2 ), "plexus-spring-1.2.pom", 7407, "96b14cf880e384b2d15e8193c57b65c5420ca4c5", - "f83aa25f016212a551a4b2249985effc" ); + assertArtifact( artifacts.get( 2 ), "plexus-spring-1.2.pom", 7422, "28e86d3e2723e4894587e4b758231f76febce942", + "9f663d8e7adf6adff4133653b59d1e28" ); } @Test diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom index efa42d3f0..b45a5f3a5 100644 --- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom +++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/repositories/default-repository/org/apache/maven/archiva/archiva-xml-tools/1.0-SNAPSHOT/archiva-xml-tools-1.0-SNAPSHOT.pom @@ -34,9 +34,9 @@ archiva-common - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} jaxen diff --git a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom index cccf51781..0bf4b0f6c 100755 --- a/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom +++ b/archiva-modules/archiva-maven/archiva-maven-repository/src/test/resources/target-repo/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom @@ -501,9 +501,9 @@ 10.1.3.1 - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} hsqldb diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom index bddde3bb7..360cc46f9 100644 --- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom +++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva-common/1.2.1/archiva-common-1.2.1.pom @@ -61,9 +61,9 @@ 2.7.0 - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} test diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom index cccf51781..0bf4b0f6c 100644 --- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom +++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.1/archiva-1.2.1.pom @@ -501,9 +501,9 @@ 10.1.3.1 - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} hsqldb diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom index cccf51781..0bf4b0f6c 100644 --- a/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom +++ b/archiva-modules/metadata/test-repository/src/main/resources/org/apache/archiva/archiva/1.2.2/archiva-1.2.2.pom @@ -501,9 +501,9 @@ 10.1.3.1 - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} hsqldb diff --git a/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom b/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom index 1b13027c1..cc7397558 100644 --- a/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom +++ b/archiva-modules/metadata/test-repository/src/main/resources/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.pom @@ -57,9 +57,9 @@ 1.0-alpha-22 - dom4j + org.dom4j dom4j - 1.6.1 + ${dom4j.version} com.opensymphony diff --git a/pom.xml b/pom.xml index 969fca2c8..df374b37c 100644 --- a/pom.xml +++ b/pom.xml @@ -61,6 +61,7 @@ 1.14.2 1.16.0 9.1.6 + 2.1.3 2.0 -- cgit v1.2.3