Skip to content

Commit

Permalink
Update versions to latest where possible
Browse files Browse the repository at this point in the history
  • Loading branch information
@puredanger
puredanger committed Dec 31, 2024
1 parent bc9dc71 commit d1a84a9
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 17 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Changelog

* next
* Update to tools.gitlibs 2.6.206
* Update other dep versions to latest
* 0.21.1460 on Nov 21, 2024
* Update to tools.deps.cli 0.11.78
* 0.21.1456 on Nov 21, 2024
Expand Down
20 changes: 10 additions & 10 deletions deps.edn
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{:paths ["src/main/clojure" "src/main/resources"]
:deps {
org.clojure/clojure {:mvn/version "1.10.3"}
org.clojure/clojure {:mvn/version "1.12.0"}
org.apache.maven.resolver/maven-resolver-api {:mvn/version "1.8.2"}
org.apache.maven.resolver/maven-resolver-spi {:mvn/version "1.8.2"}
org.apache.maven.resolver/maven-resolver-impl {:mvn/version "1.8.2"}
Expand All @@ -9,28 +9,28 @@
org.apache.maven.resolver/maven-resolver-transport-file {:mvn/version "1.8.2"}
org.apache.maven.resolver/maven-resolver-transport-http {:mvn/version "1.8.2"}
org.apache.maven/maven-resolver-provider {:mvn/version "3.8.8"}
;; exclude due to CVE-2020-8908
org.apache.maven/maven-core {:mvn/version "3.8.8" :exclusions [com.google.guava/guava]}
; com.google.guava/guava {:mvn/version "33.0.0-jre"} ;; update transitive dep due to CVE-2020-8908
org.clojure/data.xml {:mvn/version "0.2.0-alpha9"}
org.clojure/tools.gitlibs {:mvn/version "2.6.206"}
org.clojure/tools.cli {:mvn/version "1.1.230"}
com.cognitect.aws/api {:mvn/version "0.8.692" :exclusions [org.eclipse.jetty/jetty-http org.eclipse.jetty/jetty-client org.eclipse.jetty/jetty-util]} ;; override for CVEs
org.eclipse.jetty/jetty-http {:mvn/version "9.4.53.v20231009"}
org.eclipse.jetty/jetty-client {:mvn/version "9.4.53.v20231009"}
org.eclipse.jetty/jetty-util {:mvn/version "9.4.53.v20231009"}
com.cognitect.aws/endpoints {:mvn/version "1.1.12.718"}
com.cognitect.aws/s3 {:mvn/version "868.2.1580.0"}
com.cognitect.aws/api {:mvn/version "0.8.723" :exclusions [org.eclipse.jetty/jetty-http org.eclipse.jetty/jetty-client org.eclipse.jetty/jetty-util]} ;; override for CVEs
org.eclipse.jetty/jetty-http {:mvn/version "9.4.56.v20240826"}
org.eclipse.jetty/jetty-client {:mvn/version "9.4.56.v20240826"}
org.eclipse.jetty/jetty-util {:mvn/version "9.4.56.v20240826"}
com.cognitect.aws/endpoints {:mvn/version "871.2.29.39"}
com.cognitect.aws/s3 {:mvn/version "871.2.29.35"}
javax.inject/javax.inject {:mvn/version "1"}
}
:aliases {
:test {:extra-paths ["src/test/clojure"]}

;; clj -M:lint
:lint {:replace-deps {clj-kondo/clj-kondo {:mvn/version "2024.05.24"}}
:lint {:replace-deps {clj-kondo/clj-kondo {:mvn/version "2024.11.14"}}
:main-opts ["-m" "clj-kondo.main" "--lint" "src/main/clojure" "--lint" "src/test/clojure"]}

;; clj -M:cve
:cve {:extra-deps {io.github.clj-holmes/clj-watson {:git/tag "v5.1.2" :git/sha "c2349f5"}}
:cve {:extra-deps {io.github.clj-holmes/clj-watson {:git/tag "v6.0.0" :git/sha "cb02879"}}
:extra-paths [".clj-watson"]
:jvm-opts ["--illegal-access=deny"]
:main-opts ["-m" "clj-watson.cli" "scan" "-p" "deps.edn"]}
Expand Down
14 changes: 7 additions & 7 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<properties>
<!-- used for build -->
<clojure.warnOnReflection>true</clojure.warnOnReflection>
<clojure.version>1.10.3</clojure.version>
<clojure.version>1.12.0</clojure.version>
<resolverVersion>1.8.2</resolverVersion>
<mavenVersion>3.8.8</mavenVersion>

Expand Down Expand Up @@ -109,7 +109,7 @@
<dependency>
<groupId>com.cognitect.aws</groupId>
<artifactId>api</artifactId>
<version>0.8.692</version>
<version>0.8.723</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.jetty</groupId>
Expand All @@ -128,27 +128,27 @@
<dependency> <!-- override for CVE fixes -->
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
<version>9.4.53.v20231009</version>
<version>9.4.56.v20240826</version>
</dependency>
<dependency> <!-- override for CVE fixes -->
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
<version>9.4.53.v20231009</version>
<version>9.4.56.v20240826</version>
</dependency>
<dependency> <!-- override for CVE fixes -->
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
<version>9.4.53.v20231009</version>
<version>9.4.56.v20240826</version>
</dependency>
<dependency>
<groupId>com.cognitect.aws</groupId>
<artifactId>endpoints</artifactId>
<version>1.1.12.718</version>
<version>871.2.29.39</version>
</dependency>
<dependency>
<groupId>com.cognitect.aws</groupId>
<artifactId>s3</artifactId>
<version>868.2.1580.0</version>
<version>871.2.29.35</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
Expand Down

0 comments on commit d1a84a9

Please sign in to comment.