From d1a84a9b1d46bac5226d102e7012e54f9b94d0a5 Mon Sep 17 00:00:00 2001 From: Alex Miller Date: Tue, 31 Dec 2024 17:07:19 -0600 Subject: [PATCH] Update versions to latest where possible --- CHANGELOG.md | 1 + deps.edn | 20 ++++++++++---------- pom.xml | 14 +++++++------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a59f9a..bcfc6b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ Changelog * next * Update to tools.gitlibs 2.6.206 + * Update other dep versions to latest * 0.21.1460 on Nov 21, 2024 * Update to tools.deps.cli 0.11.78 * 0.21.1456 on Nov 21, 2024 diff --git a/deps.edn b/deps.edn index b635886..60de7f1 100644 --- a/deps.edn +++ b/deps.edn @@ -1,6 +1,6 @@ {:paths ["src/main/clojure" "src/main/resources"] :deps { - org.clojure/clojure {:mvn/version "1.10.3"} + org.clojure/clojure {:mvn/version "1.12.0"} org.apache.maven.resolver/maven-resolver-api {:mvn/version "1.8.2"} org.apache.maven.resolver/maven-resolver-spi {:mvn/version "1.8.2"} org.apache.maven.resolver/maven-resolver-impl {:mvn/version "1.8.2"} @@ -9,28 +9,28 @@ org.apache.maven.resolver/maven-resolver-transport-file {:mvn/version "1.8.2"} org.apache.maven.resolver/maven-resolver-transport-http {:mvn/version "1.8.2"} org.apache.maven/maven-resolver-provider {:mvn/version "3.8.8"} + ;; exclude due to CVE-2020-8908 org.apache.maven/maven-core {:mvn/version "3.8.8" :exclusions [com.google.guava/guava]} - ; com.google.guava/guava {:mvn/version "33.0.0-jre"} ;; update transitive dep due to CVE-2020-8908 org.clojure/data.xml {:mvn/version "0.2.0-alpha9"} org.clojure/tools.gitlibs {:mvn/version "2.6.206"} org.clojure/tools.cli {:mvn/version "1.1.230"} - com.cognitect.aws/api {:mvn/version "0.8.692" :exclusions [org.eclipse.jetty/jetty-http org.eclipse.jetty/jetty-client org.eclipse.jetty/jetty-util]} ;; override for CVEs - org.eclipse.jetty/jetty-http {:mvn/version "9.4.53.v20231009"} - org.eclipse.jetty/jetty-client {:mvn/version "9.4.53.v20231009"} - org.eclipse.jetty/jetty-util {:mvn/version "9.4.53.v20231009"} - com.cognitect.aws/endpoints {:mvn/version "1.1.12.718"} - com.cognitect.aws/s3 {:mvn/version "868.2.1580.0"} + com.cognitect.aws/api {:mvn/version "0.8.723" :exclusions [org.eclipse.jetty/jetty-http org.eclipse.jetty/jetty-client org.eclipse.jetty/jetty-util]} ;; override for CVEs + org.eclipse.jetty/jetty-http {:mvn/version "9.4.56.v20240826"} + org.eclipse.jetty/jetty-client {:mvn/version "9.4.56.v20240826"} + org.eclipse.jetty/jetty-util {:mvn/version "9.4.56.v20240826"} + com.cognitect.aws/endpoints {:mvn/version "871.2.29.39"} + com.cognitect.aws/s3 {:mvn/version "871.2.29.35"} javax.inject/javax.inject {:mvn/version "1"} } :aliases { :test {:extra-paths ["src/test/clojure"]} ;; clj -M:lint - :lint {:replace-deps {clj-kondo/clj-kondo {:mvn/version "2024.05.24"}} + :lint {:replace-deps {clj-kondo/clj-kondo {:mvn/version "2024.11.14"}} :main-opts ["-m" "clj-kondo.main" "--lint" "src/main/clojure" "--lint" "src/test/clojure"]} ;; clj -M:cve - :cve {:extra-deps {io.github.clj-holmes/clj-watson {:git/tag "v5.1.2" :git/sha "c2349f5"}} + :cve {:extra-deps {io.github.clj-holmes/clj-watson {:git/tag "v6.0.0" :git/sha "cb02879"}} :extra-paths [".clj-watson"] :jvm-opts ["--illegal-access=deny"] :main-opts ["-m" "clj-watson.cli" "scan" "-p" "deps.edn"]} diff --git a/pom.xml b/pom.xml index 0fc172f..783fe60 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ true - 1.10.3 + 1.12.0 1.8.2 3.8.8 @@ -109,7 +109,7 @@ com.cognitect.aws api - 0.8.692 + 0.8.723 org.eclipse.jetty @@ -128,27 +128,27 @@ org.eclipse.jetty jetty-http - 9.4.53.v20231009 + 9.4.56.v20240826 org.eclipse.jetty jetty-client - 9.4.53.v20231009 + 9.4.56.v20240826 org.eclipse.jetty jetty-client - 9.4.53.v20231009 + 9.4.56.v20240826 com.cognitect.aws endpoints - 1.1.12.718 + 871.2.29.39 com.cognitect.aws s3 - 868.2.1580.0 + 871.2.29.35 javax.inject