Merge pull request #18 from factorhouse/update-jetty

d-t-w · web-flow · commit dcec160e4e50 · 2024-06-04T21:32:30.000+10:00
update-jetty
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Change Log
 All notable changes to this project will be documented in this file. This change log follows the conventions of [keepachangelog.com](http://keepachangelog.com/)
 
+## [1.1.12] - 2024-06-04
+
+Bump to latest Jetty version (11.0.21 or equivalent)
+
 ## [1.1.13] - 2024-02-23
 
 Bump to latest Jetty9 sponsored support version (9.4.54.v20240208) other Jetty versions remain the same at 11.0.20 or equivalent.
diff --git a/README.md b/README.md
@@ -7,8 +7,8 @@
 | Jetty Version | Current Jetty Dependency | Clojars Project |
 | ------------- | ------------------------ | --------------- |
 | Jetty 9 | 9.4.54.v20240208 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty9.svg)](https://clojars.org/io.factorhouse/slipway-jetty9) |
-| Jetty 10 | 10.0.20 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty10.svg)](https://clojars.org/io.factorhouse/slipway-jetty10) |
-| Jetty 11 | 11.0.20 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty11.svg)](https://clojars.org/io.factorhouse/slipway-jetty11) |
+| Jetty 10 | 10.0.21 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty10.svg)](https://clojars.org/io.factorhouse/slipway-jetty10) |
+| Jetty 11 | 11.0.21 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty11.svg)](https://clojars.org/io.factorhouse/slipway-jetty11) |
 | Jetty 12 | - | Available once Jetty 12 stabilises. |
 
 ----
diff --git a/slipway-jetty10/dependency-check-suppressions.xml b/slipway-jetty10/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>
diff --git a/slipway-jetty10/project.clj b/slipway-jetty10/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty10 "1.1.13"
+(defproject io.factorhouse/slipway-jetty10 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,30 +7,30 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhouse/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"]
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"]
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
-                     :plugins        [[lein-cljfmt "0.8.2"]]}
+                     :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
 
   :aliases {"check" ["with-profile" "+smoke" "check"]
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "common/src:common-jetty1x/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.20"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty.websocket/websocket-servlet "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-jaas "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.21"]
+                 [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty.websocket/websocket-servlet "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-server "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-jaas "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["common/src" "common-jetty1x/src" "common-javax/src"]
   :test-paths ["test" "common/test"])
diff --git a/slipway-jetty11/dependency-check-suppressions.xml b/slipway-jetty11/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>
diff --git a/slipway-jetty11/project.clj b/slipway-jetty11/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty11 "1.1.13"
+(defproject io.factorhouse/slipway-jetty11 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,30 +7,30 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhouse/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"]
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"]
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
-                     :plugins        [[lein-cljfmt "0.8.2"]]}
+                     :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
 
   :aliases {"check" ["with-profile" "+smoke" "check"]
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "common/src:common-jetty1x/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.20"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty.websocket/websocket-servlet "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-jaas "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.21"]
+                 [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty.websocket/websocket-servlet "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-server "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-jaas "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["common/src" "common-jetty1x/src" "common-jakarta/src"]
   :test-paths ["test" "common/test"])
diff --git a/slipway-jetty9/dependency-check-suppressions.xml b/slipway-jetty9/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>
diff --git a/slipway-jetty9/project.clj b/slipway-jetty9/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty9 "1.1.13"
+(defproject io.factorhouse/slipway-jetty9 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,12 +7,12 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhosue/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"] ;; https://github.com/clj-kondo/clj-kondo/issues/2277 leave at this version until we move to Clojure 1.12.x and can fix
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"] ;; 1.3 branch is for Java EE / Java 8 so we will keep aligned here.
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
                      :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
@@ -21,15 +21,15 @@
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "src:common/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
                  [org.eclipse.jetty/jetty-server "9.4.54.v20240208"]
                  [org.eclipse.jetty.websocket/websocket-server "9.4.54.v20240208"]
                  [org.eclipse.jetty.websocket/websocket-servlet "9.4.54.v20240208"]
                  [org.eclipse.jetty/jetty-jaas "9.4.54.v20240208"]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["src" "common/src" "common-javax/src"]
   :test-paths ["test" "common/test"]
