Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-10213

Update build.gradle to the latest dependencies



    • Type: Task
    • Status: In Progress
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: Trunk
    • Fix Version/s: None
    • Component/s: Gradle
    • Labels:


      We want to check from time to time if we need to update the dependencies.

      It's easily done with the gradle-versions-plugin which analyzes the dependencies and checks if there are newer versions available.

      Running the check with

      gradlew -PenableDependencyUpdates dependencyUpdates -Drevision=release

      We get a list of dependencies to update. This is an umbrella task for action tasks.

      It's then good to run OWASP dependency check to get a report about the security situation. Note though that all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. You can refer to this wiki page: About OWASP Dependency Check.

      We have problems with a number of libs. We keep comments in the main build.gradle for special updating issues. For ease of use, you may also refer to "Libs that can't be updated in their last version section" in About OWASP Dependency Check wiki page. Beware that this may not be as up to date as in the main build.gradle file.


        1. OFBIZ-10213.patch
          1 kB
          Jacques Le Roux
        2. OFBIZ-10213.patch
          1 kB
          Jacques Le Roux
        3. OFBIZ-10213.patch
          1.0 kB
          Jacques Le Roux

          Issue Links

          There are no Sub-Tasks for this issue.



              • Assignee:
                jleroux Jacques Le Roux
                jleroux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: