Stewardship SIG Report (November 2019)
There's a lot of changes that we pushed in November, and there's little time to talk about them, so here's a list of all the updates we submitted to fedora in November.
Note that with all these updates, we managed to reduce the number of outdated packages to about 25% of maintained package set, and we hope to improve further upon this.
- various version updates:
package | version | release | changes |
---|---|---|---|
glassfish-jax-rs-api | 2.1.6 | 1.fc32 | 2.1.5 → 2.1.6 |
apache-commons-beanutils | 1.9.4 | 1.fc31, 1.fc30 | 1.9.3 → 1.9.4 |
- a small packaging fix for maven:
package | version | release | changes |
---|---|---|---|
maven | 3.6.1, 3.5.4 | 1.fc32, 1.fc31, 1.fc30 | fixed postun scriptlet |
- inter-dependent version updates for plexus packages:
package | version | release | changes |
---|---|---|---|
plexus-utils | 3.3.0 | 1.fc32 | 3.2.1 → 3.3.0 |
plexus-build-api | 0.0.7 | 24.fc32 | port to plexus-utils 3.3.0 |
plexus-io | 3.2.0 | 1.fc32 | 3.1.1 → 3.2.0 |
plexus-containers | 2.1.0 | 1.fc32 | 2.0.0 → 2.1.0 |
- miscellaneous version updates:
package | version | release | changes |
---|---|---|---|
log4j | 2.12.1 | 1.fc32 | 2.11.1 → 2.12.1 |
jsoup | 1.12.1 | 1.fc32 | 1.11.3 → 1.12.1 |
jvnet-parent | 5 | 1.fc32 | 4 → 5 |
glassfish-jsp-api | 2.3.3 | 1.fc32 | 2.3.2~b01 → 2.3.3 |
sisu-mojos | 0.3.4 | 1.fc32 | 0.3.3 → 0.3.4 |
- updating XMvn to the latest release, and adapting other packages:
package | version | release | changes |
---|---|---|---|
xmvn | 3.1.0 | 1.fc32 | 3.0.0 → 3.1.0 |
apache-commons-jexl | 2.1.1 | 24.fc32 | fix build with xmvn 3.1.0 |
apache-commons-collections | 3.2.2 | 14.fc32 | fix build with xmvn 3.1.0 |
apache-commons-lang | 2.6 | 26.fc32 | fix build with xmvn 3.1.0 |
xstream | 1.4.11 | 4.fc32 | fix build with xmvn 3.1.0 |
plexus-build-api | 0.0.7 | 25.fc32 | fix build with xmvn 3.1.0 |
apache-commons-collections | 3.2.2 | 15.fc32 | fix build with xmvn 3.1.0 |
- various small fixes and improvements:
package | version | release | changes |
---|---|---|---|
jackson-jaxrs-providers | 2.10.0 | 2.fc32 | minimize build dependencies |
xsom | 20140514 | 2.fc32 | fix regeneration of sources |
munge-maven-plugin | 1.0 | 15.fc32 | drop unnecessary dependency on parent POM |
- another few version updates, including updates for the jackson stack that fixed some security issues:
package | version | release | changes |
---|---|---|---|
google-gson | 2.8.6 | 1.fc32 | 2.8.2 → 2.8.6 |
jackson-bom | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
jackson-annotations | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
jackson-core | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
jackson-databind | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
jackson-modules-base | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
jackson-jaxrs-providers | 2.10.1 | 1.fc32 | 2.10.0 → 2.10.1 |
xbean | 4.15 | 1.fc32 | 4.14 → 4.15 |
- inter-dependent updates for various plexus packages and maven plugins:
package | version | release | changes |
---|---|---|---|
plexus-archiver | 4.2.1 | 1.fc32 | 4.1.0 → 4.2.1 |
maven-archiver | 3.5.0 | 1.fc32 | 3.4.0 → 3.5.0 |
maven-jar-plugin | 3.2.0 | 1.fc32 | 3.1.2 → 3.2.0 |
maven-source-plugin | 3.2.0 | 1.fc32 | 3.1.0 → 3.2.0 |
maven-artifact-transfer | 0.11.0 | 1.fc32 | 0.9.0 → 0.11.0 |
maven-javadoc-plugin | 3.1.1 | 1.fc32 | 3.0.1 → 3.1.1 |
maven-invoker-plugin | 3.2.1 | 1.fc32 | 3.2.0 → 3.2.1 |
maven-dependency-plugin | 3.1.1 | 4.fc32 | port to maven-artifact-transfer 0.11.0 |
maven-shade-plugin | 3.2.1 | 2.fc32 | port to maven-artifact-transfer 0.11.0 |
maven-enforcer | 3.0.0~M2 | 1.fc32 | port to maven-artifact-transfer 0.11.0 |
maven-resolver | 1.4.1 | 1.fc32 | 1.3.3 → 1.4.1 |
maven-assembly-plugin | 3.2.0 | 1.fc32 | 3.1.1 → 3.2.0 |
maven-javadoc-plugin | 3.1.1 | 2.fc32 | non-bootstrap build with JavaDocs |
- removing some unnecessary dependencies from our packages:
package | version | release | changes |
---|---|---|---|
jmock | 2.8.2 | 9.fc32 | drop unnecessary dependency on parent POM |
paranamer | 2.8 | 11.fc32 | drop unnecessary dependency on parent POM |
google-gson | 2.8.6 | 2.fc32 | drop unnecessary dependency on parent POM |
apache-ivy | 2.4.0 | 19.fc32 | remove unnecessary dependencies on parent POMs |
netty | 4.1.13 | 13.fc32 | remove unnecessary dependency on parent POM |
relaxngDatatype | 2011.1 | 11.fc32 | remove unnecessary dependency on parent POM |
lzma-java | 1.3 | 8.fc32 | remove unnecessary dependency on parent POM |
os-maven-plugin | 1.2.3 | 13.fc32 | remove unnecessary dependency on parent POM |
qdox | 2.0~M9 | 7.fc32 | remove unnecessary dependency on parent POM |
sisu-mojos | 0.3.4 | 2.fc32 | remove unnecessary dependency on parent POM |
replacer | 1.6 | 12.fc32 | remove unnecessary dependency on parent POM |
maven | 3.6.1 | 3.fc32 | require correct version of guava |
plexus-build-api | 0.0.7 | 26.fc32 | remove unnecessary dependency on parent POM |
- and another two version updates:
package | version | release | changes |
---|---|---|---|
glassfish-fastinfoset | 1.2.15 | 1.fc32 | 1.2.13 → 1.2.15 |
beust-jcommander | 1.78 | 1.fc32 | 1.71 → 1.78 |