Stewardship SIG Report (November 2019)

There's a lot of changes that we pushed in November, and there's little time to talk about them, so here's a list of all the updates we submitted to fedora in November.

Note that with all these updates, we managed to reduce the number of outdated packages to about 25% of maintained package set, and we hope to improve further upon this.

  • various version updates:
package version release changes
glassfish-jax-rs-api 2.1.6 1.fc32 2.1.5 → 2.1.6
apache-commons-beanutils 1.9.4 1.fc31, 1.fc30 1.9.3 → 1.9.4
  • a small packaging fix for maven:
package version release changes
maven 3.6.1, 3.5.4 1.fc32, 1.fc31, 1.fc30 fixed postun scriptlet
  • inter-dependent version updates for plexus packages:
package version release changes
plexus-utils 3.3.0 1.fc32 3.2.1 → 3.3.0
plexus-build-api 0.0.7 24.fc32 port to plexus-utils 3.3.0
plexus-io 3.2.0 1.fc32 3.1.1 → 3.2.0
plexus-containers 2.1.0 1.fc32 2.0.0 → 2.1.0
  • miscellaneous version updates:
package version release changes
log4j 2.12.1 1.fc32 2.11.1 → 2.12.1
jsoup 1.12.1 1.fc32 1.11.3 → 1.12.1
jvnet-parent 5 1.fc32 4 → 5
glassfish-jsp-api 2.3.3 1.fc32 2.3.2~b01 → 2.3.3
sisu-mojos 0.3.4 1.fc32 0.3.3 → 0.3.4
  • updating XMvn to the latest release, and adapting other packages:
package version release changes
xmvn 3.1.0 1.fc32 3.0.0 → 3.1.0
apache-commons-jexl 2.1.1 24.fc32 fix build with xmvn 3.1.0
apache-commons-collections 3.2.2 14.fc32 fix build with xmvn 3.1.0
apache-commons-lang 2.6 26.fc32 fix build with xmvn 3.1.0
xstream 1.4.11 4.fc32 fix build with xmvn 3.1.0
plexus-build-api 0.0.7 25.fc32 fix build with xmvn 3.1.0
apache-commons-collections 3.2.2 15.fc32 fix build with xmvn 3.1.0
  • various small fixes and improvements:
package version release changes
jackson-jaxrs-providers 2.10.0 2.fc32 minimize build dependencies
xsom 20140514 2.fc32 fix regeneration of sources
munge-maven-plugin 1.0 15.fc32 drop unnecessary dependency on parent POM
  • another few version updates, including updates for the jackson stack that fixed some security issues:
package version release changes
google-gson 2.8.6 1.fc32 2.8.2 → 2.8.6
jackson-bom 2.10.1 1.fc32 2.10.0 → 2.10.1
jackson-annotations 2.10.1 1.fc32 2.10.0 → 2.10.1
jackson-core 2.10.1 1.fc32 2.10.0 → 2.10.1
jackson-databind 2.10.1 1.fc32 2.10.0 → 2.10.1
jackson-modules-base 2.10.1 1.fc32 2.10.0 → 2.10.1
jackson-jaxrs-providers 2.10.1 1.fc32 2.10.0 → 2.10.1
xbean 4.15 1.fc32 4.14 → 4.15
  • inter-dependent updates for various plexus packages and maven plugins:
package version release changes
plexus-archiver 4.2.1 1.fc32 4.1.0 → 4.2.1
maven-archiver 3.5.0 1.fc32 3.4.0 → 3.5.0
maven-jar-plugin 3.2.0 1.fc32 3.1.2 → 3.2.0
maven-source-plugin 3.2.0 1.fc32 3.1.0 → 3.2.0
maven-artifact-transfer 0.11.0 1.fc32 0.9.0 → 0.11.0
maven-javadoc-plugin 3.1.1 1.fc32 3.0.1 → 3.1.1
maven-invoker-plugin 3.2.1 1.fc32 3.2.0 → 3.2.1
maven-dependency-plugin 3.1.1 4.fc32 port to maven-artifact-transfer 0.11.0
maven-shade-plugin 3.2.1 2.fc32 port to maven-artifact-transfer 0.11.0
maven-enforcer 3.0.0~M2 1.fc32 port to maven-artifact-transfer 0.11.0
maven-resolver 1.4.1 1.fc32 1.3.3 → 1.4.1
maven-assembly-plugin 3.2.0 1.fc32 3.1.1 → 3.2.0
maven-javadoc-plugin 3.1.1 2.fc32 non-bootstrap build with JavaDocs
  • removing some unnecessary dependencies from our packages:
package version release changes
jmock 2.8.2 9.fc32 drop unnecessary dependency on parent POM
paranamer 2.8 11.fc32 drop unnecessary dependency on parent POM
google-gson 2.8.6 2.fc32 drop unnecessary dependency on parent POM
apache-ivy 2.4.0 19.fc32 remove unnecessary dependencies on parent POMs
netty 4.1.13 13.fc32 remove unnecessary dependency on parent POM
relaxngDatatype 2011.1 11.fc32 remove unnecessary dependency on parent POM
lzma-java 1.3 8.fc32 remove unnecessary dependency on parent POM
os-maven-plugin 1.2.3 13.fc32 remove unnecessary dependency on parent POM
qdox 2.0~M9 7.fc32 remove unnecessary dependency on parent POM
sisu-mojos 0.3.4 2.fc32 remove unnecessary dependency on parent POM
replacer 1.6 12.fc32 remove unnecessary dependency on parent POM
maven 3.6.1 3.fc32 require correct version of guava
plexus-build-api 0.0.7 26.fc32 remove unnecessary dependency on parent POM
  • and another two version updates:
package version release changes
glassfish-fastinfoset 1.2.15 1.fc32 1.2.13 → 1.2.15
beust-jcommander 1.78 1.fc32 1.71 → 1.78