* Sync runtime dependencies with Karaf 4.4.4, most notably:
* Jetty 9.4.52.v20230823
* JNA 5.13.0
* SLF4J 2.0.6
* Pax Logging 2.2.3
* Pax Web 8.0.22
* Resolve itest runbundles
* Use new Pax Web features to simplify dependency management
* Add specs features because Pax Web now depends on "asm"
Signed-off-by: Wouter Born <github@maindrain.net>
This is a workaround for JDK-8301341 by using the Java 11 LinkedTransferQueue with the QueueingThreadPoolExecutor in the Core and jUPnP.
Signed-off-by: Wouter Born <github@maindrain.net>
This addresses CVE-2022-40151 and CVE-2022-41966, see:
https://x-stream.github.io/changes.html#1.4.20
This version also fixes an issue with closing streams so the workaround in GenerateDefaultTranslationsMojoTest is no longer needed.
Signed-off-by: Wouter Born <github@maindrain.net>
* Sync runtime dependencies with Karaf 4.4.3, most notably:
* Jetty 9.4.50.v20221201
* Pax Logging 2.2.0
* Pax Web 8.0.15
* Use OSGi R8 as compile dependency
* Rework Servlets to use Http Whiteboard annotations in favor of proprietary `org.openhab.core.io.http.servlet` classes
* Resolve itest runbundles
Also-by: Jan N. Klug <github@klug.nrw>
Signed-off-by: Wouter Born <github@maindrain.net>
* Raise source level to Java 17 (except for model classes)
* Remove Nashorn script engine
* Upgrade spotless and add jvm options
See https://github.com/diffplug/spotless/issues/834
* Add suppression for findBugs false positive error
* Upgrade xtext to 2.29.0
* Adjust JNA
* Resolve itests
Signed-off-by: Jan N. Klug <github@klug.nrw>
Upgrades XStream from 1.4.15 to 1.4.17
Prevents the following vulnerabilities when using XStream instances with an uninitialized security framework:
* CVE-2021-21341
* CVE-2021-21342
* CVE-2021-21343
* CVE-2021-21344
* CVE-2021-21345
* CVE-2021-21346
* CVE-2021-21347
* CVE-2021-21348
* CVE-2021-21349
* CVE-2021-21350
* CVE-2021-21351
* CVE-2021-29505
See: http://x-stream.github.io/changes.html#1.4.17
Related to: #2250, #2251
Signed-off-by: Wouter Born <github@maindrain.net>
Upgrades UoM dependencies to:
* javax.measure 2.1.2
* si-units 2.0.1
* indriya 2.1.2
An openHAB OSGi-ified si-units bundle is used as runtime dependency, because the latest si-units release is still missing proper OSGi manifest headers.
Notable changes:
* Quantity not longer implements an `equals` method, so the unit tests had to be adjusted. This should have any impact outside of the unit tests though since the rest of openHAB should be using QuantityType instead.
* RationalConverter is not package private, so instances of it much be created through the MultiplyConverter static functions.
* Quantities.getQuantity can no longer parse values without units like `100`. A workaround has been implemented.
* The unicode greek `mu` letter is now returned for unit prefixes instead of the unicode `micro` character. These characters are visually identical but the unit tests had to be adjusted. The new library seems to parse both types just fine.
Also-by: Connor Petty <mistercpp2000+gitsignoff@gmail.com>
Signed-off-by: Wouter Born <github@maindrain.net>
