chorg: Upgrade logback v1.5.20 (#1233)

Author: caoccao

gradle/libs.versions.toml

@@ -1,16 +1,16 @@
 [versions]
-apache-commons-io = "2.19.0"
-apache-commons-compress = "1.27.1"
-apache-commons-lang = "3.17.0"
+apache-commons-compress = "1.28.0"
+apache-commons-io = "2.20.0"
+apache-commons-lang = "3.19.0"
 apache-plc4x = "0.11.0"
-assertj = "3.27.3"
+assertj = "3.27.6"
 awaitility = "4.3.0"
 bouncycastle = "1.80"
-byteBuddy = "1.17.5"
+byteBuddy = "1.17.8"
 concurrentunit = "0.4.6"
 dagger = "2.56.2"
-digitalpetri-modbus-tcp = "2.1.0"
-dropwizard-metrics = "4.2.33"
+digitalpetri-modbus-tcp = "2.1.3"
+dropwizard-metrics = "4.2.37"
 equalsverifier = "3.17.5"
 errorprone = "2.38.0"
 future-converter = "1.2.0"
@@ -19,39 +19,40 @@ hikari = "6.2.1"
 hivemq-edge-adaptersdk = "2025.15"
 hivemq-edge-extensionsdk = "2025.15"
 hivemq-extensionsdk = "4.43.0"
-hivemq-mqttClient = "1.3.6"
-kotlin = "1.9.25"
+hivemq-mqtt-client = "1.3.10"
 jackson = "2.19.1"
-jacoco = "0.8.11"
 jackson-nullable="0.2.6"
-javassist = "3.30.2-GA"
+jacoco = "0.8.11"
 jakarta-annotation-api = "2.1.1"
+javassist = "3.30.2-GA"
 jaxb2 = "2.3.9"
-jaxb4-bind = "4.0.2"
-jaxb4-impl = "4.0.5"
+jaxb4-bind = "4.0.4"
+jaxb4-impl = "4.0.6"
 jctools = "4.0.5"
-jersey = "3.1.10"
+jersey = "3.1.11"
 jose4j = "0.9.6"
-json-schema-inferrer = "0.2.1"
-json-schema-validator = "1.5.8"
+json = "20250107"
 json-path = "2.9.0"
+json-schema-inferrer = "0.2.1"
+json-schema-validator = "1.5.9"
+json-smart = "2.5.2"
 junit-jupiter = "5.13.2"
-logback = "1.5.18"
-milo = "1.0.5"
+kotlin = "1.9.25"
+logback = "1.5.20"
+mariadb = "3.5.6"
+milo = "1.0.6"
 mockito = "5.17.0"
 mqtt-sn-codec = "838f51d691"
-mssql="12.8.1.jre11"
+mssql = "12.8.1.jre11"
 mtconnect-protocol = "1.0.0"
-mariadb= "3.5.3"
 netty = "4.2.6.Final"
-json = "20250107"
 pmd = "6.55.0"
-postgresql = "42.7.3"
+postgresql = "42.7.8"
 protobuf = "4.32.1"
 shrinkwrap = "1.2.6"
 slf4j = "2.0.17"
 spotBugs = "4.9.4"
-swagger-annotations = "2.2.34"
+swagger-annotations = "2.2.39"
 swagger-jaxrs = "1.6.16"
 systemstubs = "2.1.8"
 victools = "4.38.0"
@@ -62,20 +63,20 @@ zeroallocationhashing = "0.27ea0"
 plugin-cyclonedx = "1.10.0"
 plugin-defaults = "0.2.0"
 plugin-errorprone = "4.2.0"
+plugin-forbiddenapis = "3.9"
+plugin-github-release = "2.5.2"
 plugin-javadoc-links = "0.8.0"
 plugin-license = "0.16.1"
 plugin-metadata = "0.5.0"
 plugin-openapigenerator = "7.13.0"
-plugin-forbiddenapis = "3.9"
-plugin-github-release = "2.5.2"
-plugin-shadow = "8.3.8"
+plugin-shadow = "8.3.9"
 plugin-spotbugs = "6.3.0"
 plugin-versions = "0.51.0"
 
 [libraries]
+apache-commons-compress = { module = "org.apache.commons:commons-compress", version.ref = "apache-commons-compress" }
 apache-commons-io = { module = "commons-io:commons-io", version.ref = "apache-commons-io" }
 apache-commons-lang = { module = "org.apache.commons:commons-lang3", version.ref = "apache-commons-lang" }
-apache-commons-compress = { module = "org.apache.commons:commons-compress", version.ref = "apache-commons-compress" }
 assertj = { module = "org.assertj:assertj-core", version.ref = "assertj" }
 awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" }
 bouncycastle-pkix = { module = "org.bouncycastle:bcpkix-jdk18on", version.ref = "bouncycastle" }
@@ -91,59 +92,58 @@ dropwizard-metrics-jvm = { module = "io.dropwizard.metrics:metrics-jvm", version
 dropwizard-metrics-logback = { module = "io.dropwizard.metrics:metrics-logback", version.ref = "dropwizard-metrics" }
 equalsverifier = { module = "nl.jqno.equalsverifier:equalsverifier", version.ref = "equalsverifier" }
 errorprone = { module = "com.google.errorprone:error_prone_core", version.ref = "errorprone" }
-json-schema-inferrer = { module = "com.github.saasquatch:json-schema-inferrer", version.ref = "json-schema-inferrer" }
-jersey-container-jdk-http = { module = "org.glassfish.jersey.containers:jersey-container-jdk-http", version.ref = "jersey" }
-jersey-hk2 = { module = "org.glassfish.jersey.inject:jersey-hk2", version.ref = "jersey" }
-jersey-media-json-jackson = { module = "org.glassfish.jersey.media:jersey-media-json-jackson", version.ref = "jersey" }
-jersey-media-multipart = { module = "org.glassfish.jersey.media:jersey-media-multipart", version.ref = "jersey" }
 guava = { module = "com.google.guava:guava", version.ref = "guava" }
 hikari = { module = "com.zaxxer:HikariCP", version.ref = "hikari" }
 hivemq-edge-adaptersdk = { module = "com.hivemq:hivemq-edge-adapter-sdk", version.ref = "hivemq-edge-adaptersdk" }
 hivemq-edge-extensionsdk = { module = "com.hivemq:hivemq-edge-extension-sdk", version.ref = "hivemq-edge-extensionsdk" }
 hivemq-extensionsdk = { module = "com.hivemq:hivemq-extension-sdk", version.ref = "hivemq-extensionsdk" }
-hivemq-mqtt-client = { module = "com.hivemq:hivemq-mqtt-client", version.ref = "hivemq-mqttClient" }
-kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "kotlin" }
+hivemq-mqtt-client = { module = "com.hivemq:hivemq-mqtt-client", version.ref = "hivemq-mqtt-client" }
 jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jackson" }
 jackson-databind-nullable = { module = "org.openapitools:jackson-databind-nullable", version.ref = "jackson-nullable" }
 jackson-dataformat-xml = { module = "com.fasterxml.jackson.dataformat:jackson-dataformat-xml", version.ref = "jackson" }
 jackson-datatype-jsr310 = { module = "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", version.ref = "jackson" }
 jackson-jaxrs-json-provider = { module = "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider", version.ref = "jackson" }
+jakarta-annotation-api = { module = "jakarta.annotation:jakarta.annotation-api", version.ref = "jakarta-annotation-api" }
 javacrumbs-futureconverter = { module = "net.javacrumbs.future-converter:future-converter-java8-guava", version.ref = "future-converter" }
 javassist = { module = "org.javassist:javassist", version.ref = "javassist" }
-jakarta-annotation-api = { module = "jakarta.annotation:jakarta.annotation-api", version.ref = "jakarta-annotation-api" }
 jaxb2-impl = { module = "com.sun.xml.bind:jaxb-impl", version.ref = "jaxb2" }
 jaxb4-bind = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jaxb4-bind" }
 jaxb4-impl = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "jaxb4-impl" }
 jctools = { module = "org.jctools:jctools-core", version.ref = "jctools" }
+jersey-container-jdk-http = { module = "org.glassfish.jersey.containers:jersey-container-jdk-http", version.ref = "jersey" }
+jersey-hk2 = { module = "org.glassfish.jersey.inject:jersey-hk2", version.ref = "jersey" }
+jersey-media-json-jackson = { module = "org.glassfish.jersey.media:jersey-media-json-jackson", version.ref = "jersey" }
+jersey-media-multipart = { module = "org.glassfish.jersey.media:jersey-media-multipart", version.ref = "jersey" }
 jose4j = { module = "org.bitbucket.b_c:jose4j", version.ref = "jose4j" }
-json-schema-validator = { module = "com.networknt:json-schema-validator", version.ref = "json-schema-validator" }
 json-path = { module = "com.jayway.jsonpath:json-path", version.ref = "json-path" }
+json-schema-inferrer = { module = "com.github.saasquatch:json-schema-inferrer", version.ref = "json-schema-inferrer" }
+json-schema-validator = { module = "com.networknt:json-schema-validator", version.ref = "json-schema-validator" }
+json-smart = { module = "net.minidev:json-smart", version.ref = "json-smart" }
 junit-bom = { module = "org.junit:junit-bom", version.ref = "junit-jupiter" }
 junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junit-jupiter" }
+kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "kotlin" }
 logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logback" }
-
+mariadb = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadb" }
 milo-client = { module = "org.eclipse.milo:milo-sdk-client", version.ref = "milo" }
-milo-server = { module = "org.eclipse.milo:milo-sdk-server", version.ref = "milo" }
+milo-dtd-manager = { module = "org.eclipse.milo:milo-dtd-manager", version.ref = "milo" }
+milo-dtd-reader = { module = "org.eclipse.milo:milo-dtd-reader", version.ref = "milo" }
 milo-encoding-json = { module = "org.eclipse.milo:milo-encoding-json", version.ref = "milo" }
 milo-encoding-xml = { module = "org.eclipse.milo:milo-encoding-xml", version.ref = "milo" }
-milo-dtd-reader = { module = "org.eclipse.milo:milo-dtd-reader", version.ref = "milo" }
-milo-dtd-manager = { module = "org.eclipse.milo:milo-dtd-manager", version.ref = "milo" }
-
+milo-server = { module = "org.eclipse.milo:milo-sdk-server", version.ref = "milo" }
 mockito-junit-jupiter = { module = "org.mockito:mockito-junit-jupiter", version.ref = "mockito" }
 mqtt-sn-codec = { module = "com.github.simon622.mqtt-sn:mqtt-sn-codec", version.ref = "mqtt-sn-codec" }
-mssql= { module = "com.microsoft.sqlserver:mssql-jdbc", version.ref = "mssql" }
+mssql = { module = "com.microsoft.sqlserver:mssql-jdbc", version.ref = "mssql" }
 mtconnect-protocol = { module = "com.hivemq:hivemq-mtconnect-protocol", version.ref = "mtconnect-protocol"}
-mariadb = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadb" }
 netty-buffer = { module = "io.netty:netty-buffer", version.ref = "netty" }
 netty-codec = { module = "io.netty:netty-codec", version.ref = "netty" }
 netty-codec-http = { module = "io.netty:netty-codec-http", version.ref = "netty" }
 netty-commons = { module = "io.netty:netty-common", version.ref = "netty" }
 netty-handler = { module = "io.netty:netty-handler", version.ref = "netty" }
 netty-transport = { module = "io.netty:netty-transport", version.ref = "netty" }
 org_json = { module = "org.json:json", version.ref = "json" }
+plc4j-ads = { module = "org.apache.plc4x:plc4j-driver-ads", version.ref = "apache-plc4x" }
 plc4j-api = { module = "org.apache.plc4x:plc4j-api", version.ref = "apache-plc4x" }
 plc4j-s7 = { module = "org.apache.plc4x:plc4j-driver-s7", version.ref = "apache-plc4x" }
-plc4j-ads = { module = "org.apache.plc4x:plc4j-driver-ads", version.ref = "apache-plc4x" }
 plc4j-transport-raw-socket = { module = "org.apache.plc4x:plc4j-transport-raw-socket", version.ref = "apache-plc4x" }
 postgresql= { module = "org.postgresql:postgresql", version.ref = "postgresql" }
 protobuf = { module = "com.google.protobuf:protobuf-java", version.ref = "protobuf" }
@@ -159,8 +159,6 @@ victools-jsonschema-jackson = { module = "com.github.victools:jsonschema-module-
 wiremock-jre8-standalone = { module = "com.github.tomakehurst:wiremock-jre8-standalone", version.ref = "wiremock" }
 zeroallocationhashing = { module = "net.openhft:zero-allocation-hashing", version.ref = "zeroallocationhashing" }
 
-
-
 [plugins]
 cyclonedx = { id = "org.cyclonedx.bom", version.ref = "plugin-cyclonedx" }
 defaults = { id = "io.github.sgtsilvio.gradle.defaults", version.ref = "plugin-defaults" }
@@ -174,6 +172,3 @@ openapi-generator = { id = "org.openapi.generator", version.ref = "plugin-openap
 shadow = { id = "com.gradleup.shadow", version.ref = "plugin-shadow" }
 spotbugs = { id = "com.github.spotbugs", version.ref = "plugin-spotbugs" }
 versions = { id = "com.github.ben-manes.versions", version.ref = "plugin-versions" }
-
-
-

hivemq-edge/build.gradle.kts

@@ -212,6 +212,19 @@ dependencies {
     implementation("com.google.protobuf:protobuf-java:4.32.1")
 }
 
+configurations.all {
+    resolutionStrategy {
+        /*
+         * https://nvd.nist.gov/vuln/detail/CVE-2024-57699
+         * A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1.
+         * When loading a specially crafted JSON input, containing a large number of ’{’,
+         * a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS).
+         * This issue exists because of an incomplete fix for CVE-2023-1370.
+         */
+        force(libs.json.smart)
+    }
+}
+
 /* ******************** test ******************** */
 
 dependencies {