Merge pull request #6400 from halibobo1205/481/update_dependencies

 feat(dependencies): update dependencies for security

Author: kuny0707

build.gradle

@@ -1,6 +1,9 @@
 allprojects {
     version = "1.0.0"
     apply plugin: "java-library"
+    ext {
+        springVersion = "5.3.39"
+    }
 }
 
 subprojects {
@@ -41,8 +44,7 @@ subprojects {
         implementation group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.25'
         implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
         implementation "com.google.code.findbugs:jsr305:3.0.0"
-        implementation group: 'org.springframework', name: 'spring-context', version: '5.3.18'
-        implementation group: 'org.springframework', name: 'spring-tx', version: '5.3.18'
+        implementation group: 'org.springframework', name: 'spring-context', version: "${springVersion}"
         implementation "org.apache.commons:commons-lang3:3.4"
         implementation group: 'org.apache.commons', name: 'commons-math', version: '2.2'
         implementation "org.apache.commons:commons-collections4:4.1"

chainbase/build.gradle

@@ -10,7 +10,8 @@ dependencies {
     api project(":common")
     api project(":crypto")
     api "org.fusesource.jansi:jansi:$jansiVersion"
-    api 'io.github.tronprotocol:zksnark-java-sdk:1.0.0'
+    api group: 'commons-io', name: 'commons-io', version: '2.18.0'
+    api 'io.github.tronprotocol:zksnark-java-sdk:1.0.0' exclude(group: 'commons-io', module: 'commons-io')
     api 'org.reflections:reflections:0.9.11'
 }
 

common/build.gradle

@@ -30,8 +30,8 @@ if (isWindows()) {
 }
 
 dependencies {
-    api group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.4.2' // https://github.com/FasterXML/jackson-databind/issues/3627
-    api "com.cedarsoftware:java-util:1.8.0"
+    api group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.18.3' // https://github.com/FasterXML/jackson-databind/issues/3627
+    api "com.cedarsoftware:java-util:3.2.0"
     api group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.1'
     api group: 'commons-codec', name: 'commons-codec', version: '1.11'
     api group: 'com.beust', name: 'jcommander', version: '1.78'
@@ -44,7 +44,7 @@ dependencies {
     api 'org.aspectj:aspectjrt:1.8.13'
     api 'org.aspectj:aspectjweaver:1.8.13'
     api 'org.aspectj:aspectjtools:1.8.13'
-    api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.5',{
+    api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.6',{
         exclude group: 'io.grpc', module: 'grpc-context'
         exclude group: 'io.grpc', module: 'grpc-core'
         exclude group: 'io.grpc', module: 'grpc-netty'

common/src/main/java/org/tron/core/config/CommonConfig.java

@@ -21,10 +21,8 @@
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
-import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 @Configuration
-@EnableTransactionManagement
 @EnableAspectJAutoProxy
 @ComponentScan(basePackages = "org.tron")
 public class CommonConfig {

framework/build.gradle

@@ -38,15 +38,11 @@ dependencies {
     //local libraries
     implementation fileTree(dir: 'libs', include: '*.jar')
     // end local libraries
-    testImplementation group: 'org.hamcrest', name: 'hamcrest-junit', version: '1.0.0.1'
-
-    implementation group: 'com.google.inject', name: 'guice', version: '4.1.0'
     implementation group: 'io.dropwizard.metrics', name: 'metrics-core', version: '3.1.2'
     implementation group: 'com.github.davidb', name: 'metrics-influxdb', version: '0.8.2'
-    implementation group: 'com.carrotsearch', name: 'java-sizeof', version: '0.0.5'
     // http
-    implementation 'org.eclipse.jetty:jetty-server:9.4.53.v20231009'
-    implementation 'org.eclipse.jetty:jetty-servlet:9.4.53.v20231009'
+    implementation 'org.eclipse.jetty:jetty-server:9.4.57.v20241219'
+    implementation 'org.eclipse.jetty:jetty-servlet:9.4.57.v20241219'
     implementation 'com.alibaba:fastjson:1.2.83'
     // end http
 
@@ -56,14 +52,11 @@ dependencies {
     // https://mvnrepository.com/artifact/javax.portlet/portlet-api
     compileOnly group: 'javax.portlet', name: 'portlet-api', version: '3.0.1'
 
-    implementation "io.vavr:vavr:0.9.2"
     implementation (group: 'org.pf4j', name: 'pf4j', version: '3.10.0') {
         exclude group: "org.slf4j", module: "slf4j-api"
     }
 
-    testImplementation group: 'org.springframework', name: 'spring-test', version: '5.2.0.RELEASE'
-    testImplementation group: 'org.springframework', name: 'spring-web', version: '5.2.0.RELEASE'
-
+    testImplementation group: 'org.springframework', name: 'spring-test', version: "${springVersion}"
     implementation group: 'org.zeromq', name: 'jeromq', version: '0.5.3'
     api project(":chainbase")
     api project(":protocol")

framework/src/test/java/org/springframework/http/InvalidMediaTypeException.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.http;
+
+import org.springframework.util.InvalidMimeTypeException;
+
+/**
+ * Exception thrown from {@link MediaType#parseMediaType(String)} in case of
+ * encountering an invalid media type specification String.
+ *
+ * @author Juergen Hoeller
+ * @since 3.2.2
+ */
+@SuppressWarnings("serial")
+public class InvalidMediaTypeException extends IllegalArgumentException {
+
+  private final String mediaType;
+
+
+  /**
+   * Create a new InvalidMediaTypeException for the given media type.
+   *
+   * @param mediaType the offending media type
+   * @param message   a detail message indicating the invalid part
+   */
+  public InvalidMediaTypeException(String mediaType, String message) {
+    super("Invalid media type \"" + mediaType + "\": " + message);
+    this.mediaType = mediaType;
+  }
+
+  /**
+   * Constructor that allows wrapping {@link InvalidMimeTypeException}.
+   */
+  InvalidMediaTypeException(InvalidMimeTypeException ex) {
+    super(ex.getMessage(), ex);
+    this.mediaType = ex.getMimeType();
+  }
+
+
+  /**
+   * Return the offending media type.
+   */
+  public String getMediaType() {
+    return this.mediaType;
+  }
+
+}