WrenSecurity/wrensec-commons

Wrong configuration of project dependencies

Closed this issue 5 years ago · 0 comments

karelmaxa commented 5 years ago

I have found some dependency issues after usage of latest release in Wren:IDM:

SLF4J

The latest version that can be used is version 1.7.23.
In this version jcl-over-slf4j exports org.apache.commons.logging in version 1.1.1 that is required by httpasyncclient-osgi.
Later versions export org.apache.commons.logging in version 1.2.0.
Dependency httpasyncclient-osgi could be also upgraded but there where some other issues with the newest SLF4J version.

javax.servlet-api

The latest version that can be used is version 3.1.0.
Version 3.1.0 is the latest version provided by pax-web-jetty-bundle.
There is no version of pax-web-jetty-bundle that provides javax.server in version 4.0.1.

io.swagger

There was legacy exclusion of swagger-annotations.
This package is imported by couple of OSGi components.