Upgrade some dependencies

imsweb · Oct 27, 2023 · 1981a8b · 1981a8b
1 parent c5002d3
commit 1981a8b
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 6 deletions.
diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ plugins {
     id 'java-library'
     id 'checkstyle'
     id 'jacoco'
-    id 'com.github.spotbugs' version '5.1.5'
+    id 'com.github.spotbugs' version '5.2.1'
     id 'maven-publish'
     id 'signing'
     id 'io.github.gradle-nexus.publish-plugin' version '1.3.0' // publish to Maven Central
@@ -30,14 +30,14 @@ repositories {
 dependencies {
     api 'com.imsweb:naaccr-xml:10.1'
 
-    implementation 'commons-io:commons-io:2.14.0'
+    implementation 'commons-io:commons-io:2.15.0'
     implementation 'com.opencsv:opencsv:5.8'
     implementation 'com.thoughtworks.xstream:xstream:1.4.20'
 
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'com.imsweb:seerutils:5.6'
     testImplementation 'com.imsweb:seerutils-gui:1.20'
-    testImplementation 'com.imsweb:naaccr-api-client:1.0-SNAPSHOT' // access NAACCR documentation API
+    testImplementation 'com.imsweb:naaccr-api-client:1.0' // access NAACCR documentation API
     testImplementation 'org.commonmark:commonmark:0.21.0' // convert markdown to HTML for NAACCR documentation
     testImplementation 'org.freemarker:freemarker:2.3.32' // fill it template for NAACCR documentation
     testImplementation 'org.xhtmlrenderer:flying-saucer-core:9.3.1' // Java Swing HTML renderer for NAACCR documentation lab
@@ -122,6 +122,19 @@ sonarqube {
     }
 }
 
+def isNonStable = { String version ->
+    def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
+    def regex = /^[0-9,.v-]+(-r)?$/
+    return !stableKeyword && !(version ==~ regex)
+}
+
+// https://github.com/ben-manes/gradle-versions-plugin
+tasks.named("dependencyUpdates").configure {
+    rejectVersionIf {
+        isNonStable(it.candidate.version)
+    }
+}
+
 // needed to deploy to Maven Central
 publishing {
     publications {
@@ -172,8 +185,8 @@ publishing {
 signing {
     required { !project.version.endsWith('-SNAPSHOT') }
 
-    def signingKey = project.findProperty('signing.armored.key') ?: ''
-    def signingPassword = project.findProperty('signing.armored.password') ?: ''
+    String signingKey = project.findProperty('signingKey') ?: ''
+    String signingPassword = project.findProperty('signingPassword') ?: ''
 
     useInMemoryPgpKeys(signingKey, signingPassword)
 

diff --git a/config/spotbugs/spotbugs-exclude.xml b/config/spotbugs/spotbugs-exclude.xml
@@ -16,4 +16,12 @@
     <Match>
         <Bug pattern="EI_EXPOSE_REP,EI_EXPOSE_REP2"/>
     </Match>
+    <Match>
+         <!-- Do not reuse public identifiers from JSL as class name, fixing this is too disruptive -->
+        <Bug pattern="PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_CLASS_NAMES"/>
+    </Match>
+    <Match>
+        <!-- Be wary of letting constructors throw exceptions, not easy to fix, and I don't think that can create a problem -->
+        <Bug pattern="CT_CONSTRUCTOR_THROW"/>
+    </Match>
 </FindBugsFilter>
diff --git a/settings.gradle b/settings.gradle
@@ -1 +1,4 @@
-rootProject.name = 'layout'
+rootProject.name = 'layout'
+
+// following can be removed when sonarQube plugin is upgraded to 5.x
+System.setProperty('sonar.gradle.skipCompile', 'true')