Upgrade library dependencies to recent releases during early OH5 milestone phase

[holgerfriedrich]

Core has a lot of dependencies which are not up to date.

Basically we have a set of dependencies which get upgraded in a regular frequency: e.g. Karaf, Jetty, PaxWeb, some of the commons libs, asm (typically all of them on every Karaf release); Xtext/Xtend, guava, ecj, etc.

In addition, there are a lot of dependencies which have not seen an upgrade over years. This typically leads to mayn outdated dependencies still being pulled in or other upgrades being blocked by dependency conflicts.

For OH5, there is already a set of PRs to address this:

• #4584
• #4604
• #4620
• #4628
• #4639
• #4642
• #4658
• #4663
• #4664
• #4665

There is a list of dependencies which still need attention (will post an excerpt from mvn versions:display-dependency-updates below in the comment). Deprecated javax namespace is still a topic, not all dependencies already support jakarta namespace (e.g. hivemq-mqtt).

We cannot work on most of this close to a release, as sometimes files are missing on jfrog and break plugin installation, etc.

[holgerfriedrich]

TODO - this is an excerpt of

mvn versions:display-dependency-updates -nsu -Dmaven.version.ignore=".*-beta-.*,.*\.BETA[0-9]+,.*-M[0-9]+,.*alpha[0-9]+,.*-b[0-9]+,.*2\.0\.1\.MR,.*\.M[0-9]+" -B -Dversions.outputLineWidth=120 |tee deps
cat deps|grep -v Downl|grep "\.\.\."|grep -v "openHAB Core"|grep -- "->" |grep -v "jetty:jetty-" | grep -v "web:pax-web" |sort -u

Those packages have not been addressed yet, some are transitive deps still:

ch.qos.logback:logback-classic .............................................................. 1.3.14 -> 1.5.17

com.igormaznitsa:jbbp ......................................................................... 1.4.1 -> 3.0.1 (in our osgiified repo)

com.sun.xml.bind:jaxb-osgi .................................................................... 2.3.9 -> 4.0.5 org.bouncycastle:bcpkix-jdk18on ............................................................... 1.78.1 -> 1.80 - PR to Karaf? org.bouncycastle:bcprov-jdk18on ............................................................... 1.78.1 -> 1.80 - PR to Karaf? org.antlr:antlr-runtime ......................................................................... 3.2 -> 3.5.3 (transitive dep of xtext)

// v5 has issues with osgi org.mockito:mockito-core .................................................................... 4.11.0 -> 5.16.0 org.mockito:mockito-junit-jupiter ........................................................... 4.11.0 -> 5.16.0

jakarta.xml.bind:jakarta.xml.bind-api ......................................................... 2.3.3 -> 4.0.2 org.apache.aries.spec:org.apache.aries.javax.jax.rs-api ....................................... 1.0.0 -> 1.0.4 org.apache.felix:org.apache.felix.http.servlet-api ............................................ 1.1.2 -> 3.0.0 org.apache.felix:org.apache.felix.http.servlet-api ............................................ 1.2.0 -> 3.0.0

org.apache.servicemix.bundles:org.apache.servicemix.bundles.saaj-impl ..................... 1.4.0_2 -> 1.5.1_1 org.apache.servicemix.specs:org.apache.servicemix.specs.annotation-api-1.3 .................... 1.3_1 -> 1.3_3

org.eclipse.emf:org.eclipse.emf.codegen ..................................................... 2.22.0 -> 2.25.0 org.eclipse.emf:org.eclipse.emf.codegen.ecore ............................................... 2.29.0 -> 2.41.0 org.eclipse.emf:org.eclipse.emf.common ...................................................... 2.24.0 -> 2.41.0 org.eclipse.emf:org.eclipse.emf.ecore ....................................................... 2.26.0 -> 2.38.0 org.eclipse.emf:org.eclipse.emf.ecore.change ................................................ 2.14.0 -> 2.17.0 org.eclipse.emf:org.eclipse.emf.ecore.xmi ................................................... 2.16.0 -> 2.38.0 org.eclipse.emf:org.eclipse.emf.mwe.core .................................................... 1.14.0 -> 1.15.0 org.eclipse.emf:org.eclipse.emf.mwe.utils ................................................... 1.14.0 -> 1.15.0 org.eclipse.emf:org.eclipse.emf.mwe2.language ............................................... 2.20.0 -> 2.21.0 org.eclipse.emf:org.eclipse.emf.mwe2.launch ................................................. 2.20.0 -> 2.21.0 org.eclipse.emf:org.eclipse.emf.mwe2.lib .................................................... 2.20.0 -> 2.21.0 org.eclipse.emf:org.eclipse.emf.mwe2.runtime ................................................ 2.20.0 -> 2.21.0

org.eclipse.jdt:org.eclipse.jdt.annotation ................................................ 2.2.100 -> 2.3.100 org.eclipse.jdt:org.eclipse.jdt.annotation ................................................ 2.2.600 -> 2.3.100

org.eclipse.platform:org.eclipse.* org.eclipse.platform:org.eclipse.equinox.log.stream ......................................... 1.1.100 -> 1.2.0 org.eclipse.platform:org.eclipse.equinox.event ............................................ 1.6.200 -> 1.7.200

org.eclipse.platform:org.eclipse.osgi ....................................................... 3.18.0 -> 3.22.0

org.osgi:org.osgi.service.jdbc ................................................................ 1.0.1 -> 1.1.0 org.osgi:org.osgi.util.pushstream ............................................................. 1.0.0 -> 1.1.0

glassfish-jaxb

jakarta namespace conflicts with hivemq (+dagger) still forces us to use mvn:jakarta.inject/jakarta.inject-api/1.0.5 in addons/mqtt.generic, -> 2.x

[holgerfriedrich]

Closing this one for OH5.0. Will add a similar one for 5.1 after Karaf 4.4.8 is released and integrated.