pom.xml: downgrade Shiro

See #36. Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>
killbill · Aug 25, 2020 · a900f77 · a900f77
1 parent fbe8472
commit a900f77
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -27,6 +27,9 @@ updates:
     - dependency-name: org.antlr:stringtemplate
       versions:
         - ">= 4.0.0"
+    - dependency-name: org.apache.shiro:*
+      versions:
+        - "< 2.0.0"
     - dependency-name: org.eclipse.jetty:*
       versions:
         - ">= 10.0.0"

diff --git a/NEWS b/NEWS
@@ -17,7 +17,6 @@
     Update netty from 4.1.50.Final to 4.1.51.Final
     Update postgresql from 42.1.4 to 42.2.16
     Update redisson from 3.13.2 to 3.13.3
-    Update shiro from 1.3.2 to 1.6.0
     Update spotbugs-annotations from 4.0.6 to 4.1.2
     Update testng from 7.1.0 to 7.3.0
 

diff --git a/pom.xml b/pom.xml
@@ -786,20 +786,22 @@
                 <version>4.2.2</version>
                 <classifier>all</classifier>
             </dependency>
+            <!-- Because of https://issues.apache.org/jira/browse/SHIRO-679 (duplicate classes across artifacts),
+                 we cannot upgrade until 2.0.0 is released (https://github.com/apache/shiro/pull/236) -->
             <dependency>
                 <groupId>org.apache.shiro</groupId>
                 <artifactId>shiro-core</artifactId>
-                <version>1.6.0</version>
+                <version>1.3.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.shiro</groupId>
                 <artifactId>shiro-guice</artifactId>
-                <version>1.6.0</version>
+                <version>1.3.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.shiro</groupId>
                 <artifactId>shiro-web</artifactId>
-                <version>1.6.0</version>
+                <version>1.3.2</version>
             </dependency>
             <dependency>
                 <groupId>org.assertj</groupId>