build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224

[jeremylong]

Pending a resolution to gradle/gradle#27156

[mbecca]

Pending a resolution to gradle/gradle#27156

Hi, the issue was resolved! gradle/gradle#27156

[mbecca]

Hello @jeremylong, is there any possibility to re-activate this PR?

[jeremylong]

Upgrading is a breaking change. I'd rather hold off a bit. If the concern is the CVE; see https://github.com/jeremylong/DependencyCheck/security/dependabot/833

The CLI is not used in the dependency-check project.

[leaqui]

Upgrading is a breaking change. I'd rather hold off a bit. If the concern is the CVE; see https://github.com/jeremylong/DependencyCheck/security/dependabot/833

The CLI is not used in the dependency-check project.

link broken?

[jeremylong]

Ah sorry - I forgot that link is only available to maintainers.

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console.

We don't use the CLI. Dependency-check is not affected by the CVE.

[mbecca]

Hi @jeremylong , I´ve a problem with quarkus gradle plugin, because it has com.h2database:h2:2.2.224 on their classpath.
I posted a question in StackOverflow, do you have any ideas about it?

https://stackoverflow.com/questions/78162642/quarkus-gradle-plugin-classpath-exclude-problem

I need strictly force com.h2database:h2:2.1.214 because I have a central NVD database builded with com.h2database:h2:2.1.214

Thanks.

[jeremylong]

Aren't breaking changes on minor versions great fun? You could try constraints: https://stackoverflow.com/a/57636110

Also, is this a multi-project build and/or have a buildSrc? You might need to do the configuration in buildSrc... Been a while since I fought with gradle on this though.

[mbecca]

Aren't breaking changes on minor versions great fun? You could try constraints: https://stackoverflow.com/a/57636110

Also, is this a multi-project build and/or have a buildSrc? You might need to do the configuration in buildSrc... Been a while since I fought with gradle on this though.

It isn´t a multi-project build. I add build Script for testing, but it's configuration doesn´t work

new build.gradle:

buildscript {
  repositories {
    maven {
      url = uri("https://plugins.gradle.org/m2/")
    }
  }
  dependencies {
     constraints {
        classpath('com.h2database:h2:2.1.214') {
            because 'testing force upgrade'
        }
     }
    
  }
}
plugins {
      id 'java'
      id 'org.owasp.dependencycheck' version '9.0.9'
      id 'io.quarkus'	


}

version = '0.1.0'

configurations {
    all {
        resolutionStrategy {
            force 'com.h2database:h2:2.1.214'
            forcedModules = ['com.h2database:h2:2.1.214']
        }
    }
}

wrapper {
    gradleVersion = '8.6'    
}

[mbecca]

I found a solution!, thanks @jeremylong

build.gradle:

buildscript {
    configurations.classpath {
      resolutionStrategy {
            force 'com.h2database:h2:2.1.214'            
        }
  }
}
plugins {
	id 'java'
    id 'org.owasp.dependencycheck' version '9.0.9'
    id 'io.quarkus'	
}

[jeremylong]

Planning on including this in the 10.0 release.

[jeremylong]

TODO - document minimum gradle versions. See gradle/gradle#27156