diff --git a/annotationProcessor/build.gradle b/annotationProcessor/build.gradle index cea710255..3f7085f90 100644 --- a/annotationProcessor/build.gradle +++ b/annotationProcessor/build.gradle @@ -8,13 +8,6 @@ plugins { sourceCompatibility = JavaVersion.VERSION_17 - -dependencyManagement { - dependencies { - dependency "org.apache.tomcat.embed:tomcat-embed-core:${vApacheTomcat}" - } -} - dependencies { implementation project(':underlay') implementation project(':service') diff --git a/annotationProcessor/gradle.lockfile b/annotationProcessor/gradle.lockfile index 258734a37..a216211ff 100644 --- a/annotationProcessor/gradle.lockfile +++ b/annotationProcessor/gradle.lockfile @@ -200,19 +200,8 @@ io.kubernetes:client-java-proto:21.0.2=productionRuntimeClasspath,runtimeClasspa io.kubernetes:client-java:21.0.2=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.micrometer:micrometer-commons:1.13.8=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.micrometer:micrometer-observation:1.13.8=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-buffer:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http2:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-socks:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-common:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler-proxy:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-resolver:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-tcnative-boringssl-static:2.0.69.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-tcnative-classes:2.0.69.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport-native-unix-common:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport:4.1.115.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-buffer:4.1.118.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-common:4.1.118.Final=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-api:0.31.1=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-exemplar-util:0.31.0=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-grpc-metrics:0.31.1=productionRuntimeClasspath,runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath diff --git a/build.gradle b/build.gradle index 381eaf1d1..6e6abdcee 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ buildscript { vGoogleProtobuf = '0.9.4' // library versions - constraints to address vulns - vIoNetty = '4.1.115.Final' + vIoNetty = '4.1.118.Final' vIoNettyNative = '2.0.69.Final' vLogback = '1.5.15' diff --git a/buildSrc/src/main/groovy/tanagra.java-conventions.gradle b/buildSrc/src/main/groovy/tanagra.java-conventions.gradle index 86ba17f60..526cc2eac 100644 --- a/buildSrc/src/main/groovy/tanagra.java-conventions.gradle +++ b/buildSrc/src/main/groovy/tanagra.java-conventions.gradle @@ -60,6 +60,20 @@ dependencyManagement { // addresses security vulnerabilities dependency "ch.qos.logback:logback-classic:${vLogback}" dependency "ch.qos.logback:logback-core:${vLogback}" + dependency "org.apache.tomcat.embed:tomcat-embed-core:${vApacheTomcat}" + dependency "io.swagger.core.v3:swagger-annotations:${vSwaggerAnnotations}" + dependency "io.swagger.codegen.v3:swagger-codegen-cli:${vSwaggerCodegen}" + dependency "io.netty:netty-buffer:${vIoNetty}" + dependency "io.netty:netty-common:${vIoNetty}" + dependency "io.netty:netty-codec-http2:${vIoNetty}" + dependency "io.netty:netty-codec-socks:${vIoNetty}" + dependency "io.netty:netty-handler-proxy:${vIoNetty}" + dependency "io.netty:netty-tcnative-boringssl-static:${vIoNettyNative}" + dependency "io.netty:netty-tcnative-classes:${vIoNettyNative}" + + dependency 'org.apache.commons:commons-compress:1.26.2' + dependency 'org.apache.avro:avro:1.11.4' + dependency 'com.charleskorn.kaml:kaml:0.60.0' dependency 'org.jetbrains.kotlin:kotlin-stdlib:2.1.0' } } diff --git a/client/build.gradle b/client/build.gradle index df46d1753..22d1c3fac 100644 --- a/client/build.gradle +++ b/client/build.gradle @@ -1,11 +1,8 @@ -import org.springframework.boot.gradle.plugin.SpringBootPlugin - plugins { id 'java-library' id 'maven-publish' id 'com.jfrog.artifactory' version '5.2.2' - id 'io.spring.dependency-management' id 'org.springframework.boot' version "${vSpringBoot}" id 'org.hidetake.swagger.generator' version "${vHidetakeSwagger}" } @@ -30,16 +27,6 @@ javadoc { options.addStringOption('Xdoclint:none', '-quiet') } -dependencyManagement { - imports { - mavenBom SpringBootPlugin.BOM_COORDINATES - } - dependencies { - dependency "io.swagger.core.v3:swagger-annotations:${vSwaggerAnnotations}" - dependency "io.swagger.codegen.v3:swagger-codegen-cli:${vSwaggerCodegen}" - } -} - dependencies { implementation "io.swagger.core.v3:swagger-annotations:${vSwaggerAnnotations}" swaggerCodegen "io.swagger.codegen.v3:swagger-codegen-cli:${vSwaggerCodegen}" diff --git a/indexer/build.gradle b/indexer/build.gradle index e5e652056..adb4b1656 100644 --- a/indexer/build.gradle +++ b/indexer/build.gradle @@ -10,20 +10,6 @@ ext { } dependencies { - // added to address snyk warnings - constraints { - implementation 'org.apache.commons:commons-compress:1.26.2' - implementation "io.netty:netty-codec-http2:${vIoNetty}" - implementation 'org.apache.avro:avro:1.11.4' - runtimeOnly 'com.charleskorn.kaml:kaml:0.60.0' - - // added to use same netty versions across subprojects - implementation "io.netty:netty-codec-socks:${vIoNetty}" - implementation "io.netty:netty-handler-proxy:${vIoNetty}" - implementation "io.netty:netty-tcnative-boringssl-static:${vIoNettyNative}" - implementation "io.netty:netty-tcnative-classes:${vIoNettyNative}" - } - implementation project(':underlay') testImplementation(testFixtures(project(':underlay'))) diff --git a/indexer/gradle.lockfile b/indexer/gradle.lockfile index 14f20b6e5..2221feed9 100644 --- a/indexer/gradle.lockfile +++ b/indexer/gradle.lockfile @@ -169,19 +169,19 @@ io.grpc:grpc-services:1.67.1=compileClasspath,runtimeClasspath,testCompileClassp io.grpc:grpc-stub:1.67.1=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.grpc:grpc-util:1.67.1=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.grpc:grpc-xds:1.67.1=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-buffer:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http2:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-socks:4.1.115.Final=runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-common:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler-proxy:4.1.115.Final=runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-resolver:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-buffer:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-codec-http2:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-codec-http:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-codec-socks:4.1.118.Final=runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-codec:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-common:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-handler-proxy:4.1.118.Final=runtimeClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-handler:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-resolver:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.netty:netty-tcnative-boringssl-static:2.0.69.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.netty:netty-tcnative-classes:2.0.69.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport-native-unix-common:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport:4.1.115.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-transport-native-unix-common:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-transport:4.1.118.Final=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-api:0.31.1=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-exemplar-util:0.31.0=compileClasspath,runtimeClasspath,testCompileClasspath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-grpc-metrics:0.31.0=compileClasspath,testCompileClasspath diff --git a/service/build.gradle b/service/build.gradle index 29fa6e075..c18a77331 100644 --- a/service/build.gradle +++ b/service/build.gradle @@ -21,17 +21,12 @@ dependencyManagement { imports { mavenBom SpringBootPlugin.BOM_COORDINATES } - dependencies { - dependency "io.swagger.core.v3:swagger-annotations:${vSwaggerAnnotations}" - dependency "io.swagger.codegen.v3:swagger-codegen-cli:${vSwaggerCodegen}" - - // added to address snyk vulnerability - dependency "org.apache.tomcat.embed:tomcat-embed-core:${vApacheTomcat}" - } } dependencies { - implementation project(':indexer') + implementation(project(':indexer')) { + exclude group: 'io.netty' + } implementation project(':underlay') testImplementation(testFixtures(project(":underlay"))) diff --git a/service/gradle.lockfile b/service/gradle.lockfile index caeaeba51..5c731734e 100644 --- a/service/gradle.lockfile +++ b/service/gradle.lockfile @@ -208,19 +208,8 @@ io.kubernetes:client-java-proto:21.0.2=compileProtoPath,productionRuntimeClasspa io.kubernetes:client-java:21.0.2=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.micrometer:micrometer-commons:1.13.8=compileClasspath,compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.micrometer:micrometer-observation:1.13.8=compileClasspath,compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-buffer:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http2:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-http:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec-socks:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-codec:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-common:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler-proxy:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-handler:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-resolver:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-tcnative-boringssl-static:2.0.69.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-tcnative-classes:2.0.69.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport-native-unix-common:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-transport:4.1.115.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-buffer:4.1.118.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-common:4.1.118.Final=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-api:0.31.1=compileClasspath,compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-exemplar-util:0.31.0=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-grpc-metrics:0.31.1=compileProtoPath,productionRuntimeClasspath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath diff --git a/underlay/build.gradle b/underlay/build.gradle index 8784ceef5..f4b5c9f25 100644 --- a/underlay/build.gradle +++ b/underlay/build.gradle @@ -6,12 +6,6 @@ plugins { sourceCompatibility = JavaVersion.VERSION_17 dependencies { - // added to address snyk warnings - constraints { - implementation "io.netty:netty-buffer:${vIoNetty}" - implementation "io.netty:netty-common:${vIoNetty}" - } - implementation "com.fasterxml.jackson.core:jackson-core:${vJackson}" implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${vJackson}" implementation 'jakarta.annotation:jakarta.annotation-api:3.0.0' diff --git a/underlay/gradle.lockfile b/underlay/gradle.lockfile index af2a6cebc..0be5f6a09 100644 --- a/underlay/gradle.lockfile +++ b/underlay/gradle.lockfile @@ -98,8 +98,8 @@ io.grpc:grpc-services:1.67.1=compileProtoPath,runtimeClasspath,testCompileProtoP io.grpc:grpc-stub:1.67.1=compileClasspath,compileProtoPath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.grpc:grpc-util:1.67.1=compileClasspath,compileProtoPath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.grpc:grpc-xds:1.67.1=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-buffer:4.1.115.Final=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath -io.netty:netty-common:4.1.115.Final=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-buffer:4.1.118.Final=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath +io.netty:netty-common:4.1.118.Final=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-api:0.31.1=compileClasspath,compileProtoPath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-contrib-http-util:0.31.1=compileClasspath,compileProtoPath,runtimeClasspath,testCompileClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath io.opencensus:opencensus-proto:0.2.0=compileProtoPath,runtimeClasspath,testCompileProtoPath,testFixturesCompileProtoPath,testFixturesRuntimeClasspath,testRuntimeClasspath