From f2084324e823bc92233bb8d38a949a3cfba6f635 Mon Sep 17 00:00:00 2001 From: aherbst-broad Date: Mon, 20 May 2024 13:16:34 -0400 Subject: [PATCH] Upgrade TCL and constraint bouncy castle due to the transitive dependency from k8s-java Upgrade other vulnerable libs that showed up during a srcclr scan. Add ability to run srcclr via gradle locally. --- README.md | 33 +++++++++ build.gradle | 5 +- gradle.lockfile | 162 +++++++++++++++++++++---------------------- gradle/srcclr.gradle | 3 + 4 files changed, 120 insertions(+), 83 deletions(-) create mode 100644 gradle/srcclr.gradle diff --git a/README.md b/README.md index 3e6aeb23..697da45a 100644 --- a/README.md +++ b/README.md @@ -206,3 +206,36 @@ that mention "dependency lock state" after changing a dep, you need to do this s ### Jacoco We use [Jacoco](https://www.eclemma.org/jacoco/) as code coverage library + +## SourceClear + +[SourceClear](https://srcclr.github.io) is a static analysis tool that scans a project's Java +dependencies for known vulnerabilities. If you are working on addressing dependency vulnerabilities +in response to a SourceClear finding, you may want to run a scan off of a feature branch and/or local code. + +### Github Action + +You can trigger RBS's SCA scan on demand via its +[Github Action](https://github.com/broadinstitute/dsp-appsec-sourceclear-github-actions/actions/workflows/z-manual-terra-resource-buffer.yml), +and optionally specify a Github ref (branch, tag, or SHA) to check out from the repo to scan. By default, +the scan is run off of RBS's `master` branch. + +High-level results are outputted in the Github Actions run. + +### Running Locally + +You will need to get the API token from Vault before running the Gradle `srcclr` task. + +```sh +export SRCCLR_API_TOKEN=$(vault read -field=api_token secret/secops/ci/srcclr/gradle-agent) +./gradlew srcclr +``` + +High-level results are outputted to the terminal. + +### Veracode + +Full results including dependency graphs are uploaded to +[Veracode](https://sca.analysiscenter.veracode.com/workspaces/jppForw/projects/544768/issues) +(if running off of a feature branch, navigate to Project Details > Selected Branch > Change to select your feature branch). +You can request a Veracode account to view full results from #dsp-infosec-champions. diff --git a/build.gradle b/build.gradle index 090011f3..124801a3 100644 --- a/build.gradle +++ b/build.gradle @@ -18,6 +18,7 @@ plugins { id 'org.hidetake.swagger.generator' version '2.19.2' id 'org.sonarqube' version '4.0.0.2929' id 'org.springframework.boot' version "${springBootVersion}" + id 'com.srcclr.gradle' version '3.1.12' } sourceCompatibility = JavaVersion.VERSION_17 @@ -59,7 +60,7 @@ repositories { dependencies { // Terra deps - we get Stairway via TCL - implementation group: 'bio.terra', name: 'terra-common-lib', version: '1.1.6-SNAPSHOT' + implementation group: 'bio.terra', name: 'terra-common-lib', version: '1.1.11-SNAPSHOT' implementation group: 'bio.terra', name: 'terra-cloud-resource-lib', version: '1.2.30-SNAPSHOT' implementation group: 'bio.terra', name: 'terra-resource-janitor-client', version: '0.113.31-SNAPSHOT' @@ -95,6 +96,7 @@ dependencies { implementation group: 'org.apache.commons', name: 'commons-pool2', version: '2.11.1' implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jdbc', version: "${springBootVersion}" implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: "${springBootVersion}" + implementation group: 'org.springframework.retry', name: 'spring-retry', version: '2.0.6' // Swagger deps implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.13.3' @@ -143,6 +145,7 @@ apply from: "$gradleIncDir/spotbugs.gradle" apply from: "$gradleIncDir/spotless.gradle" apply from: "$gradleIncDir/swagger-server.gradle" apply from: "$gradleIncDir/testing.gradle" +apply from: "$gradleIncDir/srcclr.gradle" sourceSets.main.java.srcDir "${swaggerOutputDir}/src/main/java" sourceSets.test.resources.srcDir 'config/' // Allow unit tests to directly load config files. diff --git a/gradle.lockfile b/gradle.lockfile index 92813fc3..95437940 100644 --- a/gradle.lockfile +++ b/gradle.lockfile @@ -5,7 +5,7 @@ bio.terra:stairway-azure:1.0.7-SNAPSHOT=productionRuntimeClasspath,runtimeClassp bio.terra:stairway-gcp:1.0.7-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath bio.terra:stairway:1.0.7-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath bio.terra:terra-cloud-resource-lib:1.2.30-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath -bio.terra:terra-common-lib:1.1.6-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath +bio.terra:terra-common-lib:1.1.11-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath bio.terra:terra-resource-janitor-client:0.113.31-SNAPSHOT=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath ch.qos.logback.contrib:logback-jackson:0.1.5=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath ch.qos.logback.contrib:logback-json-classic:0.1.5=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -35,26 +35,26 @@ com.azure:azure-identity:1.10.4=productionRuntimeClasspath,runtimeClasspath,test com.azure:azure-json:1.1.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.azure:azure-messaging-servicebus:7.14.0-beta.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.core:jackson-annotations:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.core:jackson-annotations:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-annotations:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.core:jackson-core:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.core:jackson-core:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-core:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.core:jackson-databind:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.core:jackson-databind:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.core:jackson-databind:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.fasterxml.jackson.datatype:jackson-datatype-guava:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.datatype:jackson-datatype-guava:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson.module:jackson-module-parameter-names:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson.module:jackson-module-parameter-names:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fasterxml.jackson:jackson-bom:2.15.4=compileClasspath,testCompileClasspath -com.fasterxml.jackson:jackson-bom:2.16.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.fasterxml.woodstox:woodstox-core:6.5.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.jackson:jackson-bom:2.17.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.fasterxml.woodstox:woodstox-core:6.6.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.fatboyindustrial.gson-javatime-serialisers:gson-javatime-serialisers:1.1.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.github.jsqlparser:jsqlparser:4.6=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.github.spotbugs:spotbugs-annotations:4.7.3=spotbugs @@ -62,37 +62,37 @@ com.github.spotbugs:spotbugs:4.7.3=spotbugs com.github.stephenc.jcip:jcip-annotations:1.0-1=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.android:annotations:4.1.1.4=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api-client:google-api-client:2.2.0=compileClasspath,testCompileClasspath -com.google.api-client:google-api-client:2.3.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api-client:google-api-client:2.4.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:gapic-google-cloud-storage-v2:2.29.1-alpha=compileClasspath,testCompileClasspath -com.google.api.grpc:gapic-google-cloud-storage-v2:2.34.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:gapic-google-cloud-storage-v2:2.36.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:grpc-google-cloud-storage-v2:2.29.1-alpha=compileClasspath,testCompileClasspath -com.google.api.grpc:grpc-google-cloud-storage-v2:2.34.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:grpc-google-cloud-storage-v2:2.36.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:grpc-google-cloud-trace-v2:2.30.0=compileClasspath,testCompileClasspath -com.google.api.grpc:grpc-google-cloud-trace-v2:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:grpc-google-cloud-trace-v2:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-billing-v1:2.30.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-billing-v1:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-billing-v1:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-monitoring-v3:3.31.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-monitoring-v3:3.37.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-monitoring-v3:3.40.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-pubsub-v1:1.107.11=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-pubsub-v1:1.108.6=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-pubsub-v1:1.109.3=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-storage-v2:2.29.1-alpha=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-storage-v2:2.34.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-storage-v2:2.36.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-trace-v1:2.30.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-trace-v1:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-trace-v1:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-cloud-trace-v2:2.30.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-cloud-trace-v2:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-cloud-trace-v2:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-common-protos:2.28.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-common-protos:2.34.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-common-protos:2.37.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api.grpc:proto-google-iam-v1:1.23.0=compileClasspath,testCompileClasspath -com.google.api.grpc:proto-google-iam-v1:1.29.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api.grpc:proto-google-iam-v1:1.32.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api:api-common:2.20.0=compileClasspath,testCompileClasspath -com.google.api:api-common:2.26.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api:api-common:2.29.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api:gax-grpc:2.37.0=compileClasspath,testCompileClasspath -com.google.api:gax-grpc:2.43.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api:gax-grpc:2.46.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api:gax-httpjson:2.37.0=compileClasspath,testCompileClasspath -com.google.api:gax-httpjson:2.43.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api:gax-httpjson:2.46.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.api:gax:2.37.0=compileClasspath,testCompileClasspath -com.google.api:gax:2.43.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.api:gax:2.46.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.apis:google-api-services-bigquery:v2-rev20231008-2.0.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.apis:google-api-services-cloudresourcemanager:v3-rev20231022-2.0.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.apis:google-api-services-compute:v1-rev20231031-2.0.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath @@ -103,7 +103,7 @@ com.google.apis:google-api-services-logging:v2-rev20240311-2.0.0=productionRunti com.google.apis:google-api-services-notebooks:v1-rev20231019-2.0.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.apis:google-api-services-serviceusage:v1beta1-rev20230309-2.0.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.apis:google-api-services-storage:v1-rev20231028-2.0.0=compileClasspath,testCompileClasspath -com.google.apis:google-api-services-storage:v1-rev20240209-2.0.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.apis:google-api-services-storage:v1-rev20240311-2.0.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.auth:google-auth-library-credentials:1.20.0=compileClasspath,testCompileClasspath com.google.auth:google-auth-library-credentials:1.23.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.auth:google-auth-library-oauth2-http:1.20.0=compileClasspath,testCompileClasspath @@ -116,33 +116,33 @@ com.google.cloud.opentelemetry:exporter-trace:0.25.2=compileClasspath,testCompil com.google.cloud.opentelemetry:exporter-trace:0.27.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud.opentelemetry:shared-resourcemapping:0.27.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-billing:2.30.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-billing:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-billing:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-core-grpc:2.27.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-core-grpc:2.33.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-core-grpc:2.36.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-core-http:2.27.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-core-http:2.33.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-core-http:2.36.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-core:2.27.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-core:2.33.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-core:2.36.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-monitoring:3.31.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-monitoring:3.37.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-monitoring:3.40.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-pubsub:1.125.11=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-pubsub:1.126.6=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-pubsub:1.127.3=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-storage:2.29.1=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-storage:2.34.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-storage:2.36.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:google-cloud-trace:2.30.0=compileClasspath,testCompileClasspath -com.google.cloud:google-cloud-trace:2.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:google-cloud-trace:2.39.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.cloud:libraries-bom:26.27.0=compileClasspath,testCompileClasspath -com.google.cloud:libraries-bom:26.33.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.cloud:libraries-bom:26.35.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.code.findbugs:jsr305:3.0.2=compileClasspath,productionRuntimeClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath com.google.code.gson:gson:2.10.1=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.code.gson:gson:2.9.1=spotbugs com.google.errorprone:error_prone_annotations:2.22.0=compileClasspath,testCompileClasspath -com.google.errorprone:error_prone_annotations:2.24.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.errorprone:error_prone_annotations:2.26.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.guava:failureaccess:1.0.1=compileClasspath,testCompileClasspath com.google.guava:failureaccess:1.0.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.guava:guava-parent:32.1.2-jre=compileClasspath,testCompileClasspath com.google.guava:guava:32.1.2-jre=compileClasspath,testCompileClasspath -com.google.guava:guava:33.0.0-jre=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.guava:guava:33.1.0-jre=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.google.http-client:google-http-client-apache-v2:1.43.3=compileClasspath,testCompileClasspath com.google.http-client:google-http-client-apache-v2:1.44.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -154,13 +154,14 @@ com.google.http-client:google-http-client-jackson2:1.43.3=compileClasspath,testC com.google.http-client:google-http-client-jackson2:1.44.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.http-client:google-http-client:1.43.3=compileClasspath,testCompileClasspath com.google.http-client:google-http-client:1.44.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -com.google.j2objc:j2objc-annotations:2.8=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath +com.google.j2objc:j2objc-annotations:2.8=compileClasspath,testCompileClasspath +com.google.j2objc:j2objc-annotations:3.0.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.oauth-client:google-oauth-client:1.34.1=compileClasspath,testCompileClasspath com.google.oauth-client:google-oauth-client:1.35.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.protobuf:protobuf-java-util:3.24.4=compileClasspath,testCompileClasspath com.google.protobuf:protobuf-java-util:3.25.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.protobuf:protobuf-java:3.24.4=compileClasspath,testCompileClasspath -com.google.protobuf:protobuf-java:3.25.3=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.google.protobuf:protobuf-java:3.25.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.google.re2j:re2j:1.7=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.jayway.jsonpath:json-path:2.9.0=testCompileClasspath,testRuntimeClasspath com.microsoft.azure:adal4j:1.6.7=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -171,8 +172,7 @@ com.nimbusds:content-type:2.2=compileClasspath,productionRuntimeClasspath,runtim com.nimbusds:lang-tag:1.7=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.nimbusds:nimbus-jose-jwt:9.30.2=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.nimbusds:oauth2-oidc-sdk:10.7.1=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath -com.opencsv:opencsv:5.7.1=compileClasspath,testCompileClasspath -com.opencsv:opencsv:5.9=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +com.opencsv:opencsv:5.7.1=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath com.squareup.okhttp3:logging-interceptor:4.12.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.squareup.okhttp3:okhttp:4.12.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath com.squareup.okio:okio-jvm:3.6.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -187,31 +187,31 @@ commons-logging:commons-logging:1.2=compileClasspath,testCompileClasspath commons-logging:commons-logging:1.3.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.github.classgraph:classgraph:4.8.147=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath io.grpc:grpc-alts:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-alts:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-alts:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-api:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-api:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-api:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-auth:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-auth:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-auth:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-context:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-context:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-context:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-core:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-core:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.grpc:grpc-googleapis:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-core:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-googleapis:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-grpclb:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-grpclb:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-grpclb:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-inprocess:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-inprocess:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-inprocess:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-netty-shaded:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-netty-shaded:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-netty-shaded:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-protobuf-lite:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-protobuf-lite:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-protobuf-lite:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-protobuf:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-protobuf:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.grpc:grpc-rls:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.grpc:grpc-services:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-protobuf:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-rls:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-services:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-stub:1.59.0=compileClasspath,testCompileClasspath -io.grpc:grpc-stub:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.grpc:grpc-util:1.61.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-stub:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.grpc:grpc-util:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.grpc:grpc-xds:1.62.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.gsonfire:gson-fire:1.9.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.kubernetes:client-java-api:20.0.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -273,29 +273,29 @@ io.opentelemetry.instrumentation:opentelemetry-spring-webmvc-6.0:1.31.0-alpha=co io.opentelemetry.instrumentation:opentelemetry-spring-webmvc-6.0:2.0.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry.semconv:opentelemetry-semconv:1.21.0-alpha=compileClasspath,testCompileClasspath io.opentelemetry.semconv:opentelemetry-semconv:1.22.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.opentelemetry:opentelemetry-api-events:1.34.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-api-events:1.36.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-api:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-api:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-api:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-bom-alpha:1.34.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-bom:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-context:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-context:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-context:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-exporter-logging:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-exporter-logging:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-exporter-logging:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-exporter-prometheus:1.31.0-alpha=compileClasspath,testCompileClasspath io.opentelemetry:opentelemetry-exporter-prometheus:1.34.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.opentelemetry:opentelemetry-extension-incubator:1.34.1-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-extension-incubator:1.36.0-alpha=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-sdk-common:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-sdk-common:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-common:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-sdk-logs:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-sdk-logs:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-logs:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-sdk-metrics:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-sdk-metrics:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-metrics:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-sdk-trace:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-sdk-trace:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk-trace:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.opentelemetry:opentelemetry-sdk:1.31.0=compileClasspath,testCompileClasspath -io.opentelemetry:opentelemetry-sdk:1.34.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +io.opentelemetry:opentelemetry-sdk:1.36.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.perfmark:perfmark-api:0.27.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath io.projectreactor.netty:reactor-netty-core:1.1.12=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath io.projectreactor.netty:reactor-netty-http:1.1.12=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath @@ -324,14 +324,14 @@ jakarta.validation:jakarta.validation-api:3.0.2=compileClasspath,productionRunti jakarta.ws.rs:jakarta.ws.rs-api:3.1.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath jakarta.xml.bind:jakarta.xml.bind-api:2.3.3=productionRuntimeClasspath,runtimeClasspath jakarta.xml.bind:jakarta.xml.bind-api:4.0.2=testCompileClasspath,testRuntimeClasspath -javax.activation:javax.activation-api:1.2.0=compileClasspath,testCompileClasspath +javax.activation:javax.activation-api:1.2.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath javax.annotation:javax.annotation-api:1.3.2=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath javax.validation:validation-api:2.0.1.Final=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath javax.xml.bind:jaxb-api:2.3.1=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath jaxen:jaxen:1.2.0=spotbugs joda-time:joda-time:2.8.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath net.bytebuddy:byte-buddy-agent:1.14.9=testCompileClasspath,testRuntimeClasspath -net.bytebuddy:byte-buddy:1.14.9=testCompileClasspath,testRuntimeClasspath +net.bytebuddy:byte-buddy:1.14.9=productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath net.java.dev.jna:jna-platform:5.13.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath net.java.dev.jna:jna:5.13.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath net.jcip:jcip-annotations:1.0=spotbugs @@ -349,8 +349,7 @@ org.apache.commons:commons-lang3:3.12.0=compileClasspath,spotbugs,testCompileCla org.apache.commons:commons-lang3:3.14.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.apache.commons:commons-pool2:2.11.1=compileClasspath,testCompileClasspath org.apache.commons:commons-pool2:2.12.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -org.apache.commons:commons-text:1.10.0=compileClasspath,spotbugs,testCompileClasspath -org.apache.commons:commons-text:1.11.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.apache.commons:commons-text:1.10.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath org.apache.httpcomponents.client5:httpclient5:5.1.3=spotbugs org.apache.httpcomponents.core5:httpcore5-h2:5.1.3=spotbugs org.apache.httpcomponents.core5:httpcore5:5.1.3=spotbugs @@ -371,13 +370,13 @@ org.assertj:assertj-core:3.24.2=testCompileClasspath,testRuntimeClasspath org.awaitility:awaitility:4.2.1=testCompileClasspath,testRuntimeClasspath org.bitbucket.b_c:jose4j:0.9.4=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.bouncycastle:bcpkix-jdk18on:1.77=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -org.bouncycastle:bcprov-jdk18on:1.77=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.bouncycastle:bcprov-jdk18on:1.78=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.bouncycastle:bcutil-jdk18on:1.77=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.broadinstitute.dsde.workbench:sam-client_2.13:0.1-0c4b377=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.checkerframework:checker-qual:3.39.0=compileClasspath,testCompileClasspath org.checkerframework:checker-qual:3.42.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.codehaus.mojo:animal-sniffer-annotations:1.23=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -org.codehaus.woodstox:stax2-api:4.2.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.codehaus.woodstox:stax2-api:4.2.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.conscrypt:conscrypt-openjdk-uber:2.5.2=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.dom4j:dom4j:2.1.3=spotbugs org.glassfish.hk2.external:jakarta.inject:2.6.1=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath @@ -408,8 +407,7 @@ org.junit.platform:junit-platform-engine:1.10.2=testRuntimeClasspath org.junit:junit-bom:5.10.2=testCompileClasspath,testRuntimeClasspath org.junit:junit-bom:5.9.1=spotbugs org.jvnet.mimepull:mimepull:1.9.13=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath -org.liquibase:liquibase-core:4.22.0=compileClasspath,testCompileClasspath -org.liquibase:liquibase-core:4.26.0=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.liquibase:liquibase-core:4.22.0=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.mockito:mockito-core:5.7.0=testCompileClasspath,testRuntimeClasspath org.mockito:mockito-junit-jupiter:5.7.0=testCompileClasspath,testRuntimeClasspath org.objenesis:objenesis:3.3=testRuntimeClasspath @@ -428,7 +426,7 @@ org.ow2.asm:asm:9.4=spotbugs org.ow2.asm:asm:9.6=testCompileClasspath,testRuntimeClasspath org.postgresql:postgresql:42.7.2=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.reactivestreams:reactive-streams:1.0.4=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath -org.scala-lang:scala-library:2.13.13=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.scala-lang:scala-library:2.13.10=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath org.skyscreamer:jsonassert:1.5.1=testCompileClasspath,testRuntimeClasspath org.slf4j:jul-to-slf4j:2.0.13=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.slf4j:slf4j-api:2.0.0=spotbugs,spotbugsSlf4j @@ -450,7 +448,7 @@ org.springframework.boot:spring-boot:3.2.5=compileClasspath,productionRuntimeCla org.springframework.data:spring-data-commons:3.2.5=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.springframework.data:spring-data-jdbc:3.2.5=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.springframework.data:spring-data-relational:3.2.5=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath -org.springframework.retry:spring-retry:2.0.5=productionRuntimeClasspath,runtimeClasspath,testRuntimeClasspath +org.springframework.retry:spring-retry:2.0.6=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.springframework:spring-aop:6.1.6=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.springframework:spring-beans:6.1.6=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath org.springframework:spring-context:6.1.6=compileClasspath,productionRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath diff --git a/gradle/srcclr.gradle b/gradle/srcclr.gradle new file mode 100644 index 00000000..6b3516c3 --- /dev/null +++ b/gradle/srcclr.gradle @@ -0,0 +1,3 @@ +srcclr { + scope = "productionRuntimeClasspath" +} \ No newline at end of file