From d2026425c952479e96fae15b7d08dbbd4ce1cb1c Mon Sep 17 00:00:00 2001 From: SJ Date: Fri, 21 Oct 2022 12:32:34 +0530 Subject: [PATCH 1/4] chore: migrate to toml dependencies --- gradle/libs.versions.toml | 51 +++++++++++++++++++ .../build.gradle.kts | 8 +-- owasp-suppressions.xml | 10 ++++ .../build.gradle.kts | 21 ++++---- .../build.gradle.kts | 28 +++++----- platform-metrics/build.gradle.kts | 30 +++++------ platform-service-framework/build.gradle.kts | 38 +++++++------- settings.gradle.kts | 3 ++ 8 files changed, 127 insertions(+), 62 deletions(-) create mode 100644 gradle/libs.versions.toml create mode 100644 owasp-suppressions.xml diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml new file mode 100644 index 0000000..82255f4 --- /dev/null +++ b/gradle/libs.versions.toml @@ -0,0 +1,51 @@ +[versions] +hypertrace-grpcUtils = "0.9.0" + +guice = "5.1.0" +grpc = "1.48.0" +jetty = "9.4.48.v20220622" +micrometer = "1.9.5" +dropwizardMetrics = "4.2.10" +prometheus = "0.12.0" +mockito = "4.8.1" + +[libraries] +hypertrace-grpc-client-utils = { module = "org.hypertrace.core.grpcutils:grpc-client-utils", version.ref = "hypertrace-grpcUtils"} +hypertrace-grpc-server-utils = { module = "org.hypertrace.core.grpcutils:grpc-server-utils", version.ref = "hypertrace-grpcUtils"} + +grpc-api = { module = "io.grpc:grpc-api", version.ref = "grpc" } +grpc-core = { module = "io.grpc:grpc-core", version.ref = "grpc" } +grpc-services = { module = "io.grpc:grpc-services", version.ref = "grpc" } + +google-guice = { module = "com.google.inject:guice", version.ref = "guice" } +google-guice-servlet = { module = "com.google.inject.extensions:guice-servlet", version.ref = "guice" } +jetty-servlet = { module = "org.eclipse.jetty:jetty-servlet", version.ref = "jetty" } +jetty-servlets = { module = "org.eclipse.jetty:jetty-servlets", version.ref = "jetty" } +jetty-server = { module = "org.eclipse.jetty:jetty-server", version.ref = "jetty" } +jetty-http = { module = "org.eclipse.jetty:jetty-http", version.ref = "jetty" } +javax-servlet-api = { module = "javax.servlet:javax.servlet-api", version = "4.0.1" } +dropwizard-metrics-core = {module = "io.dropwizard.metrics:metrics-core", version.ref = "dropwizardMetrics" } +dropwizard-metrics-jvm = { module = "io.dropwizard.metrics:metrics-jvm", version.ref = "dropwizardMetrics" } +dropwizard-metrics-servlets = { module = "io.dropwizard.metrics:metrics-servlets", version.ref = "dropwizardMetrics" } +prometheus-dropwizard = { module = "io.prometheus:simpleclient_dropwizard", version.ref = "prometheus" } +prometheus-servlet = { module = "io.prometheus:simpleclient_servlet", version.ref = "prometheus" } +prometheus-pushgateway = { module = "io.prometheus:simpleclient_pushgateway", version.ref = "prometheus" } + +micrometer-core = { module = "io.micrometer:micrometer-core", version.ref = "micrometer" } +micrometer-registry-prometheus = { module = "io.micrometer:micrometer-registry-prometheus", version.ref = "micrometer" } +micrometer-jvm-extras = { module = "io.github.mweirauch:micrometer-jvm-extras", version = "0.2.2" } + +awaitility = { module = "org.awaitility:awaitility", version = "4.0.3" } +google-guava = { module = "com.google.guava:guava", version = "31.1-jre" } +typesafe-config = { module = "com.typesafe:config", version = "1.4.2" } +lombok = { module = "org.projectlombok:lombok", version = "1.18.22" } +slf4j-api = { module = "org.slf4j:slf4j-api", version = "1.7.32" } +apache-log4j-slf4jImpl = { module = "org.apache.logging.log4j:log4j-slf4j-impl", version = "2.17.1" } +apache-httpclient = { module = "org.apache.httpcomponents:httpclient", version = "4.5.13" } + +junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.8.2" } +mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockito" } +mockito-junit = { module = "org.mockito:mockito-junit-jupiter", version.ref = "mockito" } + +[bundles] +mockito = ["mockito-core", "mockito-junit"] \ No newline at end of file diff --git a/integrationtest-service-framework/build.gradle.kts b/integrationtest-service-framework/build.gradle.kts index d2e5ac0..4d119b0 100644 --- a/integrationtest-service-framework/build.gradle.kts +++ b/integrationtest-service-framework/build.gradle.kts @@ -10,11 +10,11 @@ tasks.test { } dependencies { - implementation(project(":platform-service-framework")) + implementation(projects.platformServiceFramework) // Configuration - implementation("com.typesafe:config:1.4.2") + implementation(libs.typesafe.config) // Logging - implementation("org.slf4j:slf4j-api:1.7.36") - implementation("org.awaitility:awaitility:4.0.3") + implementation(libs.slf4j.api) + implementation(libs.awaitility) } diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml new file mode 100644 index 0000000..76d1492 --- /dev/null +++ b/owasp-suppressions.xml @@ -0,0 +1,10 @@ + + + + + ^pkg:maven/org\.hypertrace\.core\.grpcutils/grpc\-client\-rx\-utils@.*$ + cpe:/a:grpc:grpc + + \ No newline at end of file diff --git a/platform-grpc-service-framework/build.gradle.kts b/platform-grpc-service-framework/build.gradle.kts index 914e285..34c4bac 100644 --- a/platform-grpc-service-framework/build.gradle.kts +++ b/platform-grpc-service-framework/build.gradle.kts @@ -6,17 +6,16 @@ plugins { } dependencies { - api(project(":platform-service-framework")) - api(platform("io.grpc:grpc-bom:1.47.0")) - api("io.grpc:grpc-api") - api("io.grpc:grpc-services") - api("org.hypertrace.core.grpcutils:grpc-client-utils:0.7.6") - api("com.typesafe:config:1.4.2") - api(project(":service-framework-spi")) + api(projects.platformServiceFramework) + api(libs.grpc.api) + api(libs.grpc.services) + api(libs.hypertrace.grpc.client.utils) + api(libs.typesafe.config) + api(projects.serviceFrameworkSpi) - annotationProcessor("org.projectlombok:lombok:1.18.24") - compileOnly("org.projectlombok:lombok:1.18.24") + annotationProcessor(libs.lombok) + compileOnly(libs.lombok) - implementation("org.slf4j:slf4j-api:1.7.36") - implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.7.6") + implementation(libs.slf4j.api) + implementation(libs.hypertrace.grpc.server.utils) } diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts index 5a77c48..f67b962 100644 --- a/platform-http-service-framework/build.gradle.kts +++ b/platform-http-service-framework/build.gradle.kts @@ -4,21 +4,21 @@ plugins { } dependencies { - api(project(":platform-service-framework")) - api("org.hypertrace.core.grpcutils:grpc-client-utils:0.7.6") - api("com.typesafe:config:1.4.2") - api("javax.servlet:javax.servlet-api:4.0.1") - api("com.google.inject:guice:5.1.0") - api(project(":service-framework-spi")) + api(projects.platformServiceFramework) + api(libs.hypertrace.grpc.client.utils) + api(libs.typesafe.config) + api(libs.javax.servlet.api) + api(libs.google.guice) + api(projects.serviceFrameworkSpi) - implementation("org.slf4j:slf4j-api:1.7.36") - implementation("com.google.inject.extensions:guice-servlet:5.1.0") - implementation("com.google.guava:guava:31.1-jre") - implementation("org.eclipse.jetty:jetty-servlet:9.4.48.v20220622") - implementation("org.eclipse.jetty:jetty-server:9.4.48.v20220622") - implementation("org.eclipse.jetty:jetty-servlets:9.4.48.v20220622") + implementation(libs.slf4j.api) + implementation(libs.google.guice.servlet) + implementation(libs.google.guava) + implementation(libs.jetty.servlet) + implementation(libs.jetty.server) + implementation(libs.jetty.servlets) - annotationProcessor("org.projectlombok:lombok:1.18.24") - compileOnly("org.projectlombok:lombok:1.18.24") + annotationProcessor(libs.lombok) + compileOnly(libs.lombok) } diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts index cff0559..31638bf 100644 --- a/platform-metrics/build.gradle.kts +++ b/platform-metrics/build.gradle.kts @@ -10,22 +10,22 @@ tasks.test { } dependencies { - api("com.typesafe:config:1.4.2") - api("io.dropwizard.metrics:metrics-core:4.2.10") - api("io.micrometer:micrometer-core:1.5.3") - api("javax.servlet:javax.servlet-api:3.1.0") + api(libs.typesafe.config) + api(libs.dropwizard.metrics.core) + api(libs.micrometer.core) + api(libs.javax.servlet.api) - implementation("io.micrometer:micrometer-registry-prometheus:1.7.5") + implementation(libs.micrometer.registry.prometheus) - implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.0") - implementation("org.slf4j:slf4j-api:1.7.36") - implementation("io.dropwizard.metrics:metrics-jvm:4.2.10") - implementation("io.prometheus:simpleclient_dropwizard:0.12.0") - implementation("io.prometheus:simpleclient_servlet:0.12.0") - implementation("io.prometheus:simpleclient_pushgateway:0.12.0") - implementation("org.eclipse.jetty:jetty-servlet:9.4.48.v20220622") - implementation ("com.google.guava:guava:30.1.1-jre") + implementation(libs.micrometer.jvm.extras) + implementation(libs.slf4j.api) + implementation(libs.dropwizard.metrics.jvm) + implementation(libs.prometheus.dropwizard) + implementation(libs.prometheus.servlet) + implementation(libs.prometheus.pushgateway) + implementation(libs.jetty.servlet) + implementation (libs.google.guava) - testImplementation("org.junit.jupiter:junit-jupiter:5.7.1") - testImplementation("org.mockito:mockito-core:3.8.0") + testImplementation(libs.junit.jupiter) + testImplementation(libs.bundles.mockito) } diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts index cbeccb2..8651334 100644 --- a/platform-service-framework/build.gradle.kts +++ b/platform-service-framework/build.gradle.kts @@ -10,31 +10,33 @@ tasks.test { } dependencies { - api(project(":service-framework-spi")) - implementation(project(":platform-metrics")) + api(projects.serviceFrameworkSpi) + implementation(projects.platformMetrics) - api("org.slf4j:slf4j-api:1.7.36") - api("com.typesafe:config:1.4.2") + api(libs.slf4j.api) + api(libs.typesafe.config) // Use for thread dump servlet - implementation("io.dropwizard.metrics:metrics-servlets:4.2.10") - implementation("org.eclipse.jetty:jetty-servlet:9.4.48.v20220622") + implementation(libs.dropwizard.metrics.servlets) + implementation(libs.jetty.servlet) // Use for metrics servlet - implementation("io.prometheus:simpleclient_servlet:0.12.0") + implementation(libs.prometheus.servlet) // http client - implementation("org.apache.httpcomponents:httpclient:4.5.13") - - constraints { - implementation("commons-codec:commons-codec:1.15") { - because("version 1.12 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518") + implementation(libs.apache.httpclient) + + testImplementation(libs.apache.log4j.slf4jImpl) + testImplementation(libs.junit.jupiter) + testImplementation(libs.bundles.mockito) + testImplementation(libs.jetty.servlet) { + artifact { + classifier = "tests" + } + } + testImplementation(libs.jetty.http) { + artifact { + classifier = "tests" } } - - testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.17.0") - testImplementation("org.junit.jupiter:junit-jupiter:5.7.1") - testImplementation("org.mockito:mockito-core:3.8.0") - testImplementation("org.eclipse.jetty:jetty-servlet:9.4.48.v20220622:tests") - testImplementation("org.eclipse.jetty:jetty-http:9.4.48.v20220622:tests") } diff --git a/settings.gradle.kts b/settings.gradle.kts index 8bd7475..1b2b4d4 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -12,6 +12,9 @@ plugins { id("org.hypertrace.version-settings") version "0.2.0" } +enableFeaturePreview("VERSION_CATALOGS") +enableFeaturePreview("TYPESAFE_PROJECT_ACCESSORS") + include(":platform-grpc-service-framework") include(":platform-http-service-framework") include(":platform-service-framework") From 90b33ab96244dc2e7dfdd3049344eeeb4779fa45 Mon Sep 17 00:00:00 2001 From: SJ Date: Fri, 21 Oct 2022 12:33:59 +0530 Subject: [PATCH 2/4] remove owasp suppressions --- owasp-suppressions.xml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml index 76d1492..cbc052c 100644 --- a/owasp-suppressions.xml +++ b/owasp-suppressions.xml @@ -1,10 +1,3 @@ - - - ^pkg:maven/org\.hypertrace\.core\.grpcutils/grpc\-client\-rx\-utils@.*$ - cpe:/a:grpc:grpc - \ No newline at end of file From 90c6109de72fb5e125c9ba9db5f57da2230ecda2 Mon Sep 17 00:00:00 2001 From: SJ Date: Fri, 21 Oct 2022 12:34:39 +0530 Subject: [PATCH 3/4] remove owasp suppressions --- owasp-suppressions.xml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 owasp-suppressions.xml diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml deleted file mode 100644 index cbc052c..0000000 --- a/owasp-suppressions.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - \ No newline at end of file From 584ea7cc483da3e7fa0d8673c7b01e12f76a7b86 Mon Sep 17 00:00:00 2001 From: SJ Date: Fri, 21 Oct 2022 19:04:05 +0530 Subject: [PATCH 4/4] upgrade dependencies --- gradle/libs.versions.toml | 7 ++++--- platform-grpc-service-framework/build.gradle.kts | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 82255f4..9a02f76 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,8 +2,8 @@ hypertrace-grpcUtils = "0.9.0" guice = "5.1.0" -grpc = "1.48.0" -jetty = "9.4.48.v20220622" +grpc = "1.50.0" +jetty = "9.4.49.v20220914" micrometer = "1.9.5" dropwizardMetrics = "4.2.10" prometheus = "0.12.0" @@ -13,6 +13,7 @@ mockito = "4.8.1" hypertrace-grpc-client-utils = { module = "org.hypertrace.core.grpcutils:grpc-client-utils", version.ref = "hypertrace-grpcUtils"} hypertrace-grpc-server-utils = { module = "org.hypertrace.core.grpcutils:grpc-server-utils", version.ref = "hypertrace-grpcUtils"} +grpc-bom = { module = "io.grpc:grpc-bom", version.ref = "grpc" } grpc-api = { module = "io.grpc:grpc-api", version.ref = "grpc" } grpc-core = { module = "io.grpc:grpc-core", version.ref = "grpc" } grpc-services = { module = "io.grpc:grpc-services", version.ref = "grpc" } @@ -40,7 +41,7 @@ google-guava = { module = "com.google.guava:guava", version = "31.1-jre" } typesafe-config = { module = "com.typesafe:config", version = "1.4.2" } lombok = { module = "org.projectlombok:lombok", version = "1.18.22" } slf4j-api = { module = "org.slf4j:slf4j-api", version = "1.7.32" } -apache-log4j-slf4jImpl = { module = "org.apache.logging.log4j:log4j-slf4j-impl", version = "2.17.1" } +apache-log4j-slf4jImpl = { module = "org.apache.logging.log4j:log4j-slf4j-impl", version = "2.19.0" } apache-httpclient = { module = "org.apache.httpcomponents:httpclient", version = "4.5.13" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version = "5.8.2" } diff --git a/platform-grpc-service-framework/build.gradle.kts b/platform-grpc-service-framework/build.gradle.kts index 34c4bac..c0c3d5f 100644 --- a/platform-grpc-service-framework/build.gradle.kts +++ b/platform-grpc-service-framework/build.gradle.kts @@ -7,6 +7,7 @@ plugins { dependencies { api(projects.platformServiceFramework) + api(platform(libs.grpc.bom)) api(libs.grpc.api) api(libs.grpc.services) api(libs.hypertrace.grpc.client.utils)