Skip to content
This repository has been archived by the owner on Dec 13, 2023. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'origin/main' into oss-dependency-cve-re…
Browse files Browse the repository at this point in the history 
…solution
  • Loading branch information
Scott Carter committed Nov 13, 2023
2 parents 890b646 + 9669d46 commit f5d22e2
Show file tree
Hide file tree
Showing 45 changed files with 333 additions and 677 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ buildscan.log
# JS & UI Related
node_modules
/ui/build
/ui/public/monaco-editor

# publishing secrets
secrets/signing-key
Expand Down
4 changes: 2 additions & 2 deletions annotations-processor/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ sourceSets {

dependencies {
implementation project(':conductor-annotations')
api 'com.google.guava:guava:31.1-jre'
api 'com.google.guava:guava:32.1.2-jre'
api 'com.squareup:javapoet:1.13.+'
api 'com.github.jknack:handlebars:4.3.+'
api 'com.google.protobuf:protobuf-java:3.21.7'
api 'com.google.protobuf:protobuf-java:3.21.12'
api 'javax.annotation:javax.annotation-api:1.3.2'
api gradleApi()

Expand Down
28 changes: 8 additions & 20 deletions annotations-processor/dependencies.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,10 @@
"locked": "4.3.1"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"locked": "3.21.7"
"locked": "3.21.12"
},
"com.netflix.conductor:conductor-annotations": {
"project": true
Expand Down Expand Up @@ -147,12 +147,6 @@
],
"locked": "2.13.5"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations"
],
"locked": "32.0.0-jre"
},
"com.netflix.conductor:conductor-annotations": {
"project": true
},
Expand Down Expand Up @@ -264,13 +258,10 @@
"locked": "4.3.1"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations"
],
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"locked": "3.21.7"
"locked": "3.21.12"
},
"com.netflix.conductor:conductor-annotations": {
"project": true
Expand Down Expand Up @@ -356,10 +347,10 @@
"locked": "4.3.1"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"locked": "3.21.7"
"locked": "3.21.12"
},
"com.netflix.conductor:conductor-annotations": {
"project": true
Expand Down Expand Up @@ -475,13 +466,10 @@
"locked": "4.3.1"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations"
],
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"locked": "3.21.7"
"locked": "3.21.12"
},
"com.netflix.conductor:conductor-annotations": {
"project": true
Expand Down
12 changes: 0 additions & 12 deletions annotations/dependencies.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"org.apache.logging.log4j:log4j-api": {
"locked": "2.17.2"
},
Expand Down Expand Up @@ -94,9 +91,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"org.apache.logging.log4j:log4j-api": {
"locked": "2.17.2"
},
Expand Down Expand Up @@ -150,9 +144,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"junit:junit": {
"locked": "4.13.2"
},
Expand Down Expand Up @@ -221,9 +212,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"junit:junit": {
"locked": "4.13.2"
},
Expand Down
26 changes: 2 additions & 24 deletions awss3-storage/dependencies.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"com.netflix.conductor:conductor-common": {
"project": true
},
Expand Down Expand Up @@ -173,14 +170,6 @@
],
"locked": "2.9.3"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations",
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "32.0.0-jre"
},
"com.google.protobuf:protobuf-java": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-common",
Expand Down Expand Up @@ -250,7 +239,7 @@
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "2.0.5"
"locked": "2.0.6"
},
"org.apache.commons:commons-lang3": {
"firstLevelTransitive": [
Expand Down Expand Up @@ -351,9 +340,6 @@
"com.fasterxml.jackson.module:jackson-module-afterburner": {
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
},
"com.netflix.conductor:conductor-common": {
"project": true
},
Expand Down Expand Up @@ -495,14 +481,6 @@
],
"locked": "2.9.3"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations",
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "32.0.0-jre"
},
"com.google.protobuf:protobuf-java": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-common",
Expand Down Expand Up @@ -578,7 +556,7 @@
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "2.0.5"
"locked": "2.0.6"
},
"org.apache.commons:commons-lang3": {
"firstLevelTransitive": [
Expand Down
22 changes: 6 additions & 16 deletions awssqs-event-queue/dependencies.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.netflix.conductor:conductor-common": {
"project": true
Expand Down Expand Up @@ -177,12 +177,7 @@
"locked": "2.9.3"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations",
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"firstLevelTransitive": [
Expand Down Expand Up @@ -253,7 +248,7 @@
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "2.0.5"
"locked": "2.0.6"
},
"org.apache.commons:commons-lang3": {
"firstLevelTransitive": [
Expand Down Expand Up @@ -355,7 +350,7 @@
"locked": "2.15.0"
},
"com.google.guava:guava": {
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.netflix.conductor:conductor-common": {
"project": true
Expand Down Expand Up @@ -505,12 +500,7 @@
"locked": "2.9.3"
},
"com.google.guava:guava": {
"firstLevelTransitive": [
"com.netflix.conductor:conductor-annotations",
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "32.0.0-jre"
"locked": "32.1.2-jre"
},
"com.google.protobuf:protobuf-java": {
"firstLevelTransitive": [
Expand Down Expand Up @@ -587,7 +577,7 @@
"com.netflix.conductor:conductor-common",
"com.netflix.conductor:conductor-core"
],
"locked": "2.0.5"
"locked": "2.0.6"
},
"org.apache.commons:commons-lang3": {
"firstLevelTransitive": [
Expand Down
23 changes: 9 additions & 14 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,18 @@ buildscript {
}
}
dependencies {
classpath 'com.netflix.nebula:gradle-extra-configurations-plugin:7.0.0'
classpath 'com.netflix.nebula:gradle-extra-configurations-plugin:10.0.0'
classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.7.16'
classpath 'com.diffplug.spotless:spotless-plugin-gradle:6.+'
}
}

plugins {
id 'io.spring.dependency-management' version '1.0.13.RELEASE'
id 'io.spring.dependency-management' version '1.1.3'
id 'java'
id 'application'
id 'jacoco'
id 'nebula.netflixoss' version '10.6.0'
id 'com.netflix.nebula.netflixoss' version '11.3.2'
id 'org.sonarqube' version '3.4.0.2513'
}

Expand Down Expand Up @@ -47,13 +47,16 @@ apply from: "$rootDir/dependencies.gradle"
apply from: "$rootDir/springboot-bom-overrides.gradle"

allprojects {
apply plugin: 'nebula.netflixoss'
apply plugin: 'com.netflix.nebula.netflixoss'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'java-library'
apply plugin: 'project-report'

sourceCompatibility = JavaVersion.VERSION_17
targetCompatibility = JavaVersion.VERSION_17
java {
toolchain {
languageVersion = JavaLanguageVersion.of(17)
}
}

group = 'com.netflix.conductor'

Expand Down Expand Up @@ -145,14 +148,6 @@ allprojects {
strictly '[2.17.2,3.0)'
}
}
implementation('com.google.guava:guava') {
version {
// this is the preferred version this library will use
prefer '32.0.0-jre'
// the strict bounds, effectively allowing any 32.x version between 32.0.0 and 32.1.1
strictly '[32.0.0-jre,32.1.1-jre)'
}
}
implementation('org.yaml:snakeyaml') {
version {
// this is the preferred version this library will use
Expand Down
Loading

0 comments on commit f5d22e2

Please sign in to comment.