Update various dependency versions (#451)

* Update version for Tuweni and signers library * Remove kotlin forced dependency * Update licenses check * Fix Java-WebSocket license reporting * Updating various versions * Update Besu version to 22.1.3 * Changelog
Consensys · Apr 4, 2022 · e0c0bf2 · e0c0bf2
1 parent b17d186
commit e0c0bf2
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,13 +2,17 @@
 
 ## Upcoming Release
 ### Breaking Changes
-- Update Metrics service default port from 8546 to 9546. 
+- Updated Metrics service default port from 8546 to 9546.
 
+### Features Added
+- Updated various dependent libraries versions
+
+---
 ## 22.1.0
 ### Features Added
 - Updated Tuweni dependency to version 2.1.0 [#432](https://github.com/ConsenSys/ethsigner/pull/432)
 - Updated Besu dependency to version 22.1.0 [#436](https://github.com/ConsenSys/ethsigner/pull/436)
-
+---
 ## 21.10.9
 ### Breaking Changes
 - Update EthSigner docker image user to use `ethsigner` instead of `root`. It may result in backward compatibility/permission issues with existing directory mounts.

diff --git a/gradle.properties b/gradle.properties
@@ -1,3 +1,8 @@
+besuVersion=22.1.3
+besuDistroUrl=https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/${besuVersion}/besu-${besuVersion}.tar.gz
+hashicorpVaultVersion=1.9.2
+hashicorpVaultUrl=https://releases.hashicorp.com/vault
+
 # Set exports/opens flags required by Google Java Format and ErrorProne plugins. (JEP-396)
 org.gradle.jvmargs=-Xmx1g \
   --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \
@@ -11,7 +16,4 @@ org.gradle.jvmargs=-Xmx1g \
   --add-opens jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED \
   --add-opens jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED \
   --add-opens jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
-besuVersion=22.1.0
-besuDistroUrl=https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/${besuVersion}/besu-${besuVersion}.tar.gz
-hashicorpVaultVersion=1.9.2
-hashicorpVaultUrl=https://releases.hashicorp.com/vault
+
diff --git a/gradle/license-report-config/allowed-licenses.json b/gradle/license-report-config/allowed-licenses.json
@@ -65,8 +65,10 @@
     },
     {
       "moduleLicense": "Unicode/ICU License",
-      "moduleVersion": "58.2",
       "moduleName": "com.ibm.icu:icu4j"
+    },
+    {
+      "moduleName": "org.antlr:ST4"
     }
   ],
   "overrideLicenses": [
@@ -113,6 +115,18 @@
     {
       "moduleName": "io.netty:netty-tcnative-classes",
       "moduleLicense": "Apache License, Version 2.0"
+    },
+    {
+      "moduleName": "org.antlr:ST4",
+      "moduleLicense": "The BSD License"
+    },
+    {
+      "moduleName": "com.google.protobuf:protobuf-java",
+      "moduleLicense": "The BSD License"
+    },
+    {
+      "moduleName": "org.java-websocket:Java-WebSocket",
+      "moduleLicense": "MIT License"
     }
   ]
 }
diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -13,24 +13,24 @@
 
 dependencyManagement {
   dependencies {
-    dependencySet(group: 'com.google.errorprone', version: '2.10.0') {
+    dependencySet(group: 'com.google.errorprone', version: '2.11.0') {
       entry 'error_prone_annotation'
       entry 'error_prone_check_api'
       entry 'error_prone_core'
       entry 'error_prone_test_helpers'
     }
 
-    dependency 'com.google.guava:guava:31.0.1-jre'
+    dependency 'com.google.guava:guava:31.1-jre'
 
     dependency 'com.squareup.okhttp3:okhttp:4.9.3'
 
     dependency 'commons-io:commons-io:2.11.0'
 
-    dependency 'info.picocli:picocli:4.6.2'
+    dependency 'info.picocli:picocli:4.6.3'
 
     dependency 'io.rest-assured:rest-assured:4.4.0'
 
-    dependencySet(group: 'io.vertx', version: '4.2.3') {
+    dependencySet(group: 'io.vertx', version: '4.2.6') {
        entry 'vertx-codegen'
        entry 'vertx-core'
        entry 'vertx-unit'
@@ -40,13 +40,13 @@ dependencyManagement {
 
     dependency 'javax.activation:activation:1.1.1'
 
-    dependencySet(group: 'org.apache.logging.log4j', version: '2.17.1') {
+    dependencySet(group: 'org.apache.logging.log4j', version: '2.17.2') {
       entry 'log4j-api'
       entry 'log4j-core'
       entry 'log4j-slf4j-impl'
     }
 
-    dependencySet(group: 'org.apache.tuweni', version: '2.1.0') {
+    dependencySet(group: 'org.apache.tuweni', version: '2.2.0') {
       entry 'tuweni-net'
       entry 'tuweni-toml'
     }
@@ -74,15 +74,15 @@ dependencyManagement {
       entry 'mockito-junit-jupiter'
     }
 
-    dependencySet(group: 'org.web3j', version: '4.8.9') {
+    dependencySet(group: 'org.web3j', version: '4.9.0') {
       entry 'besu'
       entry ('core') {
         exclude group: 'com.github.jnr', name: 'jnr-unixsocket'
       }
       entry 'crypto'
     }
 
-    dependencySet(group: 'tech.pegasys.signers.internal', version: '2.0.0') {
+    dependencySet(group: 'tech.pegasys.signers.internal', version: '2.2.1') {
       entry 'keystorage-hashicorp'
       entry 'signing-secp256k1-api'
       entry 'signing-secp256k1-impl'
@@ -93,8 +93,18 @@ dependencyManagement {
     dependency "org.hyperledger.besu:plugin-api:${besuVersion}"
     dependency "org.hyperledger.besu.internal:metrics-core:${besuVersion}"
 
-    // explicit declaring to override older versions with vulnerabilities
+    // explicit declaring to override transitive dependencies with vulnerabilities
+    dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.2.2'
     dependency 'org.java-websocket:Java-WebSocket:1.5.2'
-    dependency 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.4.21'
+    dependency 'com.google.protobuf:protobuf-java:3.19.4'
+    dependencySet(group: 'io.grpc', version: '1.45.1') {
+      entry 'grpc-api'
+      entry 'grpc-context'
+      entry 'grpc-core'
+      entry 'grpc-netty'
+      entry 'grpc-protobuf'
+      entry 'grpc-protobuf-lite'
+      entry 'grpc-stub'
+    }
   }
 }