From e0c0bf2f3a8cf533ab1476ed87a642f5de8c249d Mon Sep 17 00:00:00 2001 From: Usman Saleem Date: Tue, 5 Apr 2022 09:31:41 +1000 Subject: [PATCH] Update various dependency versions (#451) * Update version for Tuweni and signers library * Remove kotlin forced dependency * Update licenses check * Fix Java-WebSocket license reporting * Updating various versions * Update Besu version to 22.1.3 * Changelog --- CHANGELOG.md | 8 +++-- gradle.properties | 10 ++++--- .../allowed-licenses.json | 16 +++++++++- gradle/versions.gradle | 30 ++++++++++++------- 4 files changed, 47 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dda7af08d..bac7cadc4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,17 @@ ## Upcoming Release ### Breaking Changes -- Update Metrics service default port from 8546 to 9546. +- Updated Metrics service default port from 8546 to 9546. +### Features Added +- Updated various dependent libraries versions + +--- ## 22.1.0 ### Features Added - Updated Tuweni dependency to version 2.1.0 [#432](https://github.com/ConsenSys/ethsigner/pull/432) - Updated Besu dependency to version 22.1.0 [#436](https://github.com/ConsenSys/ethsigner/pull/436) - +--- ## 21.10.9 ### Breaking Changes - Update EthSigner docker image user to use `ethsigner` instead of `root`. It may result in backward compatibility/permission issues with existing directory mounts. diff --git a/gradle.properties b/gradle.properties index 9ce920f32..2bb137c59 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,3 +1,8 @@ +besuVersion=22.1.3 +besuDistroUrl=https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/${besuVersion}/besu-${besuVersion}.tar.gz +hashicorpVaultVersion=1.9.2 +hashicorpVaultUrl=https://releases.hashicorp.com/vault + # Set exports/opens flags required by Google Java Format and ErrorProne plugins. (JEP-396) org.gradle.jvmargs=-Xmx1g \ --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \ @@ -11,7 +16,4 @@ org.gradle.jvmargs=-Xmx1g \ --add-opens jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED \ --add-opens jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED \ --add-opens jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED -besuVersion=22.1.0 -besuDistroUrl=https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/${besuVersion}/besu-${besuVersion}.tar.gz -hashicorpVaultVersion=1.9.2 -hashicorpVaultUrl=https://releases.hashicorp.com/vault + diff --git a/gradle/license-report-config/allowed-licenses.json b/gradle/license-report-config/allowed-licenses.json index 132a91abc..33e3b42ad 100644 --- a/gradle/license-report-config/allowed-licenses.json +++ b/gradle/license-report-config/allowed-licenses.json @@ -65,8 +65,10 @@ }, { "moduleLicense": "Unicode/ICU License", - "moduleVersion": "58.2", "moduleName": "com.ibm.icu:icu4j" + }, + { + "moduleName": "org.antlr:ST4" } ], "overrideLicenses": [ @@ -113,6 +115,18 @@ { "moduleName": "io.netty:netty-tcnative-classes", "moduleLicense": "Apache License, Version 2.0" + }, + { + "moduleName": "org.antlr:ST4", + "moduleLicense": "The BSD License" + }, + { + "moduleName": "com.google.protobuf:protobuf-java", + "moduleLicense": "The BSD License" + }, + { + "moduleName": "org.java-websocket:Java-WebSocket", + "moduleLicense": "MIT License" } ] } diff --git a/gradle/versions.gradle b/gradle/versions.gradle index fe73324b4..1a6b087f1 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -13,24 +13,24 @@ dependencyManagement { dependencies { - dependencySet(group: 'com.google.errorprone', version: '2.10.0') { + dependencySet(group: 'com.google.errorprone', version: '2.11.0') { entry 'error_prone_annotation' entry 'error_prone_check_api' entry 'error_prone_core' entry 'error_prone_test_helpers' } - dependency 'com.google.guava:guava:31.0.1-jre' + dependency 'com.google.guava:guava:31.1-jre' dependency 'com.squareup.okhttp3:okhttp:4.9.3' dependency 'commons-io:commons-io:2.11.0' - dependency 'info.picocli:picocli:4.6.2' + dependency 'info.picocli:picocli:4.6.3' dependency 'io.rest-assured:rest-assured:4.4.0' - dependencySet(group: 'io.vertx', version: '4.2.3') { + dependencySet(group: 'io.vertx', version: '4.2.6') { entry 'vertx-codegen' entry 'vertx-core' entry 'vertx-unit' @@ -40,13 +40,13 @@ dependencyManagement { dependency 'javax.activation:activation:1.1.1' - dependencySet(group: 'org.apache.logging.log4j', version: '2.17.1') { + dependencySet(group: 'org.apache.logging.log4j', version: '2.17.2') { entry 'log4j-api' entry 'log4j-core' entry 'log4j-slf4j-impl' } - dependencySet(group: 'org.apache.tuweni', version: '2.1.0') { + dependencySet(group: 'org.apache.tuweni', version: '2.2.0') { entry 'tuweni-net' entry 'tuweni-toml' } @@ -74,7 +74,7 @@ dependencyManagement { entry 'mockito-junit-jupiter' } - dependencySet(group: 'org.web3j', version: '4.8.9') { + dependencySet(group: 'org.web3j', version: '4.9.0') { entry 'besu' entry ('core') { exclude group: 'com.github.jnr', name: 'jnr-unixsocket' @@ -82,7 +82,7 @@ dependencyManagement { entry 'crypto' } - dependencySet(group: 'tech.pegasys.signers.internal', version: '2.0.0') { + dependencySet(group: 'tech.pegasys.signers.internal', version: '2.2.1') { entry 'keystorage-hashicorp' entry 'signing-secp256k1-api' entry 'signing-secp256k1-impl' @@ -93,8 +93,18 @@ dependencyManagement { dependency "org.hyperledger.besu:plugin-api:${besuVersion}" dependency "org.hyperledger.besu.internal:metrics-core:${besuVersion}" - // explicit declaring to override older versions with vulnerabilities + // explicit declaring to override transitive dependencies with vulnerabilities + dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.2.2' dependency 'org.java-websocket:Java-WebSocket:1.5.2' - dependency 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.4.21' + dependency 'com.google.protobuf:protobuf-java:3.19.4' + dependencySet(group: 'io.grpc', version: '1.45.1') { + entry 'grpc-api' + entry 'grpc-context' + entry 'grpc-core' + entry 'grpc-netty' + entry 'grpc-protobuf' + entry 'grpc-protobuf-lite' + entry 'grpc-stub' + } } }