Skip to content

Commit

Permalink
upgrade third-party dependencies for security scan
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidangb
davidangb committed Oct 16, 2017
1 parent cd795c9 commit cdfcb10
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 33 deletions.
13 changes: 4 additions & 9 deletions project/Dependencies.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import sbt._

object Dependencies {
val akkaV = "2.4.19"
val sprayV = "1.3.3"
val sprayV = "1.3.4"
val jacksonV = "2.8.8"
// note that jackson-databind overrides this below! 2.8.8.1 is not released for core or annotations.

Expand All @@ -25,21 +25,15 @@ object Dependencies {

"io.spray" %% "spray-can" % sprayV,
"io.spray" %% "spray-routing" % sprayV,
"io.spray" %% "spray-json" % "1.3.2",
"io.spray" %% "spray-json" % "1.3.3",
"io.spray" %% "spray-client" % sprayV,
"io.spray" %% "spray-testkit" % sprayV % "test",
"com.typesafe.akka" %% "akka-actor" % akkaV,
"com.typesafe.akka" %% "akka-testkit" % akkaV % "test",
"com.typesafe.akka" %% "akka-slf4j" % akkaV,
"com.typesafe.akka" %% "akka-stream" % akkaV,

"org.elasticsearch.client" % "transport" % "5.3.2"
exclude("io.netty", "netty-common"),
// elasticsearch 5.3.2 relies on netty 4.1.7.Final, which has a scary but benign warning
// that clutters our logs. Use netty 4.1.9.Final instead, and revisit this when
// upgrading the ES client. See https://github.com/netty/netty/pull/6308 and elsewhere.
"io.netty" % "netty-common" % "4.1.9.Final",
// end manual netty imports
"org.elasticsearch.client" % "transport" % "5.4.3",

"com.google.api-client" % "google-api-client" % "1.22.0"
exclude("com.google.guava", "guava-jdk5"),
Expand All @@ -53,6 +47,7 @@ object Dependencies {
"org.ocpsoft.prettytime" % "prettytime" % "4.0.1.Final",
"org.everit.json" % "org.everit.json.schema" % "1.4.1",
"com.github.pathikrit" %% "better-files" % "2.17.1",
"org.apache.httpcomponents" % "httpclient" % "4.5.3",

"org.specs2" %% "specs2-core" % "3.7" % "test",
"org.scalatest" %% "scalatest" % "2.2.6" % "test",
Expand Down
30 changes: 6 additions & 24 deletions project/Testing.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,33 +9,15 @@ object Testing {

val commonTestSettings: Seq[Setting[_]] = List(

// SLF4J initializes itself upon the first logging call. Because sbt
// runs tests in parallel it is likely that a second thread will
// invoke a second logging call before SLF4J has completed
// initialization from the first thread's logging call, leading to
// these messages:
// SLF4J: The following loggers will not work because they were created
// SLF4J: during the default configuration phase of the underlying logging system.
// SLF4J: See also http://www.slf4j.org/codes.html#substituteLogger
// SLF4J: com.imageworks.common.concurrent.SingleThreadInfiniteLoopRunner
//
// As a workaround, load SLF4J's root logger before starting the unit
// tests

// Source: https://github.com/typesafehub/scalalogging/issues/23#issuecomment-17359537
// References:
// http://stackoverflow.com/a/12095245
// http://jira.qos.ch/browse/SLF4J-167
// http://jira.qos.ch/browse/SLF4J-97
testOptions in Test += Tests.Setup(classLoader =>
classLoader
.loadClass("org.slf4j.LoggerFactory")
.getMethod("getLogger", classLoader.loadClass("java.lang.String"))
.invoke(null, "ROOT")
),
testOptions in Test ++= Seq(Tests.Filter(s => !isIntegrationTest(s))),
testOptions in IntegrationTest := Seq(Tests.Filter(s => isIntegrationTest(s))),

// ES client attempts to set the number of processors that Netty should use.
// However, we've already initialized Netty elsewhere (mockserver, I assume),
// so the call fails. Tell ES to skip attempting to set this value.
javaOptions in Test += "-Des.set.netty.runtime.available.processors=false",

fork in Test := true,
parallelExecution in Test := false
)

Expand Down

0 comments on commit cdfcb10

Please sign in to comment.