From 8cf131535361912d50cfa39866bdfc01b9e765c5 Mon Sep 17 00:00:00 2001 From: Aaron Steinfeld Date: Mon, 27 Dec 2021 10:53:40 -0500 Subject: [PATCH] feat: upgrade jackson, grpc, constrain vulns and use bom --- grpc-client-rx-utils/build.gradle.kts | 19 +++++++---------- grpc-client-utils/build.gradle.kts | 25 +++++++++------------- grpc-context-utils/build.gradle.kts | 30 ++++++++++++++++----------- grpc-server-rx-utils/build.gradle.kts | 26 ++++++++--------------- grpc-server-utils/build.gradle.kts | 15 +++++++------- 5 files changed, 52 insertions(+), 63 deletions(-) diff --git a/grpc-client-rx-utils/build.gradle.kts b/grpc-client-rx-utils/build.gradle.kts index 42f082c..6ddbf2c 100644 --- a/grpc-client-rx-utils/build.gradle.kts +++ b/grpc-client-rx-utils/build.gradle.kts @@ -6,20 +6,15 @@ plugins { } dependencies { - api("io.reactivex.rxjava3:rxjava:3.0.6") - api("io.grpc:grpc-stub:1.42.0") + api(platform("io.grpc:grpc-bom:1.43.1")) + api("io.reactivex.rxjava3:rxjava:3.1.3") + api("io.grpc:grpc-stub") api(project(":grpc-context-utils")) - implementation("io.grpc:grpc-context:1.42.0") + implementation("io.grpc:grpc-context") - constraints { - implementation("com.google.code.gson:gson:2.8.9") { - because("https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327") - } - } - - testImplementation("org.junit.jupiter:junit-jupiter:5.7.0") - testImplementation("org.mockito:mockito-core:3.12.1") - testImplementation("org.mockito:mockito-junit-jupiter:3.12.1") + testImplementation("org.junit.jupiter:junit-jupiter:5.8.2") + testImplementation("org.mockito:mockito-core:4.2.0") + testImplementation("org.mockito:mockito-junit-jupiter:4.2.0") } tasks.test { diff --git a/grpc-client-utils/build.gradle.kts b/grpc-client-utils/build.gradle.kts index fa92c68..c3e7f18 100644 --- a/grpc-client-utils/build.gradle.kts +++ b/grpc-client-utils/build.gradle.kts @@ -6,25 +6,20 @@ plugins { } dependencies { - api("io.grpc:grpc-context:1.42.0") - api("io.grpc:grpc-api:1.42.0") + api(platform("io.grpc:grpc-bom:1.43.1")) + api("io.grpc:grpc-context") + api("io.grpc:grpc-api") implementation(project(":grpc-context-utils")) - implementation("org.slf4j:slf4j-api:1.7.30") + implementation("org.slf4j:slf4j-api:1.7.32") - annotationProcessor("org.projectlombok:lombok:1.18.18") - compileOnly("org.projectlombok:lombok:1.18.18") + annotationProcessor("org.projectlombok:lombok:1.18.22") + compileOnly("org.projectlombok:lombok:1.18.22") - constraints { - implementation("com.google.code.gson:gson:2.8.9") { - because("https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327") - } - } - - testImplementation("org.junit.jupiter:junit-jupiter:5.7.0") - testImplementation("org.mockito:mockito-core:3.12.1") - testImplementation("org.mockito:mockito-inline:3.12.1") - testRuntimeOnly("io.grpc:grpc-netty:1.42.0") + testImplementation("org.junit.jupiter:junit-jupiter:5.8.2") + testImplementation("org.mockito:mockito-core:4.2.0") + testImplementation("org.mockito:mockito-inline:4.2.0") + testRuntimeOnly("io.grpc:grpc-netty") } tasks.test { diff --git a/grpc-context-utils/build.gradle.kts b/grpc-context-utils/build.gradle.kts index bcda318..e039858 100644 --- a/grpc-context-utils/build.gradle.kts +++ b/grpc-context-utils/build.gradle.kts @@ -10,23 +10,29 @@ tasks.test { } dependencies { - // grpc - implementation("io.grpc:grpc-core:1.42.0") + api(platform("io.grpc:grpc-bom:1.43.1")) + implementation("io.grpc:grpc-core") - implementation("com.auth0:java-jwt:3.14.0") - implementation("com.auth0:jwks-rsa:0.17.0") - implementation("com.google.guava:guava:30.1-jre") - - // Logging - implementation("org.slf4j:slf4j-api:1.7.30") - // End Logging + implementation("com.auth0:java-jwt:3.18.2") + implementation("com.auth0:jwks-rsa:0.20.0") + implementation("com.google.guava:guava:31.0.1-jre") + implementation("org.slf4j:slf4j-api:1.7.32") constraints { - implementation("com.google.code.gson:gson:2.8.9") { + api("com.fasterxml.jackson.core:jackson-databind:2.13.1") { + because("https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-232") + } + api("io.netty:netty-codec-http2:4.1.68.Final") { + because("Multiple vulnerabilities") + } + api("io.netty:netty-handler-proxy:4.1.71.Final"){ + because("Multiple vulnerabilities") + } + api("com.google.code.gson:gson:2.8.9"){ because("https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327") } } - testImplementation("org.junit.jupiter:junit-jupiter:5.7.0") - testImplementation("org.mockito:mockito-core:3.12.1") + testImplementation("org.junit.jupiter:junit-jupiter:5.8.2") + testImplementation("org.mockito:mockito-core:4.2.0") } diff --git a/grpc-server-rx-utils/build.gradle.kts b/grpc-server-rx-utils/build.gradle.kts index b953614..ea8468b 100644 --- a/grpc-server-rx-utils/build.gradle.kts +++ b/grpc-server-rx-utils/build.gradle.kts @@ -6,26 +6,18 @@ plugins { } dependencies { - api("io.reactivex.rxjava3:rxjava:3.0.6") - api("io.grpc:grpc-stub:1.42.0") + api(platform("io.grpc:grpc-bom:1.43.1")) + api("io.reactivex.rxjava3:rxjava:3.1.3") + api("io.grpc:grpc-stub") - annotationProcessor("org.projectlombok:lombok:1.18.18") - compileOnly("org.projectlombok:lombok:1.18.18") + annotationProcessor("org.projectlombok:lombok:1.18.22") + compileOnly("org.projectlombok:lombok:1.18.22") - implementation("org.slf4j:slf4j-api:1.7.30") - - constraints { - implementation("com.google.guava:guava:30.1-jre") { - because("https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415") - } - implementation("com.google.code.gson:gson:2.8.9") { - because("https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327") - } + implementation("org.slf4j:slf4j-api:1.7.32") - } - testImplementation("org.junit.jupiter:junit-jupiter:5.7.0") - testImplementation("org.mockito:mockito-core:3.12.1") - testImplementation("org.mockito:mockito-junit-jupiter:3.12.1") + testImplementation("org.junit.jupiter:junit-jupiter:5.8.2") + testImplementation("org.mockito:mockito-core:4.2.0") + testImplementation("org.mockito:mockito-junit-jupiter:4.2.0") } tasks.test { diff --git a/grpc-server-utils/build.gradle.kts b/grpc-server-utils/build.gradle.kts index 2ba12e4..dbf39fe 100644 --- a/grpc-server-utils/build.gradle.kts +++ b/grpc-server-utils/build.gradle.kts @@ -10,15 +10,16 @@ tasks.test { } dependencies { - api("io.grpc:grpc-context:1.42.0") - api("io.grpc:grpc-api:1.42.0") + api(platform("io.grpc:grpc-bom:1.43.1")) + api("io.grpc:grpc-context") + api("io.grpc:grpc-api") implementation(project(":grpc-context-utils")) - implementation("org.slf4j:slf4j-api:1.7.30") + implementation("org.slf4j:slf4j-api:1.7.32") - annotationProcessor("org.projectlombok:lombok:1.18.20") - compileOnly("org.projectlombok:lombok:1.18.20") + annotationProcessor("org.projectlombok:lombok:1.18.22") + compileOnly("org.projectlombok:lombok:1.18.22") - testImplementation("org.junit.jupiter:junit-jupiter:5.7.0") - testImplementation("org.mockito:mockito-core:3.12.1") + testImplementation("org.junit.jupiter:junit-jupiter:5.8.2") + testImplementation("org.mockito:mockito-core:4.2.0") }