From 4a4c44ee5a682ac398a4421fd06d1abbf8db6176 Mon Sep 17 00:00:00 2001 From: Jochen Just Date: Thu, 23 Mar 2023 17:19:10 +0100 Subject: [PATCH] Upgrades various dependencies * Centralizes all versions in gradle.properties * add guava as a direct dependency as it is used in the source code * uses version of Spring boot where ever possible --- build.gradle | 67 +++++++++---------- gradle.properties | 56 +++++++++++----- .../internal/metrics/MetricAdapter.java | 6 +- .../ExporterIntTestBaseWithOtelCollector.java | 10 +-- .../metrics/BeaconMetricManagerTest.java | 3 +- 5 files changed, 81 insertions(+), 61 deletions(-) diff --git a/build.gradle b/build.gradle index 0e971c4..7ff368b 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,9 @@ plugins { - id "org.springframework.boot" version "${springboot_version}" - id "com.palantir.docker" version "0.21.0" - id "org.cyclonedx.bom" version "1.7.2" + id "org.springframework.boot" version "${springBootVersion}" + id "com.palantir.docker" version "${palantirDockerVersion}" + id "org.cyclonedx.bom" version "${cyclonedxBomVersion}" + id "io.spring.dependency-management" version "${springDependencyManangementVersion}" + id "org.owasp.dependencycheck" version "${owaspDependencyCheckVersion}" } repositories { @@ -9,7 +11,6 @@ repositories { } apply plugin: "java" -apply plugin: "io.spring.dependency-management" apply plugin: "jacoco" group = "rocks.inspectit.ocelot" @@ -113,6 +114,8 @@ dependencies { "org.springframework.boot:spring-boot-starter-validation", "org.springframework.boot:spring-boot-starter-security", + "org.yaml:snakeyaml:${snakeYamlVersion}", + // pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total" // see: https://github.com/prometheus/client_java/issues/640, https://github.com/prometheus/client_java/pull/653 "io.prometheus:simpleclient:${prometheusClientVersion}", @@ -123,62 +126,58 @@ dependencies { "io.opencensus:opencensus-impl:${openCensusVersion}", "io.opencensus:opencensus-exporter-stats-prometheus:${openCensusVersion}", - "io.grpc:grpc-netty-shaded:1.36.1", - "io.grpc:grpc-protobuf:1.36.1", - "io.grpc:grpc-stub:1.36.1", + "io.grpc:grpc-netty-shaded:${grpcVersion}", + "io.grpc:grpc-protobuf:${grpcVersion}", + "io.grpc:grpc-stub:${grpcVersion}", platform("io.opentelemetry:opentelemetry-bom-alpha:${openTelemetryAlphaVersion}"), - "io.opentelemetry:opentelemetry-proto", "io.opentelemetry:opentelemetry-semconv", platform("io.opentelemetry:opentelemetry-bom:${openTelemetryVersion}"), "io.opentelemetry:opentelemetry-exporter-otlp", "io.opentelemetry:opentelemetry-exporter-jaeger", "io.opentelemetry:opentelemetry-exporter-jaeger-thrift", "io.opentelemetry:opentelemetry-sdk", + "io.opentelemetry:opentelemetry-proto:${openTelemetryProtoVersion}", - "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.12.5", + "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", - "com.google.protobuf:protobuf-java:3.15.7", - "com.google.protobuf:protobuf-java-util:3.15.7", + "com.google.protobuf:protobuf-java:${protobufVersion}", + "com.google.protobuf:protobuf-java-util:${protobufVersion}", - "com.maxmind.geoip2:geoip2:2.12.0", - "commons-net:commons-net:3.3", - "org.apache.commons:commons-lang3:3.+", - "org.apache.commons:commons-math3:3.6.1", - "commons-io:commons-io:2.11.0", - "org.influxdb:influxdb-java:2.15", - "rocks.inspectit:opencensus-influxdb-exporter:1.2", + "com.google.guava:guava:${guavaVersion}", + "com.maxmind.geoip2:geoip2:${geoip2Version}", + "commons-net:commons-net:${commonsNetVersion}", + "org.apache.commons:commons-lang3", + "org.apache.commons:commons-math3:${commonsMath3Version}", + "commons-io:commons-io:${commonsIoVersion}", + "org.influxdb:influxdb-java:${influxdbJavaVersion}", + "rocks.inspectit:opencensus-influxdb-exporter:${opencensusInfluxdbExporterVersion}", ) compileOnly "org.projectlombok:lombok:${lombokVersion}" annotationProcessor "org.projectlombok:lombok:${lombokVersion}" testImplementation( - //project(":inspectit-ocelot-config"), "org.springframework.boot:spring-boot-starter-test", "io.opencensus:opencensus-impl:${openCensusVersion}", - "org.apache.httpcomponents:httpclient:4.5.6", - "commons-io:commons-io:2.11.0", - "org.mockito:mockito-core:${mockitoVersion}", - "org.junit.jupiter:junit-jupiter-api:5.7.2", - "org.awaitility:awaitility:3.1.5", - "org.mockito:mockito-junit-jupiter:2.23.0", - "org.testcontainers:testcontainers:1.15.2", - "org.testcontainers:junit-jupiter:1.15.2", + "org.apache.httpcomponents:httpclient", + "org.mockito:mockito-core", + "org.junit.jupiter:junit-jupiter-api", + "org.awaitility:awaitility", + "org.mockito:mockito-junit-jupiter", // ServerExtension - "com.linecorp.armeria:armeria-junit5:1.14.1", - "com.linecorp.armeria:armeria-grpc-protocol:1.14.1", + "com.linecorp.armeria:armeria-junit5:${armeriaVersion}", + "com.linecorp.armeria:armeria-grpc-protocol:${armeriaVersion}", - "io.opentelemetry:opentelemetry-semconv:1.20.0-alpha", + "io.opentelemetry:opentelemetry-semconv:${openTelemetryAlphaVersion}", // for docker test containers - "org.testcontainers:testcontainers:1.16.3", - "org.testcontainers:junit-jupiter:1.16.3", - + "org.testcontainers:testcontainers:${testContainersVersion}", + "org.testcontainers:junit-jupiter:${testContainersVersion}" ) - testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:5.7.2" + testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" } task copyServerJar(type: Copy) { diff --git a/gradle.properties b/gradle.properties index 0eb1515..e85a863 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,25 +1,45 @@ # The boomerang version to ship with the EUM server boomerangVersion=1.737.0 - # The open-telemetry-boomerang version to ship with the EUM server -boomerangOpenTelemetryPluginVersion=0.25.0-5 - -# cannot use higher version due to a conflict with swagger2 and spring boot 2.6 - see https://stackoverflow.com/a/70503395/2478009 -springboot_version=2.5.6 - -# overrides the default logback version used by spring boot -logback.version=1.2.10 - - +boomerangOpenTelemetryPluginVersion=0.25.0-6 +# 2.7 is the latest release line which runs on Java 8 +springBootVersion=2.7.10 +# We do not really use snakeyaml directly. We overwrite the version of +# spring due to a security report +# For 1.33 CVE-2022-1471 is still identified. Since EUM-Server +# does not read yaml from untrusted sources, it is not affected. +# We cannot use 2.0 because EUM-Server actually parses a YAML file via Jackson. +# Jackson uses SnakeYaml and cannot deal with version 2.0 +snakeYamlVersion=1.33 # Ensure to adapt the netty version (inspectit-ocelot-core/build.gradle) when changing the OpenCensus version -openCensusVersion=0.28.3 - +openCensusVersion=0.31.1 # pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total" # see: https://github.com/prometheus/client_java/issues/640, https://github.com/prometheus/client_java/pull/653 prometheusClientVersion = 0.6.0 - -mockitoVersion=4.1.0 -lombokVersion=1.18.22 - -openTelemetryVersion=1.20.0 -openTelemetryAlphaVersion=1.1.0-alpha \ No newline at end of file +lombokVersion=1.18.26 +openTelemetryVersion=1.24.0 +openTelemetryAlphaVersion=1.24.0-alpha +openTelemetryProtoVersion=1.7.1-alpha +grpcVersion=1.53.0 +protobufVersion=3.22.2 +guavaVersion=31.1-jre +# there are newer version, but they are not compatible with Java 8 +geoip2Version=2.16.1 +commonsNetVersion=3.9.0 +commonsMath3Version=3.6.1 +commonsIoVersion=2.11.0 +influxdbJavaVersion=2.23 +opencensusInfluxdbExporterVersion=1.2 +armeriaVersion=1.22.1 +testContainersVersion=1.17.6 + +### gradle plugin versions +### Check for newer version at https://plugins.gradle.org/ +# io.spring.dependency-management +springDependencyManangementVersion=1.1.0 +# org.owasp.dependencycheck +owaspDependencyCheckVersion=8.0.2 +# org.cyclonedx.bom +cyclonedxBomVersion=1.7.3 +# com.palantir.docker +palantirDockerVersion=0.34.0 diff --git a/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java b/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java index 6d12946..360ca9e 100644 --- a/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java +++ b/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java @@ -237,8 +237,10 @@ static Collection convertHistogramPoints(Metric censusMetric endTimestamp, attributes, distribution.getSum(), - null, - null, + false, + -1, + false, + -1, mapBoundaries(distribution.getBucketOptions()), mapCounts(distribution.getBuckets()), mapExemplars(distribution.getBuckets())), diff --git a/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java b/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java index ccb7f71..23212b6 100644 --- a/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java +++ b/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java @@ -211,9 +211,9 @@ protected void awaitMetricsExported(String metricName, double value, ViewDefinit .getMetricsList() .stream() .filter(metric -> metric.getName().equalsIgnoreCase(metricName)) - .anyMatch(metric -> (aggregation == ViewDefinitionSettings.Aggregation.LAST_VALUE ? metric.getDoubleGauge() - .getDataPointsList() : metric.getDoubleSum() - .getDataPointsList()).stream().anyMatch(d -> d.getValue() == value))))); + .anyMatch(metric -> (aggregation == ViewDefinitionSettings.Aggregation.LAST_VALUE ? metric.getGauge() + .getDataPointsList() : metric.getSum() + .getDataPointsList()).stream().anyMatch(d -> d.getAsDouble() == value))))); } /** @@ -230,10 +230,10 @@ protected void assertMetric(double value, boolean expected) { .stream() .anyMatch(iml -> iml.getMetricsList() .stream() - .anyMatch(metric -> metric.getDoubleSum() + .anyMatch(metric -> metric.getSum() .getDataPointsList() .stream() - .anyMatch(d -> expected ? d.getValue() == value : d.getValue() != value)))))); + .anyMatch(d -> expected ? d.getAsDouble() == value : d.getAsDouble() != value)))))).isTrue(); } /** diff --git a/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java b/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java index b047b46..6c39857 100644 --- a/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java +++ b/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java @@ -1,6 +1,5 @@ package rocks.inspectit.oce.eum.server.metrics; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import io.opencensus.stats.StatsRecorder; import io.opencensus.stats.ViewManager; @@ -47,7 +46,7 @@ public class BeaconMetricManagerTest { ViewManager viewManager; @Spy - List beaconRecorders = ImmutableList.of(mock(BeaconRecorder.class)); + List beaconRecorders = new ArrayList<>(Arrays.asList(mock(BeaconRecorder.class))); private final Set registeredTags = new HashSet<>(Arrays.asList("first", "second", "third"));