Fixed snyk test

RADAR-base · Jul 3, 2023 · a5cf68c · a5cf68c
1 parent b1ddf90
commit a5cf68c
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 5 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
+    - '*':
+        reason: Not using createTempDir in Kotlin
+        expires: 2024-12-02T10:06:59.964Z
+        created: 2023-07-03T10:06:59.968Z
+patch: {}
diff --git a/buildSrc/src/main/kotlin/Versions.kt b/buildSrc/src/main/kotlin/Versions.kt
@@ -11,6 +11,8 @@ object Versions {
     const val slf4j = "2.0.7"
     const val confluent = "7.4.0"
     const val kafka = "7.4.0-ce"
+    const val snappy = "1.1.10.1"
+    const val guava = "32.1.1-jre"
     const val avro = "1.11.1"
     const val jackson = "2.15.2"
     const val okhttp = "4.11.0"

diff --git a/...ons-gradle/src/main/kotlin/org/radarbase/gradle/plugin/RadarDependencyManagementPlugin.kt b/...ons-gradle/src/main/kotlin/org/radarbase/gradle/plugin/RadarDependencyManagementPlugin.kt
@@ -22,7 +22,7 @@ interface RadarDependencyManagementExtension {
 class RadarDependencyManagementPlugin : Plugin<Project> {
     override fun apply(project: Project): Unit = with(project) {
         val extension = extensions.create<RadarDependencyManagementExtension>("radarDependencies").apply {
-            regex.convention("(^[0-9,.v-]+(-r)?|RELEASE|FINAL|GA|-CE)$")
+            regex.convention("(^[0-9,.v-]+(-r)?|RELEASE|FINAL|GA|-CE|-JRE|-ANDROID)$")
             rejectMajorVersionUpdates.convention(false)
         }
 

diff --git a/radar-commons-server/build.gradle.kts b/radar-commons-server/build.gradle.kts
@@ -32,7 +32,13 @@ dependencies {
 
     api("org.apache.avro:avro:${Versions.avro}")
 
-    implementation("org.apache.kafka:kafka-clients:${Versions.kafka}")
+    implementation("org.apache.kafka:kafka-clients:${Versions.kafka}") {
+        runtimeOnly("org.xerial.snappy:snappy-java") {
+            version {
+                strictly(Versions.snappy)
+            }
+        }
+    }
 
     testImplementation("org.mockito:mockito-core:${Versions.mockito}")
     // Direct producer uses KafkaAvroSerializer if initialized

diff --git a/radar-commons-testing/build.gradle.kts b/radar-commons-testing/build.gradle.kts
@@ -47,8 +47,17 @@ dependencies {
     implementation(platform("com.fasterxml.jackson:jackson-bom:${Versions.jackson}"))
     implementation("com.fasterxml.jackson.core:jackson-databind")
 
-    implementation("org.apache.kafka:kafka-clients:${Versions.kafka}")
-    implementation("io.confluent:kafka-avro-serializer:${Versions.confluent}")
+    implementation("org.apache.kafka:kafka-clients:${Versions.kafka}") {
+        runtimeOnly("org.xerial.snappy:snappy-java") {
+            version {
+                strictly(Versions.snappy)
+            }
+        }
+    }
+
+    implementation("io.confluent:kafka-avro-serializer:${Versions.confluent}") {
+        runtimeOnly("com.google.guava:guava:${Versions.guava}")
+    }
 
     implementation(platform("io.ktor:ktor-bom:${Versions.ktor}"))
     implementation("io.ktor:ktor-serialization-kotlinx-json")

diff --git a/radar-commons/build.gradle.kts b/radar-commons/build.gradle.kts
@@ -15,7 +15,9 @@ repositories {
 
 // In this section you declare the dependencies for your production and test code
 dependencies {
-    api("org.apache.avro:avro:${Versions.avro}")
+    api("org.apache.avro:avro:${Versions.avro}") {
+        runtimeOnly("com.fasterxml.jackson.core:jackson-databind:${Versions.jackson}")
+    }
     api(kotlin("reflect"))
 
     implementation(project(":radar-commons-kotlin"))