Skip to content

Commit

Permalink
Allow gradle to automatically resolve common capability conflicts
Browse files Browse the repository at this point in the history
  • Loading branch information
ben-manes committed May 18, 2024
1 parent 7d795d3 commit 27b456b
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 19 deletions.
4 changes: 2 additions & 2 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Reporting Security Issues

If you discover a security issue, please use GitHub's mechanism for [privately reporting a vulnerability].
Under the main repository's [security tab], click "Report a vulnerability" to open the advisory form.
If you discover a security issue, please use GitHub's mechanism for [privately reporting a vulnerability][].
Under the main repository's [security tab][], click "Report a vulnerability" to open the advisory form.

Thanks for helping make everyone safer.

Expand Down
8 changes: 4 additions & 4 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ jsoup = "1.17.2"
junit-testng = "1.0.5"
junit4 = "4.13.2"
junit5 = "5.11.0-M2"
jvm-dependency-conflict-resolution = "2.0"
kotlin = "1.9.24"
lincheck = "2.29"
mockito = "5.12.0"
Expand Down Expand Up @@ -105,7 +106,6 @@ auto-value-processor = { module = "com.google.auto.value:auto-value", version.re
awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" }
bcel = { module = "org.apache.bcel:bcel", version.ref = "bcel" }
bnd = { module = "biz.aQute.bnd:biz.aQute.bnd.gradle", version.ref = "bnd" }
bouncycastle-jdk15on = { module = "org.bouncycastle:bcprov-jdk15on", version.ref = "bouncycastle-jdk15on" }
bouncycastle-jdk18on = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "bouncycastle-jdk18on" }
cache2k = { module = "org.cache2k:cache2k-core", version.ref = "cache2k" }
caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "caffeine" }
Expand Down Expand Up @@ -177,6 +177,7 @@ junit5-bom = { module = "org.junit:junit-bom", version.ref = "junit5" }
junit5-launcher = { module = "org.junit.platform:junit-platform-launcher" }
junit5-testng = { module = "org.junit.support:testng-engine", version.ref = "junit-testng" }
junit5-vintage = { module = "org.junit.vintage:junit-vintage-engine", version.ref = "junit5" }
jvm-dependency-conflict-resolution = { module = "org.gradlex:jvm-dependency-conflict-resolution", version.ref = "jvm-dependency-conflict-resolution" }
kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "kotlin" }
lincheck = { module = "org.jetbrains.kotlinx:lincheck-jvm", version.ref = "lincheck" }
mockito = { module = "org.mockito:mockito-core", version.ref = "mockito" }
Expand Down Expand Up @@ -219,9 +220,8 @@ zstd = { module = "com.github.luben:zstd-jni", version.ref = "zstd" }

[bundles]
coherence = ["coherence-core", "json-bind"]
constraints = ["bcel", "bouncycastle-jdk15on", "bouncycastle-jdk18on", "commons-compress",
"commons-text", "h2", "httpclient", "guava", "jcommander", "jgit", "jsoup", "protobuf",
"snakeyaml" ]
constraints = ["bcel", "bouncycastle-jdk18on", "commons-compress", "commons-text", "h2",
"httpclient", "guava", "jcommander", "jgit", "jsoup", "protobuf", "snakeyaml" ]
errorprone-support = [ "errorprone-support", "errorprone-support-refaster" ]
jmh = ["jmh-core", "jmh-plugin", "jmh-report"]
junit = ["junit4", "junit5"]
Expand Down
1 change: 1 addition & 0 deletions gradle/plugins/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ dependencies {
implementation(libs.dependency.check)

Check warning on line 32 in gradle/plugins/build.gradle.kts

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Vulnerable declared dependency

Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2 * [Cx78f40514-81ff](https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff?utm_source=jetbrains&utm_medium=referral) 7.5 Uncontrolled Recursion vulnerability with High severity found Results powered by [Checkmarx](https://checkmarx.com)(c)
implementation(libs.errorprone.plugin)
implementation(libs.dependency.versions)
implementation(libs.jvm.dependency.conflict.resolution)
implementation(libs.coveralls) {
exclude(group = "net.sourceforge.nekohtml", module = "nekohtml")
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ plugins {
idea
`jvm-ecosystem`
id("eclipse-caffeine-conventions")
id("org.gradlex.jvm-dependency-conflict-resolution")
}

dependencies {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,6 @@ plugins {
`java-library`
}

configurations.configureEach {
resolutionStrategy.dependencySubstitution {
substitute(module("org.hamcrest:hamcrest-core")).using(module(libs.hamcrest.get().toString()))
}
}

dependencies {
testImplementation(libs.guava)
testImplementation(libs.guice)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,6 @@ plugins {

val checkstyleConfig: Configuration by configurations.creating

configurations.checkstyle.configure {
resolutionStrategy.dependencySubstitution {
substitute(module("com.google.collections:google-collections"))
.using(module(libs.guava.asProvider().get().toString()))
}
}

dependencies {
checkstyleConfig(libs.checkstyle) {
isTransitive = false
Expand Down

0 comments on commit 27b456b

Please sign in to comment.