diff options
Diffstat (limited to 'build.gradle')
| -rw-r--r-- | build.gradle | 193 |
1 files changed, 100 insertions, 93 deletions
diff --git a/build.gradle b/build.gradle index cf1fe8f389c..ef9e1131ca1 100644 --- a/build.gradle +++ b/build.gradle @@ -13,8 +13,8 @@ plugins { id 'com.jfrog.artifactory' version '5.2.5' id "de.undercouch.download" version "5.6.0" apply false id 'io.spring.dependency-management' version '1.1.7' - id "org.cyclonedx.bom" version "2.2.0" apply false - id 'org.sonarqube' version '6.0.1.5171' + id "org.cyclonedx.bom" version "2.3.1" apply false + id 'org.sonarqube' version '6.2.0.5505' } if (!JavaVersion.current().isCompatibleWith(VERSION_17)) { @@ -39,6 +39,11 @@ allprojects { apply plugin: 'com.jfrog.artifactory' apply plugin: 'maven-publish' + // Global exclusion of eddsa dependency + configurations.all { + exclude group: 'net.i2p.crypto', module: 'eddsa' + } + ext.versionInSources = version ext.buildNumber = System.getProperty("buildNumber") // when no buildNumber is provided, then project version must end with '-SNAPSHOT' @@ -229,8 +234,8 @@ subprojects { } ext { - protobufVersion = '4.30.1' - springSecurityVersion = '6.4.4' + protobufVersion = '4.31.1' + springSecurityVersion = '6.5.1' elasticSearchClientVersion = '7.17.28' } @@ -269,10 +274,13 @@ subprojects { transitive = false } - // global exclusions + // global exclusions and resolution strategies all { // do not conflict with com.sun.mail:javax.mail exclude group: 'javax.mail', module: 'mail' + resolutionStrategy { + force 'net.java.dev.jna:jna:5.14.0' + } } } @@ -281,58 +289,63 @@ subprojects { dependencies { // bundled plugin list -- keep it alphabetically ordered dependency 'com.sonarsource.abap:sonar-abap-plugin:3.15.1.6010' + dependency 'com.sonarsource.armor:sonar-jasmin-plugin:1.3.0.6541' dependency 'com.sonarsource.cobol:sonar-cobol-plugin:5.8.1.8428' - dependency 'com.sonarsource.cpp:sonar-cfamily-dependencies-plugin:6.65.0.81949' - dependency 'com.sonarsource.cpp:sonar-cfamily-plugin:6.65.0.81949' - dependency 'com.sonarsource.dart:sonar-dart-plugin:1.1.0.2133' - dependency 'com.sonarsource.dbd:sonar-dbd-plugin:1.36.1.13250' - dependency 'com.sonarsource.dbd:sonar-dbd-java-frontend-plugin:1.36.1.13250' - dependency 'com.sonarsource.dbd:sonar-dbd-python-frontend-plugin:1.36.1.13250' - dependency 'com.sonarsource.dotnet:sonar-csharp-enterprise-plugin:10.7.0.110445' - dependency 'com.sonarsource.dotnet:sonar-vbnet-enterprise-plugin:10.7.0.110445' - dependency 'com.sonarsource.go:sonar-go-enterprise-plugin:1.21.1.1670' + dependency 'com.sonarsource.cpp:sonar-cfamily-dependencies-plugin:6.70.0.87073' + dependency 'com.sonarsource.cpp:sonar-cfamily-plugin:6.70.0.87073' + dependency 'com.sonarsource.dart:sonar-dart-plugin:1.3.0.2614' + dependency 'com.sonarsource.dbd:sonar-dbd-plugin:2.2.0.16530' + dependency 'com.sonarsource.dbd:sonar-dbd-java-frontend-plugin:2.2.0.16530' + dependency 'com.sonarsource.dbd:sonar-dbd-python-frontend-plugin:2.2.0.16530' + dependency 'com.sonarsource.dotnet:sonar-csharp-enterprise-plugin:10.15.0.120848' + dependency 'com.sonarsource.dotnet:sonar-vbnet-enterprise-plugin:10.15.0.120848' + dependency 'com.sonarsource.go:sonar-go-enterprise-plugin:1.26.0.3421' dependency 'com.sonarsource.pli:sonar-pli-plugin:1.16.0.5325' - dependency 'com.sonarsource.plsql:sonar-plsql-plugin:3.15.0.7123' - dependency 'com.sonarsource.plugins.vb:sonar-vb-plugin:2.14.0.5475' + dependency 'com.sonarsource.plsql:sonar-plsql-plugin:3.17.0.7448' + dependency 'com.sonarsource.plugins.vb:sonar-vb-plugin:2.14.1.5552' dependency 'com.sonarsource.rpg:sonar-rpg-plugin:3.10.0.5337' - dependency 'com.sonarsource.security:sonar-security-csharp-frontend-plugin:11.1.0.35630' - dependency 'com.sonarsource.security:sonar-security-java-frontend-plugin:11.1.0.35630' - dependency 'com.sonarsource.security:sonar-security-php-frontend-plugin:11.1.0.35630' - dependency 'com.sonarsource.security:sonar-security-plugin:11.1.0.35630' - dependency 'com.sonarsource.security:sonar-security-python-frontend-plugin:11.1.0.35630' - dependency 'com.sonarsource.security:sonar-security-js-frontend-plugin:11.1.0.35630' - dependency 'com.sonarsource.slang:sonar-apex-plugin:1.18.0.198' - dependency 'org.sonarsource.slang:sonar-ruby-plugin:1.18.0.234' - dependency 'org.sonarsource.slang:sonar-scala-plugin:1.18.0.266' - dependency 'com.sonarsource.swift:sonar-swift-plugin:4.13.1.8101' - dependency 'com.sonarsource.tsql:sonar-tsql-plugin:1.14.0.7614' - dependency 'org.sonarsource.dotnet:sonar-csharp-plugin:10.7.0.110445' - dependency 'org.sonarsource.dotnet:sonar-vbnet-plugin:10.7.0.110445' + dependency 'com.sonarsource.security:sonar-security-csharp-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-go-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-java-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-js-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-kotlin-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-php-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-python-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.security:sonar-security-vbnet-frontend-plugin:11.6.0.39346' + dependency 'com.sonarsource.slang:sonar-apex-plugin:1.20.0.552' + dependency 'org.sonarsource.slang:sonar-ruby-plugin:1.19.0.471' + dependency 'org.sonarsource.slang:sonar-scala-plugin:1.19.0.484' + dependency 'com.sonarsource.swift:sonar-swift-plugin:4.14.0.8764' + dependency 'com.sonarsource.tsql:sonar-tsql-plugin:1.15.0.7898' + dependency 'org.sonarsource.dotnet:sonar-csharp-plugin:10.15.0.120848' + dependency 'org.sonarsource.dotnet:sonar-vbnet-plugin:10.15.0.120848' dependency 'org.sonarsource.flex:sonar-flex-plugin:2.14.0.5032' - dependency 'org.sonarsource.go:sonar-go-plugin:1.21.1.1670' + dependency 'org.sonarsource.go:sonar-go-plugin:1.26.0.3421' dependency 'org.sonarsource.html:sonar-html-plugin:3.19.0.5695' dependency 'org.sonarsource.jacoco:sonar-jacoco-plugin:1.3.0.1538' - dependency 'org.sonarsource.java:sonar-java-plugin:8.11.0.38440' - dependency 'org.sonarsource.java:sonar-java-symbolic-execution-plugin:8.11.0.38440' - dependency 'org.sonarsource.javascript:sonar-javascript-plugin:10.21.1.30825' - dependency 'org.sonarsource.php:sonar-php-plugin:3.45.0.12991' + dependency 'org.sonarsource.java:sonar-java-plugin:8.18.0.40025' + dependency 'org.sonarsource.java:sonar-java-symbolic-execution-plugin:8.16.0.131' + dependency 'org.sonarsource.javascript:sonar-javascript-plugin:10.25.0.33900' + dependency 'org.sonarsource.php:sonar-php-plugin:3.48.0.13483' dependency 'org.sonarsource.plugins.cayc:sonar-cayc-plugin:2.4.0.2018' - dependency 'org.sonarsource.python:sonar-python-plugin:5.2.0.20808' - dependency 'com.sonarsource.python:sonar-python-enterprise-plugin:5.2.0.20808' - dependency 'org.sonarsource.kotlin:sonar-kotlin-plugin:3.0.1.6889' + dependency 'org.sonarsource.python:sonar-python-plugin:5.7.0.24163' + dependency 'org.sonarsource.rust:sonar-rust-plugin:1.0.3.786' + dependency 'com.sonarsource.python:sonar-python-enterprise-plugin:5.7.0.24163' + dependency 'org.sonarsource.kotlin:sonar-kotlin-plugin:3.3.0.7402' dependency "org.sonarsource.api.plugin:sonar-plugin-api:$pluginApiVersion" dependency "org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures:$pluginApiVersion" - dependency 'org.sonarsource.xml:sonar-xml-plugin:2.12.0.5749' - dependency 'org.sonarsource.iac:sonar-iac-plugin:1.44.0.14670' - dependency 'com.sonarsource.iac:sonar-iac-enterprise-plugin:1.44.0.14670' - dependency 'org.sonarsource.text:sonar-text-plugin:2.21.1.5779' - dependency 'com.sonarsource.text:sonar-text-developer-plugin:2.21.1.5779' - dependency 'com.sonarsource.text:sonar-text-enterprise-plugin:2.21.1.5779' + dependency 'org.sonarsource.xml:sonar-xml-plugin:2.13.0.5938' + dependency 'org.sonarsource.iac:sonar-iac-plugin:1.48.0.15768' + dependency 'com.sonarsource.iac:sonar-iac-enterprise-plugin:1.48.0.15768' + dependency 'org.sonarsource.text:sonar-text-plugin:2.26.0.7517' + dependency 'com.sonarsource.text:sonar-text-developer-plugin:2.26.0.7517' + dependency 'com.sonarsource.text:sonar-text-enterprise-plugin:2.26.0.7517' dependency 'com.sonarsource.jcl:sonar-jcl-plugin:1.4.1.1493' - dependency 'com.sonarsource.architecture:sonar-architecture-plugin:1.9.0.4841' - dependency 'com.sonarsource.architecture:sonar-architecture-java-frontend-plugin:1.9.0.4841' - dependency 'com.sonarsource.architecture:sonar-architecture-javascript-frontend-plugin:1.9.0.4841' - + dependency 'com.sonarsource.architecture:sonar-architecture-plugin:2.0.0.6303' + dependency 'com.sonarsource.architecture:sonar-architecture-java-frontend-plugin:2.0.0.6303' + dependency 'com.sonarsource.architecture:sonar-architecture-javascript-frontend-plugin:2.0.0.6303' + // Webapp dependency "org.sonarsource.sonarqube:webapp-assets:$webappVersion" @@ -345,19 +358,16 @@ subprojects { // https://mvnrepository.com/artifact/ch.qos.logback.access/common dependency('ch.qos.logback.access:common:2.0.3') dependency('ch.qos.logback.access:logback-access-tomcat:2.0.6') - dependency('commons-beanutils:commons-beanutils:1.10.1') { - exclude 'commons-logging:commons-logging' - } dependency 'commons-codec:commons-codec:1.18.0' dependency 'commons-dbutils:commons-dbutils:1.8.1' - dependency 'commons-io:commons-io:2.18.0' - imports { mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.3' } + dependency 'commons-io:commons-io:2.19.0' + imports { mavenBom 'com.fasterxml.jackson:jackson-bom:2.19.0' } dependency 'com.eclipsesource.minimal-json:minimal-json:0.9.5' dependencySet(group: 'com.github.scribejava', version: '8.3.3') { entry 'scribejava-apis' entry 'scribejava-core' } - dependency('com.github.erosb:json-sKema:0.21.0') { + dependency('com.github.erosb:json-sKema:0.23.0') { // this version of json-sKema does not make use of commons-collections, so we can exclude it safely exclude 'commons-collections:commons-collections' } @@ -373,8 +383,8 @@ subprojects { dependency 'io.prometheus:simpleclient_common:0.16.0' dependency 'io.prometheus:simpleclient_servlet:0.16.0' dependency 'com.github.spotbugs:spotbugs-annotations:4.9.3' - dependency 'com.google.code.gson:gson:2.12.1' - dependency('com.google.guava:guava:33.4.5-jre') { + dependency 'com.google.code.gson:gson:2.13.1' + dependency('com.google.guava:guava:33.4.8-jre') { exclude 'com.google.errorprone:error_prone_annotations' exclude 'com.google.guava:listenablefuture' exclude 'com.google.j2objc:j2objc-annotations' @@ -383,17 +393,17 @@ subprojects { } dependency "com.google.protobuf:protobuf-java:${protobufVersion}" dependency 'com.h2database:h2:2.3.232' - dependencySet(group: 'com.hazelcast', version: '5.4.0') { + dependencySet(group: 'com.hazelcast', version: '5.5.0') { entry 'hazelcast' } // Documentation must be updated if mssql-jdbc is updated: https://github.com/SonarSource/sonarqube/commit/03e4773ebf6cba854cdcf57a600095f65f4f53e7 dependency('com.microsoft.sqlserver:mssql-jdbc:12.10.0.jre11') { exclude 'com.fasterxml.jackson.core:jackson-databind' } - dependency 'com.microsoft.azure:msal4j:1.19.1' - dependency 'com.oracle.database.jdbc:ojdbc11:23.7.0.25.01' - dependency 'com.datadoghq:dd-java-agent:1.30.1' - dependency 'org.aspectj:aspectjtools:1.9.23' + dependency 'com.microsoft.azure:msal4j:1.22.0' + dependency 'com.oracle.database.jdbc:ojdbc11:23.8.0.25.04' + dependency 'com.datadoghq:dd-java-agent:1.49.0' + dependency 'org.aspectj:aspectjtools:1.9.24' dependencySet(group: 'com.squareup.okhttp3', version: '4.12.0') { entry 'okhttp' entry 'mockwebserver' @@ -401,7 +411,7 @@ subprojects { entry 'logging-interceptor' } dependency 'commons-logging:commons-logging:1.3.5' - dependency 'org.json:json:20250107' + dependency 'org.json:json:20250517' // To be removed after migration to JUnit5 is finished dependency 'com.tngtech.java:junit-dataprovider:1.13.1' dependency 'com.tngtech.junit.dataprovider:junit-jupiter-params-dataprovider:2.10' @@ -411,28 +421,30 @@ subprojects { entry 'jjwt-jackson' } dependency 'com.auth0:java-jwt:4.5.0' - dependency 'io.netty:netty-all:4.1.119.Final' + dependency 'io.netty:netty-all:4.2.1.Final' dependency 'jakarta.mail:jakarta.mail-api:2.1.3' dependency 'jakarta.annotation:jakarta.annotation-api:3.0.0' dependency 'jakarta.inject:jakarta.inject-api:2.0.1' dependency 'jakarta.servlet:jakarta.servlet-api:6.1.0' dependency 'junit:junit:4.13.2' - dependency 'org.xmlunit:xmlunit-core:2.10.0' - dependency 'org.xmlunit:xmlunit-matchers:2.10.0' + dependencySet(group: 'org.xmlunit', version: '2.10.2') { + entry 'xmlunit-core' + entry 'xmlunit-matchers' + } dependency 'org.lz4:lz4-java:1.8.0' dependency 'org.littleshoot:littleproxy:1.1.2' dependency 'net.sf.trove4j:core:3.1.0' dependency 'org.awaitility:awaitility:4.3.0' - dependency 'org.apache.commons:commons-collections4:4.4' + dependency 'org.apache.commons:commons-collections4:4.5.0' dependency 'org.apache.commons:commons-csv:1.14.0' dependency 'org.apache.commons:commons-lang3:3.17.0' dependency 'org.apache.commons:commons-email2-jakarta:2.0.0-M1' - dependency 'org.apache.commons:commons-exec:1.4.0' - dependency 'org.apache.commons:commons-text:1.13.0' + dependency 'org.apache.commons:commons-exec:1.5.0' + dependency 'org.apache.commons:commons-text:1.13.1' dependency 'org.apache.mina:mina-core:2.2.4' dependency 'org.apache.kerby:kerb-simplekdc:2.1.0' dependency 'org.apache.kerby:ldap-backend:2.1.0' - dependency 'com.zaxxer:HikariCP:6.2.1' + dependency 'com.zaxxer:HikariCP:6.3.0' dependency('org.apache.directory.server:apacheds-server-integ:2.0.0.AM27') { exclude 'log4j:log4j' } @@ -442,7 +454,7 @@ subprojects { entry 'log4j-api' entry 'log4j-to-slf4j' } - dependencySet(group: 'org.apache.tomcat.embed', version: '10.1.39') { + dependencySet(group: 'org.apache.tomcat.embed', version: '11.0.8') { entry 'tomcat-embed-core' entry('tomcat-embed-jasper') { exclude 'org.eclipse.jdt.core.compiler:ecj' @@ -463,38 +475,29 @@ subprojects { } dependency 'org.cyclonedx:cyclonedx-core-java:10.2.1' dependency 'com.fasterxml.staxmate:staxmate:2.4.1' - dependencySet(group: 'org.eclipse.jetty', version: '11.0.25') { - entry 'jetty-proxy' - entry 'jetty-server' - entry 'jetty-servlet' - } dependency("org.elasticsearch.client:elasticsearch-rest-high-level-client:${elasticSearchClientVersion}") { exclude 'org.apache.logging.log4j:log4j-core' } dependency "org.elasticsearch.plugin:transport-netty4-client:${elasticSearchClientVersion}" dependency 'org.elasticsearch:mocksocket:1.2' - dependency 'org.eclipse.jgit:org.eclipse.jgit:7.2.0.202503040940-r' + dependency 'org.eclipse.jgit:org.eclipse.jgit:7.3.0.202506031305-r' dependency "org.codelibs.elasticsearch.module:analysis-common:7.17.22" dependency "org.codelibs.elasticsearch.module:reindex:7.17.22" - dependency('org.tmatesoft.svnkit:svnkit:1.10.11') { - exclude 'net.i2p.crypto:eddsa' - } + dependency('org.tmatesoft.svnkit:svnkit:1.10.11') dependency 'org.hamcrest:hamcrest:3.0' - dependency 'org.jsoup:jsoup:1.19.1' + dependency 'org.jsoup:jsoup:1.20.1' // JUnit 5 imports { mavenBom 'org.junit:junit-bom:5.11.4' } dependency 'org.junit-pioneer:junit-pioneer:2.3.0' - dependencySet(group: 'org.mockito', version: '5.16.1') { + dependencySet(group: 'org.mockito', version: '5.18.0') { entry 'mockito-core' entry('mockito-junit-jupiter') { exclude 'org.junit.jupiter:junit-jupiter-api' } } - dependencySet(group: 'org.spdx', version: '2.0.0-RC2') { - entry 'java-spdx-library' - entry 'spdx-jackson-store' - } - dependencySet(group: 'org.springframework', version: '6.2.5') { + dependency 'org.spdx:java-spdx-library:2.0.0' + dependency 'org.spdx:spdx-jackson-store:2.0.2' + dependencySet(group: 'org.springframework', version: '6.2.8') { entry 'spring-test' entry('spring-context') { exclude 'commons-logging:commons-logging' @@ -511,17 +514,21 @@ subprojects { entry 'log4j-over-slf4j' entry 'slf4j-api' } - dependency 'org.postgresql:postgresql:42.7.5' + dependency 'org.postgresql:postgresql:42.7.7' dependency 'org.reflections:reflections:0.10.2' dependency 'org.simpleframework:simple:5.1.6' - dependency 'org.sonarsource.git.blame:git-files-blame:1.1.0.1835' - dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit4:5.4.0.2489') { + dependency 'org.sonarsource.git.blame:git-files-blame:2.0.0.2053' + dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit4:5.6.2.2625') { exclude 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml' } - dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit5:5.4.0.2489') { + dependency('org.sonarsource.orchestrator:sonar-orchestrator-junit5:5.6.2.2625') { exclude 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml' } - dependency 'com.sonarsource.pdfreport:security-report-pdf-generation:2.0.0.184' + dependency "com.sonarsource.pdfreport:portfolio-report-pdf-generation:${pdfreportVersion}" + dependency "com.sonarsource.pdfreport:regulatory-report-pdf-generation:${pdfreportVersion}" + dependency "com.sonarsource.pdfreport:security-report-pdf-generation:${pdfreportVersion}" + dependency "com.sonarsource.pdfreport:pdf-generator-utils:${pdfreportVersion}" + dependency 'com.sonarsource.fixsuggestions:ai-suggestions-shared:1.0.0.1312' dependency 'org.sonarsource.update-center:sonar-update-center-common:1.35.0.2835' dependency 'org.sonarsource.classloader:sonar-classloader:1.1.0.1059' dependency 'org.springdoc:springdoc-openapi-starter-webmvc-api:2.8.6' @@ -531,9 +538,9 @@ subprojects { entry 'greenmail-junit5' } dependency 'org.yaml:snakeyaml:2.4' - dependency 'org.hibernate.validator:hibernate-validator:8.0.2.Final' + dependency 'org.hibernate.validator:hibernate-validator:9.0.0.Final' dependency 'org.kohsuke:github-api:1.327' - dependency 'org.wiremock:wiremock-standalone:3.12.1' + dependency 'org.wiremock:wiremock-standalone:3.13.0' dependency 'org.skyscreamer:jsonassert:1.5.3' // to be used only in sonar-ws-generator dependency("org.apache.velocity:velocity:1.7") { @@ -555,7 +562,7 @@ subprojects { develocity.testRetry { maxRetries = 3 maxFailures = 30 - failOnPassedAfterRetry = true + failOnPassedAfterRetry = System.getenv("CIRRUS_PR") != null } } } |