From f0494570576de5aa33d969fdd7fad93dee2479cc Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 18:25:32 +0000 Subject: [PATCH] fix(dependency): fix dependency version leak of google-api-services-storage from kork in front50-web (#1302) (#1384) With reference to the spinnaker issue https://github.com/spinnaker/spinnaker/issues/6866, google-api-services-storage dependency version (v1-rev20200326-1.30.9) is not forced by front50-gcs module to other front50 modules like front50-web and it is leaked by kork-secret-gcp module (v1-rev141-1.25.0) to front50 modules. ``` $ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath > Task :front50-web:dependencyInsight com.google.apis:google-api-services-storage:v1-rev141-1.25.0 Variant runtime: | Attribute Name | Provided | Requested | |--------------------------------|--------------|--------------| | org.gradle.status | release | | | org.gradle.category | library | library | | org.gradle.libraryelements | jar | jar | | org.gradle.usage | java-runtime | java-runtime | | org.gradle.dependency.bundling | | external | | org.gradle.jvm.environment | | standard-jvm | | org.gradle.jvm.version | | 11 | Selection reasons: - By constraint - Forced com.google.apis:google-api-services-storage:v1-rev141-1.25.0 +--- io.spinnaker.kork:kork-bom:7.188.0 | +--- runtimeClasspath | +--- project :front50-migrations | | \--- runtimeClasspath | +--- project :front50-azure | | \--- runtimeClasspath | +--- project :front50-gcs | | \--- runtimeClasspath | +--- project :front50-oracle | | \--- runtimeClasspath | +--- project :front50-redis | | \--- runtimeClasspath | +--- project :front50-s3 | | \--- runtimeClasspath | +--- project :front50-swift | | \--- runtimeClasspath | +--- project :front50-sql | | \--- runtimeClasspath | +--- project :front50-core | | +--- runtimeClasspath | | +--- project :front50-migrations (*) | | +--- project :front50-azure (*) | | +--- project :front50-gcs (*) | | +--- project :front50-oracle (*) | | +--- project :front50-redis (*) | | +--- project :front50-s3 (*) | | +--- project :front50-swift (*) | | \--- project :front50-sql (*) | +--- project :front50-api | | +--- runtimeClasspath | | +--- project :front50-migrations (*) | | +--- project :front50-azure (*) | | +--- project :front50-gcs (*) | | +--- project :front50-oracle (*) | | +--- project :front50-redis (*) | | +--- project :front50-s3 (*) | | +--- project :front50-swift (*) | | +--- project :front50-sql (*) | | \--- project :front50-core (*) | +--- project :front50-sql-mysql | | \--- project :front50-sql (*) | \--- project :front50-sql-postgres | \--- project :front50-sql (*) \--- io.spinnaker.kork:kork-secrets-gcp:7.188.0 +--- io.spinnaker.kork:kork-bom:7.188.0 (*) \--- io.spinnaker.kork:kork-runtime:7.188.0 +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime) \--- io.spinnaker.kork:kork-bom:7.188.0 (*) com.google.apis:google-api-services-storage:v1-rev20220401-1.32.1 -> v1-rev141-1.25.0 \--- com.google.cloud:google-cloud-storage:2.6.1 +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage) | \--- runtimeClasspath \--- io.spinnaker.kork:kork-bom:7.188.0 +--- runtimeClasspath +--- project :front50-migrations | \--- runtimeClasspath +--- project :front50-azure | \--- runtimeClasspath +--- project :front50-gcs (*) +--- project :front50-oracle | \--- runtimeClasspath +--- project :front50-redis | \--- runtimeClasspath +--- project :front50-s3 | \--- runtimeClasspath +--- project :front50-swift | \--- runtimeClasspath +--- project :front50-sql | \--- runtimeClasspath +--- project :front50-core | +--- runtimeClasspath | +--- project :front50-migrations (*) | +--- project :front50-azure (*) | +--- project :front50-gcs (*) | +--- project :front50-oracle (*) | +--- project :front50-redis (*) | +--- project :front50-s3 (*) | +--- project :front50-swift (*) | \--- project :front50-sql (*) +--- project :front50-api | +--- runtimeClasspath | +--- project :front50-migrations (*) | +--- project :front50-azure (*) | +--- project :front50-gcs (*) | +--- project :front50-oracle (*) | +--- project :front50-redis (*) | +--- project :front50-s3 (*) | +--- project :front50-swift (*) | +--- project :front50-sql (*) | \--- project :front50-core (*) +--- project :front50-sql-mysql | \--- project :front50-sql (*) \--- project :front50-sql-postgres \--- project :front50-sql (*) com.google.apis:google-api-services-storage -> v1-rev141-1.25.0 \--- project :front50-gcs \--- runtimeClasspath ``` To fix this force constraints have to be applied to build.gradle. After the fix : ``` $ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath > Task :front50-web:dependencyInsight com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9 Variant runtime: | Attribute Name | Provided | Requested | |--------------------------------|--------------|--------------| | org.gradle.status | release | | | org.gradle.category | library | library | | org.gradle.libraryelements | jar | jar | | org.gradle.usage | java-runtime | java-runtime | | org.gradle.dependency.bundling | | external | | org.gradle.jvm.environment | | standard-jvm | | org.gradle.jvm.version | | 11 | Selection reasons: - Forced - By constraint com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9 \--- com.google.cloud:google-cloud-storage:1.108.0 +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage) | \--- runtimeClasspath \--- io.spinnaker.kork:kork-bom:7.188.0 (requested com.google.cloud:google-cloud-storage:2.6.1) +--- runtimeClasspath +--- project :front50-migrations | \--- runtimeClasspath +--- project :front50-azure | \--- runtimeClasspath +--- project :front50-gcs (*) +--- project :front50-oracle | \--- runtimeClasspath +--- project :front50-redis | \--- runtimeClasspath +--- project :front50-s3 | \--- runtimeClasspath +--- project :front50-swift | \--- runtimeClasspath +--- project :front50-sql | \--- runtimeClasspath +--- project :front50-core | +--- runtimeClasspath | +--- project :front50-migrations (*) | +--- project :front50-azure (*) | +--- project :front50-gcs (*) | +--- project :front50-oracle (*) | +--- project :front50-redis (*) | +--- project :front50-s3 (*) | +--- project :front50-swift (*) | \--- project :front50-sql (*) +--- project :front50-api | +--- runtimeClasspath | +--- project :front50-migrations (*) | +--- project :front50-azure (*) | +--- project :front50-gcs (*) | +--- project :front50-oracle (*) | +--- project :front50-redis (*) | +--- project :front50-s3 (*) | +--- project :front50-swift (*) | +--- project :front50-sql (*) | \--- project :front50-core (*) +--- project :front50-sql-mysql | \--- project :front50-sql (*) \--- project :front50-sql-postgres \--- project :front50-sql (*) com.google.apis:google-api-services-storage:v1-rev141-1.25.0 -> v1-rev20200326-1.30.9 +--- io.spinnaker.kork:kork-bom:7.188.0 | +--- runtimeClasspath | +--- project :front50-migrations | | \--- runtimeClasspath | +--- project :front50-azure | | \--- runtimeClasspath | +--- project :front50-gcs | | \--- runtimeClasspath | +--- project :front50-oracle | | \--- runtimeClasspath | +--- project :front50-redis | | \--- runtimeClasspath | +--- project :front50-s3 | | \--- runtimeClasspath | +--- project :front50-swift | | \--- runtimeClasspath | +--- project :front50-sql | | \--- runtimeClasspath | +--- project :front50-core | | +--- runtimeClasspath | | +--- project :front50-migrations (*) | | +--- project :front50-azure (*) | | +--- project :front50-gcs (*) | | +--- project :front50-oracle (*) | | +--- project :front50-redis (*) | | +--- project :front50-s3 (*) | | +--- project :front50-swift (*) | | \--- project :front50-sql (*) | +--- project :front50-api | | +--- runtimeClasspath | | +--- project :front50-migrations (*) | | +--- project :front50-azure (*) | | +--- project :front50-gcs (*) | | +--- project :front50-oracle (*) | | +--- project :front50-redis (*) | | +--- project :front50-s3 (*) | | +--- project :front50-swift (*) | | +--- project :front50-sql (*) | | \--- project :front50-core (*) | +--- project :front50-sql-mysql | | \--- project :front50-sql (*) | \--- project :front50-sql-postgres | \--- project :front50-sql (*) \--- io.spinnaker.kork:kork-secrets-gcp:7.188.0 +--- io.spinnaker.kork:kork-bom:7.188.0 (*) \--- io.spinnaker.kork:kork-runtime:7.188.0 +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime) \--- io.spinnaker.kork:kork-bom:7.188.0 (*) com.google.apis:google-api-services-storage -> v1-rev20200326-1.30.9 \--- project :front50-gcs \--- runtimeClasspath ``` (cherry picked from commit fb5850c0bd8ae2b914fd7896e9b39d5978c75a92) Co-authored-by: Sandesh <30489233+j-sandy@users.noreply.github.com> --- build.gradle | 7 +++++++ front50-gcs/front50-gcs.gradle | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index fdd76aab3..ec63484a7 100644 --- a/build.gradle +++ b/build.gradle @@ -74,6 +74,13 @@ subprojects { project -> testRuntimeOnly("org.junit.vintage:junit-vintage-engine") testRuntimeOnly("org.objenesis:objenesis") } + // Keep this constraint till all other components get bumped up to this version and subsequently updated in the kork. + configurations.all { + resolutionStrategy.force 'com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9' + resolutionStrategy.force 'com.google.auth:google-auth-library-oauth2-http:0.20.0' + // TODO(plumpy): remove version once added to kork + resolutionStrategy.force 'com.google.cloud:google-cloud-storage:1.108.0' + } } } diff --git a/front50-gcs/front50-gcs.gradle b/front50-gcs/front50-gcs.gradle index ef34bb17e..36b6ff658 100644 --- a/front50-gcs/front50-gcs.gradle +++ b/front50-gcs/front50-gcs.gradle @@ -42,10 +42,3 @@ dependencies { testImplementation "io.mockk:mockk" testImplementation "org.junit.jupiter:junit-jupiter-api" } - -configurations.all { - resolutionStrategy.force 'com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9' - resolutionStrategy.force 'com.google.auth:google-auth-library-oauth2-http:0.20.0' - // TODO(plumpy): remove version once added to kork - resolutionStrategy.force 'com.google.cloud:google-cloud-storage:1.108.0' -}