daml/bazel-java-deps.bzl

217 lines
13 KiB
Python
Raw Normal View History

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# When adding, removing or changing a dependency in this file, update the pinned dependencies by executing
# $ bazel run @unpinned_maven//:pin
# See https://github.com/bazelbuild/rules_jvm_external#updating-maven_installjson
load("@rules_jvm_external//:defs.bzl", "maven_install")
load("@rules_jvm_external//:specs.bzl", "maven")
load("@scala_version//:index.bzl", "scala_major_version", "scala_version")
version_specific = {
"2.12": [
],
"2.13": [
"org.scala-lang.modules:scala-parallel-collections_2.13:1.0.0",
# Gatling does not cross-build so this is limited to Scala 2.13.
"io.gatling:gatling-app:3.5.1",
"io.gatling:gatling-core:3.5.1",
"io.gatling:gatling-commons:3.5.1",
"io.gatling:gatling-recorder:3.5.1",
"io.gatling:gatling-charts:3.5.1",
"io.gatling.highcharts:gatling-charts-highcharts:3.5.1",
"io.gatling:gatling-http:3.5.1",
"io.gatling:gatling-http-client:3.5.1",
],
}
netty_version = "4.1.58.Final"
grpc_version = "1.35.0"
akka_version = "2.6.13"
def install_java_deps():
maven_install(
artifacts = version_specific.get(scala_major_version, []) + [
"ch.qos.logback:logback-classic:1.2.3",
"ch.qos.logback:logback-core:1.2.3",
"com.auth0:java-jwt:3.10.3",
"com.auth0:jwks-rsa:0.11.0",
"com.chuusai:shapeless_{}:2.3.3".format(scala_major_version),
"com.github.ben-manes.caffeine:caffeine:2.8.0",
"com.github.ghik:silencer-plugin_{}:1.7.3".format(scala_version),
"com.github.pureconfig:pureconfig_{}:0.14.0".format(scala_major_version),
"com.github.pureconfig:pureconfig-core_{}:0.14.0".format(scala_major_version),
"com.github.pureconfig:pureconfig-generic_{}:0.14.0".format(scala_major_version),
maven.artifact("com.github.pureconfig", "pureconfig-macros_2.12", "0.14.0", neverlink = True),
"com.github.scopt:scopt_{}:4.0.0".format(scala_major_version),
"com.google.code.findbugs:jsr305:3.0.2",
"com.google.code.gson:gson:2.8.2",
"com.google.guava:guava:29.0-jre",
ledger-on-sql: Get H2 working in the conformance tests. (#4155) * kvutils: Make logback.xml a base file, rather than the only option. * kvutils/app: Simplify logback.base.xml. Mostly by getting rid of unnecessary appenders. * ledger-on-sql: Add trace logging for all database work. * Upgrade H2; there's a few useful bug fixes. * kvutils/app: Let the user override the server JDBC URL. * kvutils/app: Provide a way to specify the ledger ID. * ledger-on-sql: If there are missing entries in the log, fail on read. This can happen right now because we insert in parallel. Next step: stop doing that. * ledger-on-sql: Stop writing in parallel; it causes race conditions. This unfortunately means we also stop _reading_ in parallel, which is less fun. * Revert "ledger-on-sql: Use a sequential log entry ID." This reverts commit c58265bf43b96d16bfa62ed30a795f365b1e83f2. * ledger-on-sql: Create tables with columns that are not nullable. * ledger-on-sql: The H2 conformance tests now work, just slowly. CHANGELOG_BEGIN CHANGELOG_END * ledger-on-sql: Run tests against H2 and SQLite on memory and disk. * ledger-on-sql: Allow H2 to read from the log in parallel with writes. * ledger-on-sql: Use UUIDs for entry IDs, not 8 random bytes. * ledger-on-sql: Make sure to log the correlation ID. * ledger-on-sql: Do less while holding a database connection. * ledger-on-sql: Log the connection. * ledger-on-sql: We don't need to tell H2 not to drop the connection. The connection pool takes care of that. * ledger-on-sql: Disable H2 conformance tests on CI; they're too slow. * ledger-on-sql: Rename `loggingContext` to `logCtx`. * ledger-on-sql: Don't abuse log contexts; put the data in the message. * ledger-on-sql: Make the connection log line easier to read. And pull out the logger, even if it's only used once. * ledger-on-sql: Run the unit tests against (H2, SQLite) * (memory, file).
2020-01-22 18:54:51 +03:00
"com.h2database:h2:1.4.200",
"com.lihaoyi:pprint_{}:0.6.0".format(scala_major_version),
"com.lihaoyi:sjsonnet_{}:0.3.0".format(scala_major_version),
"commons-io:commons-io:2.5",
experimental Oracle support in json-api (#8596) * separate OracleQueries from PostgresQueries - with some changes from 8161e63189 courtesy @cocreature Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org> * abstract BIGINT * json, signatories, observers columns * compatible lastOffset Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org> * oracle functions for select (single template ID), insert Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org> * add oracle branch to integration tests * oracle CLI configuration for json-api * run integration tests with ojdbc in classpath * update maven_install for ojdbc * drop table if exists for Oracle * make create DDLs and drops more planned out; drop in reverse order for Oracle integrity * repin maven * port agreement_text * port (by removal) array part of ledger offset update * use CASE instead of JSON map lookup for multiparty offset update * simplify self types * fix contract archival * repin * remove selectContracts in favor of selectContractsMultiTemplate * move Oracle test execution to separate build target * move websocket test to itlib * make a bad array instance for Oracle * report actually-available JDBC drivers only * configure Oracle test from CI * attempt with platforms and constraints * a mismash of bazel to get it to conditionally enable oracle testing * fix dep resolution in Scala 2.13 * make the Oracle test a stub (inits and does empty DB query) * remove commented unused deps * no changelog CHANGELOG_BEGIN CHANGELOG_END * repin * we never supply a value for the surrogate ID columns - suggested by @cocreature; thanks * add not null to json in DB-specific place - suggested by @cocreature; thanks * why DBContractKey - suggested by @cocreature; thanks * textType isn't finalized - suggested by @cocreature; thanks Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org>
2021-02-17 11:50:35 +03:00
"com.oracle.database.jdbc:ojdbc8:19.8.0.0",
"com.sparkjava:spark-core:2.9.1",
"com.squareup:javapoet:1.11.1",
"com.storm-enroute:scalameter_{}:0.19".format(scala_major_version),
"com.storm-enroute:scalameter-core_{}:0.19".format(scala_major_version),
"com.typesafe.akka:akka-actor_{}:{}".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-actor-typed_{}:{}".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-http_{}:10.2.1".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-http-spray-json_{}:10.2.1".format(scala_major_version),
"com.typesafe.akka:akka-http-testkit_{}:10.2.1".format(scala_major_version),
"com.typesafe.akka:akka-slf4j_{}:{}".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-stream_{}:{}".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-stream-testkit_{}:{}".format(scala_major_version, akka_version),
"com.typesafe.akka:akka-testkit_{}:{}".format(scala_major_version, akka_version),
"org.playframework.anorm:anorm_{}:2.6.8".format(scala_major_version),
"org.playframework.anorm:anorm-akka_{}:2.6.8".format(scala_major_version),
"com.typesafe.scala-logging:scala-logging_{}:3.9.2".format(scala_major_version),
"com.zaxxer:HikariCP:3.2.0",
"eu.rekawek.toxiproxy:toxiproxy-java:2.1.3",
"io.circe:circe-core_{}:0.13.0".format(scala_major_version),
"io.circe:circe-generic_{}:0.13.0".format(scala_major_version),
"io.circe:circe-parser_{}:0.13.0".format(scala_major_version),
"io.circe:circe-yaml_{}:0.13.0".format(scala_major_version),
"io.dropwizard.metrics:metrics-core:4.1.2",
Sandbox: Configurable metrics output. (#5113) * sandbox: Clean up `MetricsReporting` a little. Make sure it closes both reporters, and avoid starting things in a constructor. * sandbox: Add hidden options for enable metrics reporting. * sandbox: Add a disambiguating name to the DB connection/thread pools. CHANGELOG_BEGIN - [Sandbox] DB connection pool metrics names have changed slightly, from ``daml.index.db.connection`` to ``daml.index.db.connection.sandbox``. - [Ledger Integration Kit] DB connection pool metrics names have changed to disambiguate the StandaloneApiServer from the StandaloneIndexerServer. The former now has a ``.ledger-api-server`` suffix, and the latter now has a ``.indexer`` suffix. CHANGELOG_END * sandbox-next: Use the same metrics registry for the API and indexer. * sandbox: Give a useful error message on an invalid metrics reporter. And simplify the error messages. With the arguments `--client-auth=foo --metrics-reporter=foo`, we now get the output: ``` Error: Option --client-auth failed when given 'foo'. Must be one of "none", "optional", or "require". Error: Option --metrics-reporter failed when given 'foo'. Must be one of "console", or "csv:PATH". Try --help for more information. ``` * sandbox: Pull out more helpers in `MetricsReporting`. * sandbox: Rename MetricsReporter classes so they don't clash. * sandbox: Wrap the `name` parameter in a `ServerName` tagged string. For safety. Yours, not mine. * sandbox: Push metrics to Graphite with `--metrics-reporter=graphite`. * sandbox: Make `MetricsReporter.Graphite` singly-lazy, not doubly-. Co-Authored-By: Stefano Baghino <43749967+stefanobaghino-da@users.noreply.github.com> * sandbox: Replace `ServerName` with `ServerRole`. * sandbox: Fix usage of `ServerRole.Testing` in `LedgerResource`. Co-authored-by: Stefano Baghino <43749967+stefanobaghino-da@users.noreply.github.com>
2020-03-23 13:59:13 +03:00
"io.dropwizard.metrics:metrics-graphite:4.1.2",
"io.dropwizard.metrics:metrics-jmx:4.1.2",
"io.dropwizard.metrics:metrics-jvm:4.1.2",
"io.opentelemetry:opentelemetry-api:0.16.0",
"io.opentelemetry:opentelemetry-context:0.16.0",
"io.opentelemetry:opentelemetry-sdk-testing:0.16.0",
"io.opentelemetry:opentelemetry-sdk-trace:0.16.0",
"io.opentelemetry:opentelemetry-semconv:0.16.0-alpha",
"io.prometheus:simpleclient:0.8.1",
"io.prometheus:simpleclient_dropwizard:0.8.1",
"io.prometheus:simpleclient_httpserver:0.8.1",
"io.prometheus:simpleclient_servlet:0.8.1",
Update netty and iogrpc version (#6063) * io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1) io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final) io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final) To resolve open vulnerabilities with these versions netty-4.1.37.Final vulnerabilities BDSA-2018-4022 (Medium) BDSA-2019-2610 (Medium) BDSA-2019-3119 (CVE-2019-16869) (Medium) BDSA-2020-0130 (Medium) BDSA BDSA-2019-4230 (CVE-2019-20445) (Low) BDSA BDSA-2019-4231 (CVE-2019-20444) (Low) BDSA BDSA-2020-0666 (CVE-2020-11612) (Low) BDSA BDSA-2019-2642 (Low) BDSA BDSA-2019-2649 (Low) BDSA BDSA-2019-2643 (Low) CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END – * Update spray versions to address vulnerabilities CVE-2018-18853 and CVE-2018-18854 CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END * do not change io.grpc version since reflection seems to be misbehaving * Clarify how to bump grpc/netty/protobuf versions Also "downgrade" netty to 4.1.48, according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty CHANGELOG_BEGIN CHANGELOG_END * Load protobuf deps after haskell deps to avoid loading an older version of rules_cc * Upgrade protoc and protobuf-java to 3.11.0 * buildifier reformat * regen unique int after rebase * remove commented patch Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 20:44:34 +03:00
# Bumping versions of io.grpc:* has a few implications:
# 1. io.grpc:grpc-protobuf has a dependency on com.google.protobuf:protobuf-java, which in
# turn needs to be aligned with the version of protoc we are using (as declared in deps.bzl).
# ScalaPB also depends on a version of protobuf-java, but for the most part we expect here a
# version mismatch between ScalaPBs declared protobuf-java dependency and the version on the
# classpath doesn't matter.
#
# 2. To keep TLS for the Ledger API Server working, the following three artifacts need be updated
# in sync according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty
#
# * io.grpc:grpc-netty
# * io.netty:netty-handler
# * io.netty:netty-tcnative-boringssl-static
#
# This effectively means all io.grpc:*, io.netty:*, and `com.google.protobuf:protobuf-java
# need to be updated with careful consideration.
# grpc
"io.grpc:grpc-api:{}".format(grpc_version),
"io.grpc:grpc-core:{}".format(grpc_version),
"io.grpc:grpc-netty:{}".format(grpc_version),
"io.grpc:grpc-protobuf:{}".format(grpc_version),
"io.grpc:grpc-services:{}".format(grpc_version),
"io.grpc:grpc-stub:{}".format(grpc_version),
Update netty and iogrpc version (#6063) * io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1) io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final) io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final) To resolve open vulnerabilities with these versions netty-4.1.37.Final vulnerabilities BDSA-2018-4022 (Medium) BDSA-2019-2610 (Medium) BDSA-2019-3119 (CVE-2019-16869) (Medium) BDSA-2020-0130 (Medium) BDSA BDSA-2019-4230 (CVE-2019-20445) (Low) BDSA BDSA-2019-4231 (CVE-2019-20444) (Low) BDSA BDSA-2020-0666 (CVE-2020-11612) (Low) BDSA BDSA-2019-2642 (Low) BDSA BDSA-2019-2649 (Low) BDSA BDSA-2019-2643 (Low) CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END – * Update spray versions to address vulnerabilities CVE-2018-18853 and CVE-2018-18854 CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END * do not change io.grpc version since reflection seems to be misbehaving * Clarify how to bump grpc/netty/protobuf versions Also "downgrade" netty to 4.1.48, according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty CHANGELOG_BEGIN CHANGELOG_END * Load protobuf deps after haskell deps to avoid loading an older version of rules_cc * Upgrade protoc and protobuf-java to 3.11.0 * buildifier reformat * regen unique int after rebase * remove commented patch Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 20:44:34 +03:00
# netty
"io.netty:netty-codec-http2:{}".format(netty_version),
"io.netty:netty-handler:{}".format(netty_version),
"io.netty:netty-handler-proxy:{}".format(netty_version),
"io.netty:netty-resolver:{}".format(netty_version),
"io.netty:netty-tcnative-boringssl-static:2.0.36.Final",
Update netty and iogrpc version (#6063) * io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1) io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final) io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final) To resolve open vulnerabilities with these versions netty-4.1.37.Final vulnerabilities BDSA-2018-4022 (Medium) BDSA-2019-2610 (Medium) BDSA-2019-3119 (CVE-2019-16869) (Medium) BDSA-2020-0130 (Medium) BDSA BDSA-2019-4230 (CVE-2019-20445) (Low) BDSA BDSA-2019-4231 (CVE-2019-20444) (Low) BDSA BDSA-2020-0666 (CVE-2020-11612) (Low) BDSA BDSA-2019-2642 (Low) BDSA BDSA-2019-2649 (Low) BDSA BDSA-2019-2643 (Low) CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END – * Update spray versions to address vulnerabilities CVE-2018-18853 and CVE-2018-18854 CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END * do not change io.grpc version since reflection seems to be misbehaving * Clarify how to bump grpc/netty/protobuf versions Also "downgrade" netty to 4.1.48, according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty CHANGELOG_BEGIN CHANGELOG_END * Load protobuf deps after haskell deps to avoid loading an older version of rules_cc * Upgrade protoc and protobuf-java to 3.11.0 * buildifier reformat * regen unique int after rebase * remove commented patch Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 20:44:34 +03:00
# protobuf
"com.google.protobuf:protobuf-java:3.14.0",
Update netty and iogrpc version (#6063) * io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1) io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final) io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final) To resolve open vulnerabilities with these versions netty-4.1.37.Final vulnerabilities BDSA-2018-4022 (Medium) BDSA-2019-2610 (Medium) BDSA-2019-3119 (CVE-2019-16869) (Medium) BDSA-2020-0130 (Medium) BDSA BDSA-2019-4230 (CVE-2019-20445) (Low) BDSA BDSA-2019-4231 (CVE-2019-20444) (Low) BDSA BDSA-2020-0666 (CVE-2020-11612) (Low) BDSA BDSA-2019-2642 (Low) BDSA BDSA-2019-2649 (Low) BDSA BDSA-2019-2643 (Low) CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END – * Update spray versions to address vulnerabilities CVE-2018-18853 and CVE-2018-18854 CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END * do not change io.grpc version since reflection seems to be misbehaving * Clarify how to bump grpc/netty/protobuf versions Also "downgrade" netty to 4.1.48, according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty CHANGELOG_BEGIN CHANGELOG_END * Load protobuf deps after haskell deps to avoid loading an older version of rules_cc * Upgrade protoc and protobuf-java to 3.11.0 * buildifier reformat * regen unique int after rebase * remove commented patch Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 20:44:34 +03:00
#scalapb
"com.thesamet.scalapb:compilerplugin_{}:0.9.0".format(scala_major_version),
"com.thesamet.scalapb:lenses_{}:0.9.0".format(scala_major_version),
"com.thesamet.scalapb:protoc-bridge_{}:0.7.8".format(scala_major_version),
"com.thesamet.scalapb:scalapb-runtime_{}:0.9.0".format(scala_major_version),
"com.thesamet.scalapb:scalapb-runtime-grpc_{}:0.9.0".format(scala_major_version),
Update netty and iogrpc version (#6063) * io.grpc:grpc-xxxx to 1.29.0 (from 1.22.1) io.netty:netty-xxxx to .1.50.Final (from 4.1.37.Final) io.nett.netty-tcp-native-boringssl-static to 2.0.30.Final (from 2.0.25.Final) To resolve open vulnerabilities with these versions netty-4.1.37.Final vulnerabilities BDSA-2018-4022 (Medium) BDSA-2019-2610 (Medium) BDSA-2019-3119 (CVE-2019-16869) (Medium) BDSA-2020-0130 (Medium) BDSA BDSA-2019-4230 (CVE-2019-20445) (Low) BDSA BDSA-2019-4231 (CVE-2019-20444) (Low) BDSA BDSA-2020-0666 (CVE-2020-11612) (Low) BDSA BDSA-2019-2642 (Low) BDSA BDSA-2019-2649 (Low) BDSA BDSA-2019-2643 (Low) CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END – * Update spray versions to address vulnerabilities CVE-2018-18853 and CVE-2018-18854 CHANGELOG_BEGIN Upgrade io.grpc:grpc-xxxxx and io.netty:netty-xxx version to latest released to avoid exposure to reported security vulnerabilities in currently used versions CHANGELOG_END * do not change io.grpc version since reflection seems to be misbehaving * Clarify how to bump grpc/netty/protobuf versions Also "downgrade" netty to 4.1.48, according to https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty CHANGELOG_BEGIN CHANGELOG_END * Load protobuf deps after haskell deps to avoid loading an older version of rules_cc * Upgrade protoc and protobuf-java to 3.11.0 * buildifier reformat * regen unique int after rebase * remove commented patch Co-authored-by: Gerolf Seitz <gerolf.seitz@daml.com>
2020-05-27 20:44:34 +03:00
# ---- end of grpc-protobuf-netty block
"io.reactivex.rxjava2:rxjava:2.2.1",
"io.spray:spray-json_{}:1.3.5".format(scala_major_version),
"io.zipkin.brave:brave:4.6.0",
"io.zipkin.reporter:zipkin-sender-okhttp3:1.0.4",
"javax.annotation:javax.annotation-api:1.2",
"javax.ws.rs:javax.ws.rs-api:2.1",
"junit:junit:4.12",
"junit:junit-dep:4.10",
"net.logstash.logback:logstash-logback-encoder:6.6",
"org.codehaus.janino:janino:3.1.4",
"org.apache.commons:commons-lang3:3.9",
"org.apache.commons:commons-text:1.4",
"org.awaitility:awaitility:3.1.6",
"org.checkerframework:checker:2.5.4",
"org.flywaydb:flyway-core:6.5.0",
"org.freemarker:freemarker-gae:2.3.28",
"org.jline:jline:3.7.1",
"org.jline:jline-reader:3.7.1",
"org.junit.jupiter:junit-jupiter-api:5.0.0",
"org.junit.jupiter:junit-jupiter-engine:5.0.0",
"org.junit.platform:junit-platform-engine:1.0.0",
"org.junit.platform:junit-platform-runner:1.0.0",
"org.mockito:mockito-core:3.6.28",
"org.mockito:mockito-inline:3.6.28",
"org.mockito:mockito-scala_{}:1.16.3".format(scala_major_version),
"org.pcollections:pcollections:2.1.3",
"org.postgresql:postgresql:42.2.18",
"org.reactivestreams:reactive-streams:1.0.2",
"org.reactivestreams:reactive-streams-tck:1.0.2",
"org.sangria-graphql:sangria_{}:2.0.1".format(scala_major_version),
"org.sangria-graphql:sangria-spray-json_{}:1.0.2".format(scala_major_version),
"org.scalacheck:scalacheck_{}:1.14.0".format(scala_major_version),
"org.scala-lang.modules:scala-collection-compat_{}:2.3.2".format(scala_major_version),
"org.scala-lang.modules:scala-java8-compat_{}:0.9.0".format(scala_major_version),
"org.scalameta:munit_{}:0.7.26".format(scala_major_version),
"org.scalactic:scalactic_{}:3.1.2".format(scala_major_version),
"org.scalatest:scalatest_{}:3.1.2".format(scala_major_version),
"org.scalatestplus:scalacheck-1-14_{}:3.1.4.0".format(scala_major_version),
"org.scalatestplus:selenium-3-141_{}:3.1.3.0".format(scala_major_version),
"org.scalatestplus:testng-6-7_{}:3.1.4.0".format(scala_major_version),
"org.scalaz:scalaz-core_{}:7.2.30".format(scala_major_version),
"org.scalaz:scalaz-scalacheck-binding_{}:7.2.30-scalacheck-1.14".format(scala_major_version),
"org.seleniumhq.selenium:selenium-java:3.12.0",
"org.slf4j:slf4j-api:1.7.26",
"org.slf4j:slf4j-simple:1.7.26",
"org.typelevel:kind-projector_{}:0.11.3".format(scala_version),
"org.tpolecat:doobie-core_{}:0.9.2".format(scala_major_version),
"org.tpolecat:doobie-hikari_{}:0.9.2".format(scala_major_version),
"org.tpolecat:doobie-postgres_{}:0.9.2".format(scala_major_version),
"org.typelevel:paiges-core_{}:0.3.2".format(scala_major_version),
"org.wartremover:wartremover_{}:2.4.13".format(scala_version),
"org.xerial:sqlite-jdbc:3.30.1",
add blackduck scan to run on master (#6130) (#8161) * add blackduck scan to run on master (#6130) * add blackduck scan * disable go scanning exclude entire language-support/ts directory for node scanning break to multiple lines to make command line params easier to parse * Increase timeout for blackduck binary scan * update blackduck scan config * remove some exclusions, force python3 * exclude GO until path to go executable can be resolved * added readme explanation of why we want this file * fail in case of policy violation * ensure haskell bazel scan completes before running second round scan for bazel jvm and node and other langs * trigger notices file gen to ensure BOM complete * remove trailing end of lines * run with latest detect version and unique code location name changes to wrapper script * Add blackduck to daily compat job * DO NOT MERGE: condition false to disable other jobs for testing * remove parameters not available to cronjob * Revert changes to regular CI pipeline CHANGELOG_BEGIN CHANGELOG_END Signed-off-by: Brian Healey <brian.healey@digitalasset.com> * Do not get branch name from variable * Upgrade com.fasterxml.jackson.core:jackson-databind to 2.12.0 to address security vulnerability * Remove disabling of other jobs, set to branch to be used on prod runs * Apply suggestions from code review Co-authored-by: Gary Verhaegen <gary.verhaegen@digitalasset.com> * Address code review comments * Updated NOTICES file * Run bazel build, update NOTICES file * Correct dade-assist * do not have perms to pipe to dev/null * Add md file explaining how to update NOTICES file * Add instructions for running blackduck locally * Add a link to full security-blackduck readme Co-authored-by: Gary Verhaegen <gary.verhaegen@digitalasset.com>
2020-12-07 22:59:39 +03:00
"com.fasterxml.jackson.core:jackson-core:2.12.0",
"com.fasterxml.jackson.core:jackson-databind:2.12.0",
],
2019-10-29 17:43:56 +03:00
fetch_sources = True,
maven_install_json = "@com_github_digital_asset_daml//:maven_install_{}.json".format(scala_major_version),
override_targets = {
# Replacements for core Scala libraries.
# These libraries must be provided by the Scala toolchain.
#
# Without these you may get obscure compiler errors about missing implicits,
# or types that should be `Any`.
# This needs to be kept in sync with //bazel-tools:pom_file.bzl
"org.scala-lang:scala-compiler": "@io_bazel_rules_scala_scala_compiler//:io_bazel_rules_scala_scala_compiler",
"org.scala-lang:scala-library": "@io_bazel_rules_scala_scala_library//:io_bazel_rules_scala_scala_library",
"org.scala-lang:scala-reflect": "@io_bazel_rules_scala_scala_reflect//:io_bazel_rules_scala_scala_reflect",
"org.scala-lang.modules:scala-parser-combinators": "@io_bazel_rules_scala_scala_parser_combinators//:io_bazel_rules_scala_scala_parser_combinators",
"org.scala-tools.testing:test-interface": "//:org_scala_sbt_test_interface",
"org.scalactic:scalactic_2.12": "@io_bazel_rules_scala_scalactic//:io_bazel_rules_scala_scalactic",
"org.scalatest:scalatest_2.12": "@io_bazel_rules_scala_scalatest//:io_bazel_rules_scala_scalatest",
},
repositories = [
"https://repo1.maven.org/maven2",
],
# The strict_visibility attribute controls whether all artifacts should
# be visible (including transitive dependencies), or whether only
# explicitly declared artifacts should be visible. The targets
# generated by maven_install do not forward transitive dependencies.
# Instead, users need to explicitly declare each package a dependency
# from which they wish to import. This makes strict visibility
# inconvenient as one would have to pin versions of transitive
# dependencies in this file, which complicates version updates later
# on. Therefore, we don't enable strict visibility. This is the default.
# strict_visibility = True,
version_conflict_policy = "pinned",
)