This is an automated email from the ASF dual-hosted git repository. epugh pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/solr.git
commit 48ac81b70977b18504ec53902b3476e0974d35f2 Author: Kevin Risden <[email protected]> AuthorDate: Tue Feb 8 13:44:54 2022 -0500 SOLR-15992: Globally forbid and exclude known bad dependencies Includes SOLR-15988: Remove gradle/hacks/solr.findbugs.gradle This also removes @Nonnull and @Nullable due to removing jsr305 completely from the build. --- build.gradle | 2 +- gradle/documentation/render-javadoc.gradle | 2 - gradle/hacks/global-exclude-dependencies.gradle | 52 ++++++ gradle/hacks/solr.findbugs.gradle | 51 ------ gradle/validation/jar-checks.gradle | 4 +- solr/CHANGES.txt | 2 + solr/core/build.gradle | 22 +-- .../solr/cloud/api/collections/BackupCmd.java | 5 +- .../impl/SimpleClusterAbstractionsImpl.java | 5 - .../apache/solr/security/AllowListUrlChecker.java | 3 +- .../placement/ClusterAbstractionsForTest.java | 4 - solr/licenses/commons-logging-1.2.jar.sha1 | 1 - solr/licenses/commons-logging-LICENSE-ASL.txt | 202 --------------------- solr/licenses/commons-logging-NOTICE.txt | 5 - solr/modules/analytics/build.gradle | 2 +- solr/modules/gcs-repository/build.gradle | 7 +- solr/modules/hdfs/build.gradle | 11 +- solr/modules/s3-repository/build.gradle | 7 +- solr/modules/scripting/build.gradle | 2 +- solr/solrj/build.gradle | 11 +- solr/test-framework/build.gradle | 12 +- versions.lock | 8 +- versions.props | 2 +- 23 files changed, 101 insertions(+), 321 deletions(-) diff --git a/build.gradle b/build.gradle index a94f798..bf00835 100644 --- a/build.gradle +++ b/build.gradle @@ -192,8 +192,8 @@ apply from: file('gradle/documentation/changes-to-html.gradle') apply from: file('gradle/documentation/markdown.gradle') apply from: file('gradle/documentation/render-javadoc.gradle') +apply from: file('gradle/hacks/global-exclude-dependencies.gradle') apply from: file('gradle/hacks/gradle-archives.gradle') -apply from: file('gradle/hacks/solr.findbugs.gradle') apply from: file('gradle/hacks/wipe-temp.gradle') apply from: file('gradle/hacks/hashmapAssertions.gradle') diff --git a/gradle/documentation/render-javadoc.gradle b/gradle/documentation/render-javadoc.gradle index 26a1bc8..5e1b321 100644 --- a/gradle/documentation/render-javadoc.gradle +++ b/gradle/documentation/render-javadoc.gradle @@ -1,7 +1,5 @@ import org.gradle.internal.jvm.Jvm -import javax.annotation.Nullable - /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with diff --git a/gradle/hacks/global-exclude-dependencies.gradle b/gradle/hacks/global-exclude-dependencies.gradle new file mode 100644 index 0000000..9a437b8 --- /dev/null +++ b/gradle/hacks/global-exclude-dependencies.gradle @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Globally exclude known bad dependencies to ensure they aren't included in any transitive dependency. + +allprojects { prj -> + // Ensure we only limit to compilation and runtime configurations for the JavaPlugin. + // There doesn't seem to be a way to pull this out of JavaPlugin programatically. + // https://docs.gradle.org/current/userguide/java_plugin.html#tab:configurations + def configNames = [ + Dependency.DEFAULT_CONFIGURATION, + JavaPlugin.API_CONFIGURATION_NAME, + JavaPlugin.COMPILE_ONLY_API_CONFIGURATION_NAME, + JavaPlugin.IMPLEMENTATION_CONFIGURATION_NAME, + JavaPlugin.COMPILE_ONLY_CONFIGURATION_NAME, + JavaPlugin.RUNTIME_ONLY_CONFIGURATION_NAME, + JavaPlugin.TEST_IMPLEMENTATION_CONFIGURATION_NAME, + JavaPlugin.TEST_COMPILE_ONLY_CONFIGURATION_NAME, + JavaPlugin.TEST_RUNTIME_ONLY_CONFIGURATION_NAME, + // gradle/validation/jar-checks.gradle uses the compile and runtime classpaths + // to find jars so need to exclude otherwise license files are created. + JavaPlugin.COMPILE_CLASSPATH_CONFIGURATION_NAME, + JavaPlugin.RUNTIME_CLASSPATH_CONFIGURATION_NAME, + JavaPlugin.TEST_COMPILE_CLASSPATH_CONFIGURATION_NAME, + JavaPlugin.TEST_RUNTIME_CLASSPATH_CONFIGURATION_NAME + ] + configurations.matching { it.name in configNames }.all { + exclude group: 'log4j', module: 'log4j' // use SLF4j + exclude group: 'commons-logging', module: 'commons-logging' // use SLF4j + exclude group: 'com.google.code.findbugs', module: 'jsr305' // Uses GPL license + exclude group: 'com.google.code.findbugs', module: 'annotations' // Use Spotbugs Annotations as replacement + exclude group: 'javax.annotation', module: 'javax.annotation-api' // Replaced with jakarta.annotation-api + exclude group: 'org.slf4j', module: 'slf4j-log4j12' // don't include log4j 1.x + exclude group: 'org.apache.yetus', module: 'audience-annotations' // Don't need annotations + exclude group: 'org.codehaus.mojo', module: 'animal-sniffer-annotations' // Don't need annotations + // be conservative on what's added here. Affects all Java project compilation and runtime. + } +} diff --git a/gradle/hacks/solr.findbugs.gradle b/gradle/hacks/solr.findbugs.gradle deleted file mode 100644 index ab10146..0000000 --- a/gradle/hacks/solr.findbugs.gradle +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// See LUCENE-9411. This hack adds compile-time only dependencies -// on findbugs and error_prone annotations. Otherwise javac generates odd warnings about missing -// type information. - -configure([project(":solr:core"), - project(":solr:solrj"), - project(":solr:test-framework"), - project(":solr:modules:analytics"), - project(":solr:modules:langid"), - project(":solr:modules:ltr"), - project(":solr:modules:s3-repository"), - project(":solr:modules:scripting"), - project(":solr:prometheus-exporter")]) { - plugins.withType(JavaPlugin) { - dependencies { - // Use versionless variants because these libraries are in versions.lock. - compileOnly 'com.google.errorprone:error_prone_annotations' - testCompileOnly 'com.google.errorprone:error_prone_annotations' - compileOnly 'com.google.code.findbugs:jsr305' - testCompileOnly 'com.google.code.findbugs:jsr305' - - // This one isn't. - compileOnly 'com.google.code.findbugs:annotations:3.0.1' - testCompileOnly 'com.google.code.findbugs:annotations:3.0.1' - } - - // Exclude these from jar validation and license checks. - configurations.jarValidation { - exclude group: "com.google.code.findbugs", module: "jsr305" - exclude group: "com.google.code.findbugs", module: "annotations" - exclude group: "com.google.errorprone", module: "error_prone_annotations" - } - } -} diff --git a/gradle/validation/jar-checks.gradle b/gradle/validation/jar-checks.gradle index 0372c7e..85afb91 100644 --- a/gradle/validation/jar-checks.gradle +++ b/gradle/validation/jar-checks.gradle @@ -112,7 +112,9 @@ subprojects { conf = conf.copyRecursive() conf.canBeResolved = true conf.canBeConsumed = true - conf.excludeRules = excludeRules + def newConfExcludeRules = new HashSet<>(conf.excludeRules) + newConfExcludeRules.addAll(excludeRules) + conf.excludeRules = newConfExcludeRules } if (conf.canBeResolved) { queue.addAll(conf.resolvedConfiguration.firstLevelModuleDependencies) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 92dfaf6..f3a0c61 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -320,6 +320,8 @@ Build * SOLR-15987: Upgrade slf4j to 1.7.35 and remove ant-compat/force-versions.gradle (Kevin Risden) +* SOLR-15992: Globally forbid and exclude known bad dependencies (Kevin Risden) + Other Changes ---------------------- * SOLR-14656: Autoscaling framework removed (Ishan Chattopadhyaya, noble, Ilan Ginzburg) diff --git a/solr/core/build.gradle b/solr/core/build.gradle index a709f83..c0105dc 100644 --- a/solr/core/build.gradle +++ b/solr/core/build.gradle @@ -20,17 +20,17 @@ apply plugin: 'java-library' description = 'Apache Solr Core' -configurations.all { - exclude group: 'log4j', module: 'log4j' - exclude group: 'commons-logging', module: 'commons-logging' - exclude group: 'org.slf4j', module: 'slf4j-log4j12' - exclude group: 'org.apache.yetus', module: 'audience-annotations' - exclude group: 'org.codehaus.mojo', module: 'animal-sniffer-annotations' - exclude group: "com.google.code.findbugs", module: "jsr305" - // be conservative on what's added here. Affects *all* configs, including internal ones. -} - dependencies { + // Spotbugs Annotations are only needed for old findbugs + // annotation usage like in Zookeeper during compilation time. + // It is not included in the release so exclude from checks. + compileOnly 'com.github.spotbugs:spotbugs-annotations' + testCompileOnly 'com.github.spotbugs:spotbugs-annotations' + // Exclude these from jar validation and license checks. + configurations.jarValidation { + exclude group: "com.github.spotbugs", module: "spotbugs-annotations" + } + // Export these dependencies so that they're imported transitively by // other modules. @@ -64,7 +64,7 @@ dependencies { implementation "org.apache.lucene:lucene-suggest" // Collections & lang utilities - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' implementation 'org.apache.commons:commons-lang3' implementation 'org.apache.commons:commons-math3' implementation 'commons-io:commons-io' diff --git a/solr/core/src/java/org/apache/solr/cloud/api/collections/BackupCmd.java b/solr/core/src/java/org/apache/solr/cloud/api/collections/BackupCmd.java index 6df02b2..7c92e54 100644 --- a/solr/core/src/java/org/apache/solr/cloud/api/collections/BackupCmd.java +++ b/solr/core/src/java/org/apache/solr/cloud/api/collections/BackupCmd.java @@ -45,7 +45,6 @@ import org.apache.solr.handler.component.ShardHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.annotation.Nullable; import java.io.IOException; import java.lang.invoke.MethodHandles; import java.net.URI; @@ -265,8 +264,8 @@ public class BackupCmd implements CollApiCmds.CollectionApiCommand { private NamedList<Object> aggregateResults(NamedList<Object> results, String collectionName, Collection<Slice> slices, - @Nullable BackupManager backupManager, - @Nullable BackupProperties backupProps) { + BackupManager backupManager, + BackupProperties backupProps) { NamedList<Object> aggRsp = new SimpleOrderedMap<>(); aggRsp.add("collection", collectionName); aggRsp.add("numShards", slices.size()); diff --git a/solr/core/src/java/org/apache/solr/cluster/placement/impl/SimpleClusterAbstractionsImpl.java b/solr/core/src/java/org/apache/solr/cluster/placement/impl/SimpleClusterAbstractionsImpl.java index e5d99b2..74cb9d4 100644 --- a/solr/core/src/java/org/apache/solr/cluster/placement/impl/SimpleClusterAbstractionsImpl.java +++ b/solr/core/src/java/org/apache/solr/cluster/placement/impl/SimpleClusterAbstractionsImpl.java @@ -31,8 +31,6 @@ import org.apache.solr.common.cloud.Slice; import org.apache.solr.common.params.CollectionAdminParams; import org.apache.solr.common.util.Pair; -import javax.annotation.Nonnull; - /** * <p>The implementation of the cluster abstractions from {@link org.apache.solr.cluster} as static inner classes of this * one are a very straightforward approach @@ -82,7 +80,6 @@ class SimpleClusterAbstractionsImpl { } @Override - @Nonnull public Iterator<SolrCollection> iterator() { return clusterState.getCollectionsMap().values().stream().map(SolrCollectionImpl::fromDocCollection).collect(Collectors.toSet()).iterator(); } @@ -176,7 +173,6 @@ class SimpleClusterAbstractionsImpl { } @Override - @Nonnull public Iterator<Shard> iterator() { return shards.values().iterator(); } @@ -272,7 +268,6 @@ class SimpleClusterAbstractionsImpl { } @Override - @Nonnull public Iterator<Replica> iterator() { return replicas.values().iterator(); } diff --git a/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java b/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java index d119b13..518bd37 100644 --- a/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java +++ b/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java @@ -24,7 +24,6 @@ import org.apache.solr.core.NodeConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.annotation.Nullable; import java.lang.invoke.MethodHandles; import java.net.MalformedURLException; import java.net.URL; @@ -134,7 +133,7 @@ public class AllowListUrlChecker { * @throws SolrException If an URL is not present in the allow-list or in the provided {@link * ClusterState}. */ - public void checkAllowList(List<String> urls, @Nullable ClusterState clusterState) + public void checkAllowList(List<String> urls, ClusterState clusterState) throws MalformedURLException { Set<String> clusterHostAllowList = clusterState == null ? Collections.emptySet() : clusterState.getHostAllowList(); diff --git a/solr/core/src/test/org/apache/solr/cluster/placement/ClusterAbstractionsForTest.java b/solr/core/src/test/org/apache/solr/cluster/placement/ClusterAbstractionsForTest.java index adf4396..f39d1a2 100644 --- a/solr/core/src/test/org/apache/solr/cluster/placement/ClusterAbstractionsForTest.java +++ b/solr/core/src/test/org/apache/solr/cluster/placement/ClusterAbstractionsForTest.java @@ -19,7 +19,6 @@ package org.apache.solr.cluster.placement; import org.apache.solr.cluster.*; -import javax.annotation.Nonnull; import java.util.*; import java.util.stream.Collectors; @@ -53,7 +52,6 @@ class ClusterAbstractionsForTest { } @Override - @Nonnull public Iterator<SolrCollection> iterator() { return collections.values().iterator(); } @@ -145,7 +143,6 @@ class ClusterAbstractionsForTest { } @Override - @Nonnull public Iterator<Shard> iterator() { return shards.values().iterator(); } @@ -204,7 +201,6 @@ class ClusterAbstractionsForTest { } @Override - @Nonnull public Iterator<Replica> iterator() { return replicas.values().iterator(); } diff --git a/solr/licenses/commons-logging-1.2.jar.sha1 b/solr/licenses/commons-logging-1.2.jar.sha1 deleted file mode 100644 index c314688..0000000 --- a/solr/licenses/commons-logging-1.2.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -4bfc12adfe4842bf07b657f0369c4cb522955686 diff --git a/solr/licenses/commons-logging-LICENSE-ASL.txt b/solr/licenses/commons-logging-LICENSE-ASL.txt deleted file mode 100644 index 7a4a3ea..0000000 --- a/solr/licenses/commons-logging-LICENSE-ASL.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file diff --git a/solr/licenses/commons-logging-NOTICE.txt b/solr/licenses/commons-logging-NOTICE.txt deleted file mode 100644 index 1a45218..0000000 --- a/solr/licenses/commons-logging-NOTICE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Apache Commons Logging -Copyright 2003-2016 The Apache Software Foundation - -This product includes software developed at -The Apache Software Foundation (http://www.apache.org/). diff --git a/solr/modules/analytics/build.gradle b/solr/modules/analytics/build.gradle index 70f1fd1..ffcbbb4 100644 --- a/solr/modules/analytics/build.gradle +++ b/solr/modules/analytics/build.gradle @@ -28,7 +28,7 @@ dependencies { implementation 'com.fasterxml.jackson.core:jackson-annotations' implementation 'com.fasterxml.jackson.core:jackson-core' implementation 'com.fasterxml.jackson.core:jackson-databind' - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' testImplementation project(':solr:test-framework') testImplementation 'com.carrotsearch.randomizedtesting:randomizedtesting-runner' diff --git a/solr/modules/gcs-repository/build.gradle b/solr/modules/gcs-repository/build.gradle index d052a5c..bede010 100644 --- a/solr/modules/gcs-repository/build.gradle +++ b/solr/modules/gcs-repository/build.gradle @@ -20,11 +20,6 @@ apply plugin: 'java-library' description = 'GCS Backup Repository' -configurations.all { - exclude group: "javax.annotation", module: "javax.annotation-api" - exclude group: "com.google.code.findbugs", module: "jsr305" -} - dependencies { api project(':solr:core') implementation project(':solr:solrj') @@ -32,7 +27,7 @@ dependencies { implementation 'org.apache.lucene:lucene-core' implementation 'org.slf4j:slf4j-api' - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' implementation ('com.google.api:api-common') { exclude group: 'com.google.guava', module: 'guava' } implementation ('com.google.api:gax') { exclude group: 'com.google.guava', module: 'guava' } implementation ('com.google.api:gax-httpjson') { transitive = false } diff --git a/solr/modules/hdfs/build.gradle b/solr/modules/hdfs/build.gradle index a0686ad..3e0c17a 100644 --- a/solr/modules/hdfs/build.gradle +++ b/solr/modules/hdfs/build.gradle @@ -20,15 +20,6 @@ apply plugin: 'java-library' description = 'HDFS Contrib Module' dependencies { - configurations.all { - exclude group: 'log4j', module: 'log4j' - exclude group: 'commons-logging', module: 'commons-logging' - exclude group: 'org.slf4j', module: 'slf4j-log4j12' - exclude group: 'org.apache.yetus', module: 'audience-annotations' - exclude group: 'org.codehaus.mojo', module: 'animal-sniffer-annotations' - // be conservative on what's added here. Affects *all* configs, including internal ones. - } - implementation project(':solr:core') implementation project(':solr:solrj') @@ -50,7 +41,7 @@ dependencies { implementation ('org.apache.hadoop:hadoop-hdfs-client') { transitive = false } // Guava implements the VisibleForTesting annotations - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' // Caffeine cache to implement HDFS block caching implementation ('com.github.ben-manes.caffeine:caffeine') diff --git a/solr/modules/s3-repository/build.gradle b/solr/modules/s3-repository/build.gradle index 6df2ec3..66ebf6e 100644 --- a/solr/modules/s3-repository/build.gradle +++ b/solr/modules/s3-repository/build.gradle @@ -19,11 +19,6 @@ apply plugin: 'java-library' description = 'S3 Repository' -configurations.all { - exclude group: "javax.annotation", module: "javax.annotation-api" - exclude group: "com.google.code.findbugs", module: "jsr305" -} - dependencies { api project(':solr:core') implementation project(':solr:solrj') @@ -41,7 +36,7 @@ dependencies { implementation (group: 'software.amazon.awssdk', name: 'sdk-core') implementation (group: 'software.amazon.awssdk', name: 'protocol-core') - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' implementation 'commons-io:commons-io' implementation 'org.slf4j:slf4j-api' diff --git a/solr/modules/scripting/build.gradle b/solr/modules/scripting/build.gradle index 3c43ff4..a177f26 100644 --- a/solr/modules/scripting/build.gradle +++ b/solr/modules/scripting/build.gradle @@ -27,7 +27,7 @@ dependencies { implementation 'org.slf4j:slf4j-api' implementation 'commons-io:commons-io' - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' testImplementation project(':solr:test-framework') testImplementation 'org.apache.lucene:lucene-test-framework' diff --git a/solr/solrj/build.gradle b/solr/solrj/build.gradle index be71b7e..c80f971 100644 --- a/solr/solrj/build.gradle +++ b/solr/solrj/build.gradle @@ -21,6 +21,15 @@ apply plugin: 'java-library' description = 'Solrj - Solr Java Client' dependencies { + // Spotbugs Annotations are only needed for old findbugs + // annotation usage like in Zookeeper during compilation time. + // It is not included in the release so exclude from checks. + compileOnly 'com.github.spotbugs:spotbugs-annotations' + // Exclude these from jar validation and license checks. + configurations.jarValidation { + exclude group: "com.github.spotbugs", module: "spotbugs-annotations" + } + implementation 'org.slf4j:slf4j-api' runtimeOnly 'org.slf4j:jcl-over-slf4j' @@ -79,6 +88,6 @@ dependencies { }) testRuntimeOnly "org.hsqldb:hsqldb" // runtime because via JDBC reflection testImplementation 'org.apache.commons:commons-lang3' - testImplementation ('com.google.guava:guava') { transitive = false } + testImplementation 'com.google.guava:guava' testImplementation 'io.dropwizard.metrics:metrics-core' } diff --git a/solr/test-framework/build.gradle b/solr/test-framework/build.gradle index e543c1c..429ca93 100644 --- a/solr/test-framework/build.gradle +++ b/solr/test-framework/build.gradle @@ -20,6 +20,15 @@ apply plugin: 'java-library' description = 'Solr Test Framework' dependencies { + // Spotbugs Annotations are only needed for old findbugs + // annotation usage like in Zookeeper during compilation time. + // It is not included in the release so exclude from checks. + compileOnly 'com.github.spotbugs:spotbugs-annotations' + // Exclude these from jar validation and license checks. + configurations.jarValidation { + exclude group: "com.github.spotbugs", module: "spotbugs-annotations" + } + api project(':solr:core') api project(':solr:solrj') @@ -43,7 +52,7 @@ dependencies { implementation 'org.apache.logging.log4j:log4j-core' implementation 'io.opentracing:opentracing-noop' implementation 'io.opentracing:opentracing-util' - implementation ('com.google.guava:guava') { transitive = false } + implementation 'com.google.guava:guava' implementation 'io.dropwizard.metrics:metrics-core' implementation 'io.dropwizard.metrics:metrics-jetty9' implementation 'commons-cli:commons-cli' @@ -60,4 +69,3 @@ dependencies { implementation 'junit:junit' implementation 'org.hamcrest:hamcrest' } - diff --git a/versions.lock b/versions.lock index 52e777b..4f7d27d 100644 --- a/versions.lock +++ b/versions.lock @@ -13,6 +13,7 @@ com.fasterxml.jackson.core:jackson-databind:2.13.1 (16 constraints: f62b03fa) com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.13.1 (2 constraints: f0137e82) com.fasterxml.woodstox:woodstox-core:6.2.7 (2 constraints: 501caf9f) com.github.ben-manes.caffeine:caffeine:3.0.5 (1 constraints: 0a05ff35) +com.github.spotbugs:spotbugs-annotations:4.5.3 (1 constraints: 0e051136) com.github.virtuald:curvesapi:1.06 (1 constraints: db04f530) com.github.zafarkhaja:java-semver:0.9.0 (1 constraints: 0b050636) com.google.api:api-common:1.10.1 (4 constraints: 822c34f6) @@ -28,10 +29,8 @@ com.google.auto.value:auto-value-annotations:1.7.4 (4 constraints: 443dc4e1) com.google.cloud:google-cloud-core:1.94.3 (3 constraints: da2307c0) com.google.cloud:google-cloud-core-http:1.94.3 (2 constraints: 651543d8) com.google.cloud:google-cloud-storage:1.113.14 (2 constraints: 10143aa3) -com.google.code.findbugs:annotations:3.0.1 (1 constraints: 0605fb35) -com.google.code.findbugs:jsr305:3.0.1 (1 constraints: b70f3485) com.google.code.gson:gson:2.8.6 (5 constraints: 1545748b) -com.google.errorprone:error_prone_annotations:2.10.0 (6 constraints: 4c4d2718) +com.google.errorprone:error_prone_annotations:2.10.0 (5 constraints: 18489d8d) com.google.guava:failureaccess:1.0.1 (1 constraints: e60fd595) com.google.guava:guava:25.1-jre (2 constraints: 0515c2b9) com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava (1 constraints: 8f1d45cb) @@ -60,7 +59,6 @@ commons-cli:commons-cli:1.4 (1 constraints: a9041e2c) commons-codec:commons-codec:1.13 (4 constraints: b633162d) commons-collections:commons-collections:3.2.2 (1 constraints: 09050236) commons-io:commons-io:2.8.0 (4 constraints: 842b7e24) -commons-logging:commons-logging:1.2 (3 constraints: 3b22c8bc) de.l3s.boilerpipe:boilerpipe:1.1.0 (1 constraints: 0405f335) io.dropwizard.metrics:metrics-core:4.1.5 (5 constraints: 2543e4c0) io.dropwizard.metrics:metrics-graphite:4.1.5 (1 constraints: 0c050736) @@ -90,7 +88,6 @@ io.sgr:s2-geometry-library-java:1.0.0 (2 constraints: b215dedf) javax.servlet:javax.servlet-api:3.1.0 (3 constraints: 75209943) junit:junit:4.13.1 (6 constraints: c059a781) net.arnx:jsonic:1.2.7 (2 constraints: db10d4d1) -net.jcip:jcip-annotations:1.0 (1 constraints: 560ff165) net.sf.jopt-simple:jopt-simple:4.6 (1 constraints: 610a91b7) net.sourceforge.argparse4j:argparse4j:0.8.1 (1 constraints: 0b050436) net.thisptr:jackson-jq:0.0.8 (1 constraints: 0a05f335) @@ -220,6 +217,7 @@ org.hamcrest:hamcrest:2.2 (3 constraints: 7620ce25) org.hamcrest:hamcrest-core:2.2 (1 constraints: cc05fe3f) org.jctools:jctools-core:3.3.0 (1 constraints: 08050336) org.jdom:jdom2:2.0.6 (1 constraints: 0a05fb35) +org.junit:junit-bom:5.8.2 (1 constraints: c8116cde) org.locationtech.spatial4j:spatial4j:0.8 (2 constraints: 03150d9b) org.openjdk.jmh:jmh-core:1.32 (1 constraints: da04f730) org.ow2.asm:asm:9.1 (3 constraints: 4725b829) diff --git a/versions.props b/versions.props index 3e61c7b..a1e6353 100644 --- a/versions.props +++ b/versions.props @@ -9,6 +9,7 @@ com.esri.geometry:esri-geometry-api=2.2.0 com.fasterxml.jackson*:*=2.12.3 com.fasterxml.woodstox:woodstox-core=6.2.4 com.github.ben-manes.caffeine:caffeine=3.0.5 +com.github.spotbugs:*=4.5.3 com.github.virtuald:curvesapi=1.06 com.github.zafarkhaja:java-semver=0.9.0 com.google.api-client:google-api-client=1.32.1 @@ -51,7 +52,6 @@ commons-cli:commons-cli=1.4 commons-codec:commons-codec=1.13 commons-collections:commons-collections=3.2.2 commons-io:commons-io=2.8.0 -commons-logging:commons-logging=1.1.3 de.l3s.boilerpipe:boilerpipe=1.1.0 io.dropwizard.metrics:*=4.1.5 io.grpc:grpc-context=1.19.0
