Skip to content

Commit

Permalink
Update dependencies to address CVE-2023-2976 (#286)
Browse files Browse the repository at this point in the history
Also ensure checkstyle checks run correctly. Current versions require Java 11 or later.

Signed-off-by: Mark S. Lewis <[email protected]>
  • Loading branch information
bestbeforetoday authored Aug 2, 2023
1 parent c1693c2 commit 0e00848
Show file tree
Hide file tree
Showing 26 changed files with 254 additions and 340 deletions.
28 changes: 14 additions & 14 deletions checkstyle-config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -52,20 +52,23 @@
<property name="message" value="Line has trailing spaces."/>
</module>

<module name="SuppressionCommentFilter">
<property name="offCommentFormat" value="CHECKSTYLE.OFF\: ([\w\|]+)"/>
<property name="onCommentFormat" value="CHECKSTYLE.ON\: ([\w\|]+)"/>
<property name="checkFormat" value="$1"/>
</module>

<module name="SuppressionFilter">
<property name="file" value="suppressions.xml" />
</module>

<module name="TreeWalker">
<!-- Checkstyle ignore current line with a comment: // checkstyle:ignore-line:RuleName1|RuleName2 -->
<module name="SuppressWithNearbyCommentFilter">
<property name="commentFormat" value="checkstyle:ignore-line:(\w+(\|\w+)*)"/>
<property name="checkFormat" value="$1"/>
</module>

<!-- Required for SuppressionCommentFilter module -->
<module name="FileContentsHolder"/>
<!-- Checkstyle ignore next line with a comment: // checkstyle:ignore-next-line:RuleName1|RuleName2 -->
<module name="SuppressWithNearbyCommentFilter">
<property name="commentFormat" value="checkstyle:ignore-next-line:(\w+(\|\w+)*)"/>
<property name="checkFormat" value="$1"/>
<property name="influenceFormat" value="1"/>
</module>

<!-- Checks for Naming Conventions. -->
<!-- See http://checkstyle.sf.net/config_naming.html -->
Expand All @@ -90,12 +93,8 @@
<module name="AvoidStarImport"/>
<module name="IllegalImport"/> <!-- defaults to sun.* packages -->
<module name="RedundantImport"/>
<module name="ImportOrder">
<property name="groups" value="/^java\./,javax"/>
<property name="ordered" value="true"/>
<property name="separated" value="false"/>
<property name="sortStaticImportsAlphabetically" value="true"/>
<property name="option" value="bottom"/>
<module name="UnusedImports">
<property name="processJavadoc" value="false"/>
</module>

<!--<module name="MethodLength">-->
Expand All @@ -122,6 +121,7 @@
<module name="NoWhitespaceAfter"/>
<module name="NoWhitespaceBefore"/>
<module name="ParenPad"/>
<module name="SingleSpaceSeparator"/>
<module name="TypecastParenPad"/>
<module name="WhitespaceAfter"/>
<module name="WhitespaceAround"/>
Expand Down
159 changes: 75 additions & 84 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,46 +28,20 @@
<url>http://github.com/hyperledger/fabric-sdk-java</url>
</scm>
<properties>
<grpc.version>1.56.0</grpc.version>
<grpc.version>1.57.1</grpc.version>
<protobuf.version>3.22.5</protobuf.version> <!-- Must match version used by grpc-protobuf -->
<bouncycastle.version>1.74</bouncycastle.version>
<bouncycastle.version>1.76</bouncycastle.version>
<httpclient.version>4.5.14</httpclient.version>
<javadoc.version>3.4.1</javadoc.version>
<javadoc.version>3.5.0</javadoc.version>
<skipITs>true</skipITs>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<jacoco.version>0.8.10</jacoco.version>
<log4j.version>2.20.0</log4j.version>
<org.hyperledger.fabric.sdktest.ITSuite>IntegrationSuite.java</org.hyperledger.fabric.sdktest.ITSuite>
<gpg.executable>gpg</gpg.executable>
<javaVersion>8</javaVersion>
</properties>

<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.0.0</version>
<reportSets>
<reportSet>
<reports>
<report>checkstyle</report>
</reports>
</reportSet>
</reportSets>
<configuration>
<suppressionsLocation>suppressions.xml</suppressionsLocation>
<suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
</configuration>
</plugin>
<!-- https://mvnrepository.com/artifact/org.jacoco/jacoco-maven-plugin -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
</plugin>
</plugins>
</reporting>

<dependencyManagement>
<dependencies>
<dependency>
Expand All @@ -80,14 +54,14 @@
<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-bom</artifactId>
<version>1.27.0</version>
<version>1.28.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>io.opentelemetry.instrumentation</groupId>
<artifactId>opentelemetry-instrumentation-bom-alpha</artifactId>
<version>1.27.0-alpha</version>
<version>1.28.0-alpha</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Expand Down Expand Up @@ -119,10 +93,11 @@
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
</dependency>
<dependency> <!-- necessary for Java 9+ -->
<groupId>org.apache.tomcat</groupId>
<artifactId>annotations-api</artifactId>
<version>6.0.53</version>
<dependency>
<!-- Necessary for Java 9+ -->
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
<version>2.1.1</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -199,24 +174,21 @@
<dependency>
<groupId>com.google.api</groupId>
<artifactId>api-common</artifactId>
<version>2.12.0</version>
<version>2.15.0</version>
</dependency>

<!-- https://mvnrepository.com/artifact/org.glassfish/javax.json -->
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
<version>1.1.4</version>
</dependency>

<!-- https://mvnrepository.com/artifact/org.yaml/snakeyaml -->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
</dependency>

<!-- https://mvnrepository.com/artifact/org.miracl.milagro.amcl/milagro-crypto-java -->
<dependency>
<groupId>org.miracl.milagro.amcl</groupId>
<artifactId>milagro-crypto-java</artifactId>
Expand All @@ -230,13 +202,6 @@
<version>2.3.1</version>
</dependency>

<dependency>
<!-- Required if using Java 11+ as no longer bundled in the core libraries -->
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.2</version>
</dependency>

<dependency>
<groupId>io.opentelemetry</groupId>
<artifactId>opentelemetry-api</artifactId>
Expand Down Expand Up @@ -297,7 +262,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M7</version>
<version>3.1.2</version>
<configuration>
<argLine>${surefireArgLine}</argLine>
<includes>
Expand Down Expand Up @@ -356,10 +321,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<version>3.11.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<source>${javaVersion}</source>
<target>${javaVersion}</target>
<showDeprecation>true</showDeprecation>
<showWarnings>true</showWarnings>
<compilerArgs>
Expand Down Expand Up @@ -427,33 +392,6 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>compile</id>
<phase>compile</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<consoleOutput>true</consoleOutput>
<logViolationsToConsole>true</logViolationsToConsole>
<failOnViolation>true</failOnViolation>
<failsOnError>true</failsOnError>
<!--<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>-->
<sourceDirectories>
<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
</sourceDirectories>

<configLocation>checkstyle-config.xml</configLocation>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
Expand Down Expand Up @@ -589,15 +527,15 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.8</version>
<version>3.1.0</version>
<executions>
<execution>
<phase>generate-test-resources</phase>
<configuration>
<tasks>
<target>
<echo message="Creating diagnostic dump output directory"/>
<mkdir dir="./target/diagDump"/>
</tasks>
</target>
</configuration>
<goals>
<goal>run</goal>
Expand Down Expand Up @@ -640,7 +578,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
<version>3.3.0</version>
<executions>
<execution>
<id>attach-sources</id>
Expand Down Expand Up @@ -718,13 +656,66 @@
<additionalJavadocOpts>--no-module-directories</additionalJavadocOpts>
</properties>
</profile>
<profile>
<id>maven-compiler-release</id>
<activation>
<jdk>[9,)</jdk>
</activation>
<properties>
<maven.compiler.release>${javaVersion}</maven.compiler.release>
</properties>
</profile>
<profile>
<id>checkstyle</id>
<activation>
<jdk>[11,)</jdk>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<id>validate</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<consoleOutput>true</consoleOutput>
<logViolationsToConsole>true</logViolationsToConsole>
<failOnViolation>true</failOnViolation>
<failsOnError>true</failsOnError>
<configLocation>checkstyle-config.xml</configLocation>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
<!-- Specify source directories to avoid check of generated protobuf bindings -->
<sourceDirectories>
<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
<sourceDirectory>${project.build.testSourceDirectory}</sourceDirectory>
</sourceDirectories>
</configuration>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.12.2</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.4.2</version>
<version>3.6.0</version>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
Expand All @@ -742,7 +733,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<version>3.1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
Expand Down
11 changes: 5 additions & 6 deletions src/main/java/org/hyperledger/fabric/sdk/BlockEvent.java
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,18 @@
*/
package org.hyperledger.fabric.sdk;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import com.google.protobuf.InvalidProtocolBufferException;
import org.hyperledger.fabric.protos.common.Common.Block;
import org.hyperledger.fabric.protos.peer.EventsPackage;
import org.hyperledger.fabric.sdk.exception.InvalidProtocolBufferRuntimeException;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/**
* A wrapper for the Block returned in an Event
*
* @see Block
* @see org.hyperledger.fabric.protos.common.Common.Block
*/
public class BlockEvent extends BlockInfo {
private final Peer peer;
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/hyperledger/fabric/sdk/HFClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ private void setDefaultProperties(Properties props) {
props.put("grpc.NettyChannelBuilderOption.keepAliveTimeout", new Object[] {20L, TimeUnit.SECONDS});
}
if (!props.containsKey("grpc.NettyChannelBuilderOption.keepAliveWithoutCalls")) {
props.put("grpc.NettyChannelBuilderOption.keepAliveWithoutCalls", new Object[] {true});
props.put("grpc.NettyChannelBuilderOption.keepAliveWithoutCalls", new Object[] {true});
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,11 @@

package org.hyperledger.fabric.sdk;

import java.util.Collection;

import org.hyperledger.fabric.sdk.transaction.TransactionContext;

/**
* Result of sending a {@link LifecycleApproveChaincodeDefinitionForMyOrgRequest}.
* Also see {@link Channel#sendLifecycleApproveChaincodeDefinitionForMyOrgProposal(LifecycleApproveChaincodeDefinitionForMyOrgRequest, Collection)}
* Also see {@link Channel#sendLifecycleApproveChaincodeDefinitionForMyOrgProposal(LifecycleApproveChaincodeDefinitionForMyOrgRequest, java.util.Collection)}
* <p>
* Does not return any request specific results.
*/
Expand Down
Loading

0 comments on commit 0e00848

Please sign in to comment.