Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(dependency): fix dependency version leak of google-api-services-storage from kork in front50-web #1302

Merged
merged 1 commit into from
Sep 5, 2023

Commits on Sep 1, 2023

  1. fix(dependency): fix dependency version leak of google-api-services-s…

    …torage from kork in front50-web
    
    With reference to the spinnaker issue spinnaker/spinnaker#6866, google-api-services-storage dependency version (v1-rev20200326-1.30.9) is not forced by front50-gcs module to other front50 modules like front50-web and it is leaked by kork-secret-gcp module (v1-rev141-1.25.0) to front50 modules.
    ```
    $ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath
    
    > Task :front50-web:dependencyInsight
    com.google.apis:google-api-services-storage:v1-rev141-1.25.0
      Variant runtime:
        | Attribute Name                 | Provided     | Requested    |
        |--------------------------------|--------------|--------------|
        | org.gradle.status              | release      |              |
        | org.gradle.category            | library      | library      |
        | org.gradle.libraryelements     | jar          | jar          |
        | org.gradle.usage               | java-runtime | java-runtime |
        | org.gradle.dependency.bundling |              | external     |
        | org.gradle.jvm.environment     |              | standard-jvm |
        | org.gradle.jvm.version         |              | 11           |
       Selection reasons:
          - By constraint
          - Forced
    
    com.google.apis:google-api-services-storage:v1-rev141-1.25.0
    +--- io.spinnaker.kork:kork-bom:7.188.0
    |    +--- runtimeClasspath
    |    +--- project :front50-migrations
    |    |    \--- runtimeClasspath
    |    +--- project :front50-azure
    |    |    \--- runtimeClasspath
    |    +--- project :front50-gcs
    |    |    \--- runtimeClasspath
    |    +--- project :front50-oracle
    |    |    \--- runtimeClasspath
    |    +--- project :front50-redis
    |    |    \--- runtimeClasspath
    |    +--- project :front50-s3
    |    |    \--- runtimeClasspath
    |    +--- project :front50-swift
    |    |    \--- runtimeClasspath
    |    +--- project :front50-sql
    |    |    \--- runtimeClasspath
    |    +--- project :front50-core
    |    |    +--- runtimeClasspath
    |    |    +--- project :front50-migrations (*)
    |    |    +--- project :front50-azure (*)
    |    |    +--- project :front50-gcs (*)
    |    |    +--- project :front50-oracle (*)
    |    |    +--- project :front50-redis (*)
    |    |    +--- project :front50-s3 (*)
    |    |    +--- project :front50-swift (*)
    |    |    \--- project :front50-sql (*)
    |    +--- project :front50-api
    |    |    +--- runtimeClasspath
    |    |    +--- project :front50-migrations (*)
    |    |    +--- project :front50-azure (*)
    |    |    +--- project :front50-gcs (*)
    |    |    +--- project :front50-oracle (*)
    |    |    +--- project :front50-redis (*)
    |    |    +--- project :front50-s3 (*)
    |    |    +--- project :front50-swift (*)
    |    |    +--- project :front50-sql (*)
    |    |    \--- project :front50-core (*)
    |    +--- project :front50-sql-mysql
    |    |    \--- project :front50-sql (*)
    |    \--- project :front50-sql-postgres
    |         \--- project :front50-sql (*)
    \--- io.spinnaker.kork:kork-secrets-gcp:7.188.0
         +--- io.spinnaker.kork:kork-bom:7.188.0 (*)
         \--- io.spinnaker.kork:kork-runtime:7.188.0
              +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime)
              \--- io.spinnaker.kork:kork-bom:7.188.0 (*)
    
    com.google.apis:google-api-services-storage:v1-rev20220401-1.32.1 -> v1-rev141-1.25.0
    \--- com.google.cloud:google-cloud-storage:2.6.1
         +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage)
         |    \--- runtimeClasspath
         \--- io.spinnaker.kork:kork-bom:7.188.0
              +--- runtimeClasspath
              +--- project :front50-migrations
              |    \--- runtimeClasspath
              +--- project :front50-azure
              |    \--- runtimeClasspath
              +--- project :front50-gcs (*)
              +--- project :front50-oracle
              |    \--- runtimeClasspath
              +--- project :front50-redis
              |    \--- runtimeClasspath
              +--- project :front50-s3
              |    \--- runtimeClasspath
              +--- project :front50-swift
              |    \--- runtimeClasspath
              +--- project :front50-sql
              |    \--- runtimeClasspath
              +--- project :front50-core
              |    +--- runtimeClasspath
              |    +--- project :front50-migrations (*)
              |    +--- project :front50-azure (*)
              |    +--- project :front50-gcs (*)
              |    +--- project :front50-oracle (*)
              |    +--- project :front50-redis (*)
              |    +--- project :front50-s3 (*)
              |    +--- project :front50-swift (*)
              |    \--- project :front50-sql (*)
              +--- project :front50-api
              |    +--- runtimeClasspath
              |    +--- project :front50-migrations (*)
              |    +--- project :front50-azure (*)
              |    +--- project :front50-gcs (*)
              |    +--- project :front50-oracle (*)
              |    +--- project :front50-redis (*)
              |    +--- project :front50-s3 (*)
              |    +--- project :front50-swift (*)
              |    +--- project :front50-sql (*)
              |    \--- project :front50-core (*)
              +--- project :front50-sql-mysql
              |    \--- project :front50-sql (*)
              \--- project :front50-sql-postgres
                   \--- project :front50-sql (*)
    
    com.google.apis:google-api-services-storage -> v1-rev141-1.25.0
    \--- project :front50-gcs
         \--- runtimeClasspath
    
    ```
    To fix this force constraints have to be applied to build.gradle.
    After the fix :
    ```
    $ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath
    
    > Task :front50-web:dependencyInsight
    com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9
      Variant runtime:
        | Attribute Name                 | Provided     | Requested    |
        |--------------------------------|--------------|--------------|
        | org.gradle.status              | release      |              |
        | org.gradle.category            | library      | library      |
        | org.gradle.libraryelements     | jar          | jar          |
        | org.gradle.usage               | java-runtime | java-runtime |
        | org.gradle.dependency.bundling |              | external     |
        | org.gradle.jvm.environment     |              | standard-jvm |
        | org.gradle.jvm.version         |              | 11           |
       Selection reasons:
          - Forced
          - By constraint
    
    com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9
    \--- com.google.cloud:google-cloud-storage:1.108.0
         +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage)
         |    \--- runtimeClasspath
         \--- io.spinnaker.kork:kork-bom:7.188.0 (requested com.google.cloud:google-cloud-storage:2.6.1)
              +--- runtimeClasspath
              +--- project :front50-migrations
              |    \--- runtimeClasspath
              +--- project :front50-azure
              |    \--- runtimeClasspath
              +--- project :front50-gcs (*)
              +--- project :front50-oracle
              |    \--- runtimeClasspath
              +--- project :front50-redis
              |    \--- runtimeClasspath
              +--- project :front50-s3
              |    \--- runtimeClasspath
              +--- project :front50-swift
              |    \--- runtimeClasspath
              +--- project :front50-sql
              |    \--- runtimeClasspath
              +--- project :front50-core
              |    +--- runtimeClasspath
              |    +--- project :front50-migrations (*)
              |    +--- project :front50-azure (*)
              |    +--- project :front50-gcs (*)
              |    +--- project :front50-oracle (*)
              |    +--- project :front50-redis (*)
              |    +--- project :front50-s3 (*)
              |    +--- project :front50-swift (*)
              |    \--- project :front50-sql (*)
              +--- project :front50-api
              |    +--- runtimeClasspath
              |    +--- project :front50-migrations (*)
              |    +--- project :front50-azure (*)
              |    +--- project :front50-gcs (*)
              |    +--- project :front50-oracle (*)
              |    +--- project :front50-redis (*)
              |    +--- project :front50-s3 (*)
              |    +--- project :front50-swift (*)
              |    +--- project :front50-sql (*)
              |    \--- project :front50-core (*)
              +--- project :front50-sql-mysql
              |    \--- project :front50-sql (*)
              \--- project :front50-sql-postgres
                   \--- project :front50-sql (*)
    
    com.google.apis:google-api-services-storage:v1-rev141-1.25.0 -> v1-rev20200326-1.30.9
    +--- io.spinnaker.kork:kork-bom:7.188.0
    |    +--- runtimeClasspath
    |    +--- project :front50-migrations
    |    |    \--- runtimeClasspath
    |    +--- project :front50-azure
    |    |    \--- runtimeClasspath
    |    +--- project :front50-gcs
    |    |    \--- runtimeClasspath
    |    +--- project :front50-oracle
    |    |    \--- runtimeClasspath
    |    +--- project :front50-redis
    |    |    \--- runtimeClasspath
    |    +--- project :front50-s3
    |    |    \--- runtimeClasspath
    |    +--- project :front50-swift
    |    |    \--- runtimeClasspath
    |    +--- project :front50-sql
    |    |    \--- runtimeClasspath
    |    +--- project :front50-core
    |    |    +--- runtimeClasspath
    |    |    +--- project :front50-migrations (*)
    |    |    +--- project :front50-azure (*)
    |    |    +--- project :front50-gcs (*)
    |    |    +--- project :front50-oracle (*)
    |    |    +--- project :front50-redis (*)
    |    |    +--- project :front50-s3 (*)
    |    |    +--- project :front50-swift (*)
    |    |    \--- project :front50-sql (*)
    |    +--- project :front50-api
    |    |    +--- runtimeClasspath
    |    |    +--- project :front50-migrations (*)
    |    |    +--- project :front50-azure (*)
    |    |    +--- project :front50-gcs (*)
    |    |    +--- project :front50-oracle (*)
    |    |    +--- project :front50-redis (*)
    |    |    +--- project :front50-s3 (*)
    |    |    +--- project :front50-swift (*)
    |    |    +--- project :front50-sql (*)
    |    |    \--- project :front50-core (*)
    |    +--- project :front50-sql-mysql
    |    |    \--- project :front50-sql (*)
    |    \--- project :front50-sql-postgres
    |         \--- project :front50-sql (*)
    \--- io.spinnaker.kork:kork-secrets-gcp:7.188.0
         +--- io.spinnaker.kork:kork-bom:7.188.0 (*)
         \--- io.spinnaker.kork:kork-runtime:7.188.0
              +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime)
              \--- io.spinnaker.kork:kork-bom:7.188.0 (*)
    
    com.google.apis:google-api-services-storage -> v1-rev20200326-1.30.9
    \--- project :front50-gcs
         \--- runtimeClasspath
    
    ```
    j-sandy committed Sep 1, 2023
    Configuration menu
    Copy the full SHA
    faf5d29 View commit details
    Browse the repository at this point in the history