-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathbuild.gradle
More file actions
112 lines (97 loc) · 3.94 KB
/
build.gradle
File metadata and controls
112 lines (97 loc) · 3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
plugins {
id 'java'
alias(libs.plugins.nexus.publish)
}
ext['spring-framework.version'] = '6.2.11'
ext['tomcat.version'] = '11.0.12'
ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
apply from: "${rootDir}/gradle/publish-root.gradle"
allprojects {
group = 'com.getyourguide.openapi.validation'
description = 'OpenAPI Validation library'
// Use version from GitHub tag if provided, otherwise use default version
version = System.getenv('GH_TAG') ? System.getenv('GH_TAG').replaceFirst('^v', '') : '0-SNAPSHOT'
java {
toolchain {
languageVersion = JavaLanguageVersion.of(libs.versions.java.get())
}
}
repositories {
mavenCentral()
}
}
subprojects {
if(it.parent.name == 'examples') {
apply plugin: 'java'
} else {
apply plugin: 'java-library'
apply plugin: 'jacoco'
dependencies {
// Testing
testImplementation(libs.junit.jupiter.api)
testRuntimeOnly(libs.junit.jupiter.engine)
testRuntimeOnly(libs.junit.platform.launcher)
testImplementation(libs.mockito.core)
testImplementation(libs.mockito.junit.jupiter)
}
jacoco {
toolVersion = libs.versions.jacoco.get()
}
jacocoTestReport {
reports {
xml.required = true
csv.required = false
html.required = true
}
}
test {
useJUnitPlatform()
}
}
apply plugin: 'checkstyle'
apply plugin: 'pmd'
dependencies {
// Lombok annotations to reduce boilerplate code
compileOnly(libs.lombok)
annotationProcessor(libs.lombok)
testCompileOnly(libs.lombok)
testAnnotationProcessor(libs.lombok)
// Security constraints
constraints {
implementation("org.springframework:spring-web:6.2.12") {
because("versions below 6.2.11 have security vulnerabilities including CVE-2024-38820 and CVE-2025-41249 - see dependabot #12, #24")
}
implementation("org.springframework:spring-webmvc:6.2.12") {
because("versions below 6.2.11 have security vulnerabilities including CVE-2025-41242 and CVE-2025-41249 - see dependabot #24, #247")
}
implementation("org.apache.tomcat.embed:tomcat-embed-core:11.0.14") {
because("versions below 11.0.12 have security vulnerabilities including CVE-2024-56337, CVE-2025-55754, CVE-2025-61795 - see dependabot #13, #27, #28")
}
implementation("org.apache.commons:commons-lang3:3.20.0") {
because("versions below 3.18.0 have security vulnerabilities including CVE-2025-48924 - see dependabot #15")
}
implementation("io.projectreactor.netty:reactor-netty-http:1.2.11") {
because("versions below 1.2.8 have security vulnerabilities including CVE-2025-22227 - see dependabot #16")
}
implementation("io.netty:netty-codec-http2:4.2.7.Final") {
because("versions below 4.1.124.Final have security vulnerabilities including CVE-2025-55163 - see dependabot #17")
}
implementation("io.netty:netty-codec:4.2.7.Final") {
because("versions below 4.1.125.Final have security vulnerabilities including CVE-2025-58057 - see dependabot #21")
}
}
}
checkstyle {
toolVersion = libs.versions.checkstyle.get()
configDirectory.set(file("$rootProject.projectDir/config"))
checkstyleMain.source = "src/main/java"
checkstyleMain.exclude('**/build/generated/**')
checkstyleTest.source = "src/main/java"
checkstyleTest.exclude('**/build/generated/**')
}
pmd {
toolVersion = libs.versions.pmd.get()
consoleOutput = true
ruleSets = ["$rootDir/ruleset.xml"]
}
}