From 1e66c3abc49061e7b1d90ef0fb8cd9aababd7fa6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jun 2023 18:36:42 +0000 Subject: [PATCH 1/2] Bump com.google.guava:guava from 32.0.1-jre to 32.1.1-jre Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.0.1-jre to 32.1.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 50e4604..2aa6463 100644 --- a/build.gradle +++ b/build.gradle @@ -70,7 +70,7 @@ dependencies { implementation platform('com.fasterxml.jackson:jackson-bom:2.15.2') implementation platform('org.glassfish.jersey:jersey-bom:2.25') constraints { - implementation('com.google.guava:guava:32.0.1-jre') { + implementation('com.google.guava:guava:32.1.1-jre') { because "Spotify docker-client uses an older version" } implementation(project.deps.slf4j) { From 8493a1b5c131a0c616605027e6545cefb6240472 Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Sat, 1 Jul 2023 11:27:35 +0800 Subject: [PATCH 2/2] Remove unnecessary transitive guava dependencies --- build.gradle | 54 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/build.gradle b/build.gradle index 2aa6463..38316e8 100644 --- a/build.gradle +++ b/build.gradle @@ -18,24 +18,28 @@ apply plugin: 'java' apply from: "https://raw.githubusercontent.com/gocd/gocd-plugin-gradle-task-helpers/master/helper.gradle?_=${(int) (new Date().toInstant().epochSecond / 60)}" gocdPlugin { - id = 'cd.go.artifact.docker.registry' - pluginVersion = '1.3.1' - goCdVersion = '20.9.0' - name = 'Artifact plugin for docker' - description = 'Plugin allows to push/pull docker image from public or private docker registry' - vendorName = 'Thoughtworks, Inc.' - vendorUrl = 'https://github.com/gocd/docker-registry-artifact-plugin' - - githubRepo { - owner = System.getenv('GITHUB_USER') ?: 'bob' - repo = 'docker-registry-artifact-plugin' - token = System.getenv('GITHUB_TOKEN') ?: 'bad-token' - } - - pluginProject = project - - prerelease = !"No".equalsIgnoreCase(System.getenv('PRERELEASE')) - assetsToRelease = [project.tasks.findByName('jar')] + id = 'cd.go.artifact.docker.registry' + pluginVersion = '1.3.1' + goCdVersion = '20.9.0' + name = 'Artifact plugin for docker' + description = 'Plugin allows to push/pull docker image from public or private docker registry' + vendorName = 'Thoughtworks, Inc.' + vendorUrl = 'https://github.com/gocd/docker-registry-artifact-plugin' + + githubRepo { + owner = System.getenv('GITHUB_USER') ?: 'bob' + repo = 'docker-registry-artifact-plugin' + token = System.getenv('GITHUB_TOKEN') ?: 'bad-token' + } + + pluginProject = project + + prerelease = !"No".equalsIgnoreCase(System.getenv('PRERELEASE')) + assetsToRelease = [project.tasks.findByName('jar')] + + licenseReport { + excludes = ['com.google.guava:guava-parent'] + } } version = gocdPlugin.fullVersion(project) @@ -84,6 +88,20 @@ dependencies { } } + components { + // workaround for Guava metadata declaring dependencies that are not needed at runtime + // see https://github.com/google/guava/pull/6606 + withModule('com.google.guava:guava', { details -> + details.allVariants { + withDependencies { + removeAll { + it.group in ["com.google.code.findbugs", "org.checkerframework", "com.google.errorprone"] + } + } + } + }) + } + modules { module('commons-logging:commons-logging') { replacedBy('org.slf4j:jcl-over-slf4j', "Everything should go via SLF4J")