nomulus/dependencies.gradle

/// Copyright 2019 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

ext {
    // Direct dependencies and compile-time transitive dependencies (i.e.,
    // those flagged as undeclared-dependency by Nebula-lint).
    dependencyList = [
      // Pinned dependencies (those cannot use dynamic version) should be listed
      // first. There are several reasons why a dependency has to be pinned.
      // 1. The resolved dynamic version introduces breaking API changes that
      //    cause compilation errors.
      // 2. The resolved version has behavior changes that break some tests.
      // 3. Pinned by legacy software. E.g., the closure compiler and stylesheet
      //    jars must be pinned to work with the final version of gwt-user.
      // 4. The resolved version is a pin-breaker, i.e., it forcefully upgrades
      //    a pinned dependency to a newer version.
      // 5. Inconsistent group resolutions: the resolved versions of modules in
      //    a dependency group can not work together. For example, the three
      //    bouncycastle jars need to be hardcoded with the same version string
      //    as of April, 2022.

      // Note that since Gradle 7, for version labels to be strict, we need to
      // append '!!' to the end. Otherwise they may still be forced to upgrade.

      // CAPPED VERSIONS START HERE.

      'org.hibernate.orm:hibernate-core:7.3.4.Final',
      'org.hibernate.orm:hibernate-hikaricp:7.3.4.Final',
      // For SchemaExport
      'org.hibernate.orm:hibernate-ant:7.3.4.Final',

      // Netty 4.2 is in alpha and causes runtime error. Also note that v5.0
      // seems abandoned (last updated on Maven in 2015).
      'io.netty:netty-codec-http:[4.1.59.Final, 4.2.0)!!',
      'io.netty:netty-codec:[4.1.59.Final, 4.2.0)!!',
      'io.netty:netty-common:[4.1.59.Final, 4.2.0)!!',
      'io.netty:netty-handler:[4.1.59.Final, 4.2.0)!!',
      'io.netty:netty-transport:[4.1.59.Final, 4.2.0)!!',
      'io.netty:netty-buffer:[4.1.59.Final, 4.2.0)!!',

      // OkHttp 5.0 is in alpha.
      'com.squareup.okhttp3:okhttp:[4.10.0, 5.0.0)!!',

      // This packages has a broken versioning scheme. There are v1beta3-* and
      // v1b4-* packages that are way older than v1b3-rev2024MMDD-* that need to
      // be excluded.
      'com.google.apis:google-api-services-dataflow:[v1b3-rev20240430-2.0.0, v1b4)!!',

      // v2 has not been updated since 2022, seems abandoned. It also requires
      // google-api-client major version 1.
      'com.google.apis:google-api-services-dns:[v1-rev20240419-2.0.0, v2beta)',

      // Protobuf changes can be very breaking, so stay with 4.x
      'com.google.protobuf:protobuf-java:[3.25.5, 5.0.0)!!',
      'com.google.protobuf:protobuf-java-util:[3.17.3, 5.0.0)!!',
      'com.google.cloud:google-cloud-tasks:[1.33.2,2.52.0)!!',
      'com.google.api.grpc:proto-google-cloud-tasks-v2:[1.33.2,2.52.0)!!',

      // DYNAMIC VERSIONS START HERE.

      'com.fasterxml.jackson.core:jackson-databind:[2.11.2,2.21.0)',
      'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:[2.17.2,2.21.0)',
      'com.github.ben-manes.caffeine:caffeine:[3.0.0,)',
      'com.google.api-client:google-api-client-java6:[1.31.3,)',
      'com.google.api-client:google-api-client-servlet:[1.31.3,)',
      'com.google.api-client:google-api-client:[1.31.3,)',
      'com.google.api.grpc:proto-google-cloud-secretmanager-v1:[1.4.0,2.52.0)!!',
      'com.google.api.grpc:proto-google-common-protos:[2.1.0,2.61.0)!!',
      'com.google.api:gax:[1.66.0,2.75.0)!!',
      'com.google.apis:google-api-services-admin-directory:[directory_v1-rev20240102-2.0.0,)',
      'com.google.apis:google-api-services-bigquery:[v2-rev20240423-2.0.0,)',
      'com.google.apis:google-api-services-cloudkms:[v1-rev20240513-2.0.0,)',
      'com.google.apis:google-api-services-drive:[v3-rev20240521-2.0.0,)',
      'com.google.apis:google-api-services-gmail:[v1-rev20220404-2.0.0,)',
      'com.google.apis:google-api-services-groupssettings:[v1-rev82-1.25.0,)',
      'com.google.apis:google-api-services-iam:[v1-rev20240118-2.0.0,)',
      'com.google.apis:google-api-services-monitoring:[v3-rev20240519-2.0.0,)',
      'com.google.apis:google-api-services-sheets:[v4-rev20240514-2.0.0,)',
      'com.google.apis:google-api-services-storage:[v1-rev20210127-1.31.0,)',
      'com.google.auth:google-auth-library-credentials:[0.24.1,)',
      'com.google.auth:google-auth-library-oauth2-http:[0.24.1,)',
      'com.google.auto.service:auto-service-annotations:[1.0-rc7,)',
      'com.google.auto.service:auto-service:[1.0-rc7,)',
      'com.google.auto.value:auto-value-annotations:[1.7.4,)',
      'com.google.auto.value:auto-value:[1.7.4,)',
      'com.google.cloud.bigdataoss:util:[2.2.6,)',
      'com.google.cloud.sql:jdbc-socket-factory-core:[1.2.1,)',
      'com.google.cloud.sql:postgres-socket-factory:[1.2.1,)',
      'com.google.cloud:google-cloud-compute:[1.64.0,1.83.0)!!',
      'com.google.cloud:google-cloud-core-http:[1.94.3,2.52.0)!!',
      'com.google.cloud:google-cloud-core:[1.94.3,2.52.0)!!',
      'com.google.cloud:google-cloud-nio:[0.123.4,2.52.0)!!',
      'com.google.cloud:google-cloud-secretmanager:[1.4.0,2.52.0)!!',
      'com.google.cloud:google-cloud-storage:[2.26.0,2.52.0)!!',
      'com.google.code.findbugs:jsr305:[3.0.2,)',
      'com.google.code.gson:gson:[2.8.6,)',
      'com.google.dagger:dagger-compiler:[2.55,)',
      'com.google.dagger:dagger:[2.55,)',
      'com.google.errorprone:error_prone_annotations:[2.7.1,)',
      'com.google.flogger:flogger-system-backend:[0.7.4,)',
      'com.google.flogger:flogger:[0.7.4,)',
      'com.google.guava:guava-testlib:[33.0.0-jre,)',
      'com.google.guava:guava:[33.0.0-jre,)',
      'com.google.gwt:gwt-user:[2.9.0,)',
      'com.google.http-client:google-http-client-jackson2:[1.39.0,)',
      'com.google.http-client:google-http-client:[1.39.0,)',
      'com.google.monitoring-client:contrib:[1.0.7,)',
      'com.google.monitoring-client:metrics:[1.0.7,)',
      'com.google.monitoring-client:stackdriver:[1.0.7,)',
      'com.google.oauth-client:google-oauth-client-java6:[1.31.4,)',
      'com.google.oauth-client:google-oauth-client-jetty:[1.31.4,)',
      'com.google.oauth-client:google-oauth-client-servlet:[1.31.4,)',
      'com.google.oauth-client:google-oauth-client:[1.31.4,)',
      'com.google.re2j:re2j:[1.6,)',
      'com.google.truth:truth:[1.1.2,)',
      'com.googlecode.json-simple:json-simple:[1.1.1,)',
      'org.freemarker:freemarker:[2.3.32,)',
      'com.ibm.icu:icu4j:[68.2,)',
      'com.jcraft:jsch:[0.1.55,)',
      'com.squareup:javapoet:[1.13.0,)',
      'com.zaxxer:HikariCP:[3.4.5,)',
      'commons-codec:commons-codec:[1.15,)',
      'dnsjava:dnsjava:[3.3.1,)',
      'guru.nidi:graphviz-java-all-j2v8:[0.17.0,)',
      'io.github.classgraph:classgraph:[4.8.102,)',
      'io.github.java-diff-utils:java-diff-utils:[4.9,)',
      'io.github.ss-bhatt:testcontainers-valkey:1.0.0',
      'io.protostuff:protostuff-core:1.8.0',
      'io.protostuff:protostuff-runtime:1.8.0',
      'io.netty:netty-tcnative-boringssl-static:[2.0.36.Final,)',
      'jakarta.inject:jakarta.inject-api:[2.0.0,)',
      'jakarta.mail:jakarta.mail-api:[2.1.3,)',
      'jakarta.persistence:jakarta.persistence-api:[3.2.0,4.0.0)',
      'jakarta.servlet:jakarta.servlet-api:[6.0,6.1)',
      'jakarta.xml.bind:jakarta.xml.bind-api:[4.0.2,)',
      // Antlr is not a direct dependency, but we need to ensure that the
      // compile-time and runtime dependencies are compatible.
      'org.antlr:antlr4-runtime:[4.13.2,)',
      'org.antlr:antlr4:[4.13.2,)',
      'org.apache.avro:avro:[1.11.4,)',
      'org.apache.beam:beam-runners-core-construction-java:[2.37.0,2.61.0)!!',
      'org.apache.beam:beam-runners-direct-java:2.72.0!!',
      'org.apache.beam:beam-runners-google-cloud-dataflow-java:2.72.0!!',
      'org.apache.beam:beam-sdks-java-core:2.72.0!!',
      'org.apache.beam:beam-sdks-java-extensions-google-cloud-platform-core:2.72.0!!',
      'org.apache.beam:beam-sdks-java-io-google-cloud-platform:2.72.0!!',
      'org.apache.commons:commons-csv:[1.9.0,)',
      'org.apache.commons:commons-lang3:[3.8.1,)',
      'org.apache.commons:commons-text:[1.6,)',
      'org.apache.ftpserver:ftplet-api:[1.0.6,)',
      'org.apache.ftpserver:ftpserver-core:[1.0.6,)',
      'org.apache.httpcomponents:httpclient:[4.5.11,)',
      'org.apache.httpcomponents:httpcore:[4.4.13,)',
      'org.apache.sshd:sshd-core:[2.0.0,)',
      'org.apache.sshd:sshd-scp:[2.0.0,)',
      'org.apache.sshd:sshd-sftp:[2.0.0,)',
      'org.apache.tomcat:tomcat-annotations-api:[8.0.5,)',
      'org.bouncycastle:bcpg-jdk18on:[1.67,)',
      'org.bouncycastle:bcpkix-jdk18on:[1.67,)',
      'org.bouncycastle:bcprov-jdk18on:[1.67,)',
      'org.checkerframework:checker-compat-qual:[2.5.5,)',
      'org.checkerframework:checker-qual:[3.9.1,)',
      'org.eclipse.angus:jakarta.mail:[2.0.3,)',
      'org.eclipse.jetty.ee10:jetty-ee10-servlet:[12.0.0,)',
      'org.eclipse.jetty.ee10:jetty-ee10-webapp:[12.0.0,)',
      'org.eclipse.jetty:jetty-server:[12.0.0,)',
      'org.flywaydb:flyway-core:[11.0.0,)',
      'org.flywaydb:flyway-database-postgresql:[11.0.0,)',
      'org.glassfish.jaxb:jaxb-runtime:[4.0.5,)',
      'org.glassfish.jaxb:jaxb-xjc:[4.0.5,)',
      'org.hamcrest:hamcrest-core:[2.2,)',
      'org.hamcrest:hamcrest-library:[2.2,)',
      'org.hamcrest:hamcrest:[2.2,)',
      'org.jcommander:jcommander:[2.0,3.0)',
      'org.jline:jline:[3.0,3.30.6)',
      'org.joda:joda-money:[1.0.1,)',
      'org.json:json:[20160810,)',
      'org.jsoup:jsoup:[1.13.1,)',
      'org.junit-pioneer:junit-pioneer:[0.7.0,)',
      // Temporarily lockdown to < 6.0 keep out bad pre-release: 6.0.0-M2
      'org.junit.jupiter:junit-jupiter-api:[5.6.2,5.13.4]!!',
      'org.junit.jupiter:junit-jupiter-engine:[5.6.2,5.13.4]!!',
      'org.junit.jupiter:junit-jupiter-migrationsupport:[5.6.2,5.13.4]!!',
      'org.junit.jupiter:junit-jupiter-params:[5.6.2,5.13.4]!!',
      'org.junit.platform:junit-platform-runner:[1.6.2,1.13.4)!!',
      'org.junit.platform:junit-platform-launcher:[1.6.2,1.13.4]!!',
      'org.junit.platform:junit-platform-suite-api:[1.6.2,5.13.4]!!',
      'org.mockito:mockito-core:[3.7.7,)',
      'org.mockito:mockito-junit-jupiter:[3.7.7,)',
      'org.ogce:xpp3:[1.1.6,)',
      'org.postgresql:postgresql:[42.2.18,)',
      'org.seleniumhq.selenium:selenium-api:[4.25.0, )',
      'org.seleniumhq.selenium:selenium-chrome-driver:[4.25.0, )',
      'org.seleniumhq.selenium:selenium-java:[4.25.0, )',
      'org.seleniumhq.selenium:selenium-remote-driver:[4.25.0, )',
      'org.slf4j:slf4j-jdk14:[1.7.28,)',
      'org.testcontainers:jdbc:[1.19.6,)',
      'org.testcontainers:junit-jupiter:[1.19.6,)',
      'org.testcontainers:postgresql:[1.19.6,)',
      'org.testcontainers:selenium:[1.19.6,)',
      'org.testcontainers:testcontainers:[1.19.6,)',
      'org.yaml:snakeyaml:[1.17,)',
      'redis.clients:jedis:7.4.1',
      'us.fatehi:schemacrawler-api:[16.10.1,)',
      'us.fatehi:schemacrawler-diagram:[16.10.1,)',
      'us.fatehi:schemacrawler-postgresql:[16.10.1,)',
      'us.fatehi:schemacrawler-tools:[16.10.1,)',
      'us.fatehi:schemacrawler:[16.10.1,)',
      'xerces:xmlParserAPIs:[2.6.2,)',
    ]

    dependencyMap = dependencyList.collectEntries {
      def fields = it.split(':')
      def key = fields[0] + ':' + fields[1]
      [key, it]
    }
}