Skip to content

feat(dependencies): update dependencies for security #6400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: release_v4.8.1
Choose a base branch
from
Open

feat(dependencies): update dependencies for security #6400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
allprojects {
version = "1.0.0"
apply plugin: "java-library"
ext {
springVersion = "5.3.39"
}
}

subprojects {
Expand Down Expand Up @@ -41,8 +44,7 @@ subprojects {
implementation group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.25'
implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
implementation "com.google.code.findbugs:jsr305:3.0.0"
implementation group: 'org.springframework', name: 'spring-context', version: '5.3.18'
implementation group: 'org.springframework', name: 'spring-tx', version: '5.3.18'
implementation group: 'org.springframework', name: 'spring-context', version: "${springVersion}"
implementation "org.apache.commons:commons-lang3:3.4"
implementation group: 'org.apache.commons', name: 'commons-math', version: '2.2'
implementation "org.apache.commons:commons-collections4:4.1"
Expand Down
3 changes: 2 additions & 1 deletion chainbase/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ dependencies {
api project(":common")
api project(":crypto")
api "org.fusesource.jansi:jansi:$jansiVersion"
api 'io.github.tronprotocol:zksnark-java-sdk:1.0.0'
api group: 'commons-io', name: 'commons-io', version: '2.18.0'
api 'io.github.tronprotocol:zksnark-java-sdk:1.0.0' exclude(group: 'commons-io', module: 'commons-io')
api 'org.reflections:reflections:0.9.11'
}

Expand Down
6 changes: 3 additions & 3 deletions common/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ if (isWindows()) {
}

dependencies {
api group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.4.2' // https://github.com/FasterXML/jackson-databind/issues/3627
api "com.cedarsoftware:java-util:1.8.0"
api group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.18.3' // https://github.com/FasterXML/jackson-databind/issues/3627
api "com.cedarsoftware:java-util:3.2.0"
api group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.1'
api group: 'commons-codec', name: 'commons-codec', version: '1.11'
api group: 'com.beust', name: 'jcommander', version: '1.78'
Expand All @@ -44,7 +44,7 @@ dependencies {
api 'org.aspectj:aspectjrt:1.8.13'
api 'org.aspectj:aspectjweaver:1.8.13'
api 'org.aspectj:aspectjtools:1.8.13'
api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.5',{
api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.6',{
exclude group: 'io.grpc', module: 'grpc-context'
exclude group: 'io.grpc', module: 'grpc-core'
exclude group: 'io.grpc', module: 'grpc-netty'
Expand Down
2 changes: 0 additions & 2 deletions common/src/main/java/org/tron/core/config/CommonConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,8 @@
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.transaction.annotation.EnableTransactionManagement;

@Configuration
@EnableTransactionManagement
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why remove EnableTransactionManagement

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The @EnableTransactionManagementExpand annotation serves no practical purpose in the Java-Tron project. Since Java-Tron uses LevelDB/RocksDB as its underlying storage engine, and LevelDB/RocksDB does not support traditional database transaction mechanisms, Spring's transaction management capabilities cannot be effectively utilized in this context.
Data consistency in Java-Tron is ensured through alternative mechanisms, primarily the Session mechanism and WriteBatch atomic operations. These mechanisms guarantee data integrity and consistency during block processing without relying on conventional transaction management frameworks.

@EnableAspectJAutoProxy
@ComponentScan(basePackages = "org.tron")
public class CommonConfig {
Expand Down
13 changes: 3 additions & 10 deletions framework/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,15 +38,11 @@ dependencies {
//local libraries
implementation fileTree(dir: 'libs', include: '*.jar')
// end local libraries
testImplementation group: 'org.hamcrest', name: 'hamcrest-junit', version: '1.0.0.1'

implementation group: 'com.google.inject', name: 'guice', version: '4.1.0'
implementation group: 'io.dropwizard.metrics', name: 'metrics-core', version: '3.1.2'
implementation group: 'com.github.davidb', name: 'metrics-influxdb', version: '0.8.2'
implementation group: 'com.carrotsearch', name: 'java-sizeof', version: '0.0.5'
// http
implementation 'org.eclipse.jetty:jetty-server:9.4.53.v20231009'
implementation 'org.eclipse.jetty:jetty-servlet:9.4.53.v20231009'
implementation 'org.eclipse.jetty:jetty-server:9.4.57.v20241219'
implementation 'org.eclipse.jetty:jetty-servlet:9.4.57.v20241219'
implementation 'com.alibaba:fastjson:1.2.83'
// end http

Expand All @@ -56,14 +52,11 @@ dependencies {
// https://mvnrepository.com/artifact/javax.portlet/portlet-api
compileOnly group: 'javax.portlet', name: 'portlet-api', version: '3.0.1'

implementation "io.vavr:vavr:0.9.2"
implementation (group: 'org.pf4j', name: 'pf4j', version: '3.10.0') {
exclude group: "org.slf4j", module: "slf4j-api"
}

testImplementation group: 'org.springframework', name: 'spring-test', version: '5.2.0.RELEASE'
testImplementation group: 'org.springframework', name: 'spring-web', version: '5.2.0.RELEASE'

testImplementation group: 'org.springframework', name: 'spring-test', version: "${springVersion}"
implementation group: 'org.zeromq', name: 'jeromq', version: '0.5.3'
api project(":chainbase")
api project(":protocol")
Expand Down
61 changes: 61 additions & 0 deletions framework/src/test/java/org/springframework/http/InvalidMediaTypeException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
/*
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what InvalidMediaTypeException.java is used for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For spring-test, some scenarios use this class.

* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.springframework.http;

import org.springframework.util.InvalidMimeTypeException;

/**
* Exception thrown from {@link MediaType#parseMediaType(String)} in case of
* encountering an invalid media type specification String.
*
* @author Juergen Hoeller
* @since 3.2.2
*/
@SuppressWarnings("serial")
public class InvalidMediaTypeException extends IllegalArgumentException {

private final String mediaType;


/**
* Create a new InvalidMediaTypeException for the given media type.
*
* @param mediaType the offending media type
* @param message a detail message indicating the invalid part
*/
public InvalidMediaTypeException(String mediaType, String message) {
super("Invalid media type \"" + mediaType + "\": " + message);
this.mediaType = mediaType;
}

/**
* Constructor that allows wrapping {@link InvalidMimeTypeException}.
*/
InvalidMediaTypeException(InvalidMimeTypeException ex) {
super(ex.getMessage(), ex);
this.mediaType = ex.getMimeType();
}


/**
* Return the offending media type.
*/
public String getMediaType() {
return this.mediaType;
}

}
Loading