plugins { id 'org.springframework.boot' version '2.7.17' id 'io.spring.dependency-management' version '1.1.3' id 'java' } java { group = 'eu.openaire.urls_controller' version = '2.6.0-SNAPSHOT' sourceCompatibility = JavaVersion.VERSION_1_8 } repositories { mavenCentral() maven { name "omtd" url "https://repo.openminted.eu/content/repositories/releases/" } maven { name "pentaho-repo" url "https://public.nexus.pentaho.org/content/groups/omni/" } } dependencies { runtimeOnly "org.springframework.boot:spring-boot-devtools" implementation "org.springframework.boot:spring-boot-starter-web" implementation("org.springframework.boot:spring-boot-starter-security") implementation("org.springframework.boot:spring-boot-starter-jdbc") implementation("org.springframework.boot:spring-boot-configuration-processor") implementation("org.springframework.boot:spring-boot-starter-actuator") implementation("org.springframework.boot:spring-boot-starter-aop") implementation("org.springframework.security:spring-security-core") implementation("org.springframework.security:spring-security-web") implementation("org.springframework.security:spring-security-config") //implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.11.5' // Use this in case we use auth-tokens later on. // Enable the validation annotations. //implementation group: 'jakarta.validation', name: 'jakarta.validation-api', version: '3.0.2' // https://mvnrepository.com/artifact/com.google.guava/guava implementation group: 'com.google.guava', name: 'guava', version: '32.1.3-jre' // https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.13.0' // https://mvnrepository.com/artifact/org.apache.commons/commons-compress implementation("org.apache.commons:commons-compress:1.24.0") { exclude group: 'com.github.luben', module: 'zstd-jni' } implementation 'com.github.luben:zstd-jni:1.5.5-6' // Even though this is part of the above dependency, the Apache commons rarely updates it, while the zstd team makes improvements very often. implementation 'io.minio:minio:8.5.6' // https://mvnrepository.com/artifact/com.cloudera.impala/jdbc implementation("com.cloudera.impala:jdbc:2.5.31") { exclude group: 'org.apache.hive', module: 'hive-exec' exclude group: 'com.twitter', module: 'parquet-hadoop-bundle' exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-log4j12' exclude group: 'org.apache.derby', module: 'derby' exclude group: 'org.eclipse.jetty.aggregate', module: 'jetty-all' exclude group: 'ch.qos.log4j', module: 'log4j' exclude group: 'ch.qos.log4j', module: 'apache-log4j-extras' // Vulnerable dependencies: exclude group: 'log4j', module: 'log4j' exclude group: 'org.apache.ant', module: 'ant' exclude group: 'org.apache.thrift', module: 'libthrift' // This is an older version (we add the updated one later). exclude group: 'org.apache.hive', module: 'hive-metastore' // Avoid excluding 'org.apache.hive:hive-service', as this is needed and unfortunately, even adding a newer version separately, it introducing other vulnerable dependencies. } // https://mvnrepository.com/artifact/org.apache.parquet/parquet-avro implementation('org.apache.parquet:parquet-avro:1.13.1') // https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common implementation('org.apache.hadoop:hadoop-common:3.3.6') { exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-api' exclude group: 'org.slf4j', module: 'slf4j-reload4j' exclude group: 'ch.qos.reload4j', module: 'reload4j' // Vulnerable dependencies: exclude group: 'com.google.protobuf', module: 'protobuf-java' exclude group: 'org.codehaus.jackson', module: 'jackson-core-asl' exclude group: 'org.codehaus.jackson', module: 'jackson-mapper-asl' exclude group: 'com.fasterxml.woodstox', module: 'woodstox-core' //exclude group: 'commons-collections', module: 'commons-collections' // This dependency is required in order for the program to run without errors. It is discontinued. } // https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-mapreduce-client-core implementation('org.apache.hadoop:hadoop-mapreduce-client-core:3.3.6') { exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-api' exclude group: 'org.slf4j', module: 'slf4j-reload4j' exclude group: 'ch.qos.reload4j', module: 'reload4j' // Vulnerable dependencies: exclude group: 'com.google.protobuf', module: 'protobuf-java' exclude group: 'io.netty', module: 'netty' } // Add back some updated version of the needed dependencies. implementation 'org.apache.thrift:libthrift:0.17.0' // Newer versions (>=0.18.X) are not compatible with JAVA 8. implementation 'com.fasterxml.woodstox:woodstox-core:6.5.1' // https://mvnrepository.com/artifact/org.json/json implementation 'org.json:json:20231013' // https://mvnrepository.com/artifact/com.google.code.gson/gson implementation 'com.google.code.gson:gson:2.10.1' // https://mvnrepository.com/artifact/io.micrometer/micrometer-registry-prometheus runtimeOnly 'io.micrometer:micrometer-registry-prometheus:1.11.5' testImplementation 'org.springframework.security:spring-security-test' testImplementation "org.springframework.boot:spring-boot-starter-test" } configurations.implementation { exclude group: 'com.twitter', module: 'parquet-hadoop-bundle' } // Set increased lower and upper limits for the java-execution. tasks.withType(JavaExec).configureEach { jvmArgs = ['-Xms512m', '-Xmx8g'] } test { useJUnitPlatform() }