From 028a52183c7ab99c60cbcd9d4b860cc8730ba8b6 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:05:42 -0500 Subject: [PATCH] issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies --- HIRS_AttestationCAPortal/build.gradle | 10 ++++------ build.gradle | 4 +++- gradle/versions.toml | 2 -- tools/tcg_rim_tool/build.gradle | 1 - 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index a1223ed9..47529409 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -31,12 +31,9 @@ dependencies { implementation libs.bouncycastle implementation libs.gson - implementation libs.guava implementation libs.jakarta.persistence.api - implementation libs.jakarta.servlet implementation libs.jakarta.xml implementation libs.log4j.spring.boot - implementation libs.mariadb.java.client // pull the pci dependency and ... implementation(libs.pci) { @@ -49,20 +46,21 @@ dependencies { implementation libs.spring.boot.starter.web implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa - implementation libs.spring.boot.starter.log4j2 - implementation libs.tomcat.embed.jasper + runtimeOnly libs.tomcat.embed.jasper compileOnly libs.lombok annotationProcessor libs.lombok providedRuntime libs.spring.boot.starter.tomcat + runtimeOnly libs.mariadb.java.client testImplementation libs.junit.jupiter - testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok + + testRuntimeOnly libs.hsqldb } test { diff --git a/build.gradle b/build.gradle index b7eec514..9c2150e4 100644 --- a/build.gradle +++ b/build.gradle @@ -5,8 +5,9 @@ import java.util.concurrent.TimeUnit plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' - id 'com.github.spotbugs' version '6.0.4' apply false + id 'com.autonomousapps.dependency-analysis' version "2.5.0" id 'checkstyle' + id 'com.github.spotbugs' version "6.0.4" apply false id 'java' } @@ -14,6 +15,7 @@ plugins { ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml") subprojects { + apply plugin: 'com.autonomousapps.dependency-analysis' apply plugin: "com.github.spotbugs" apply plugin: "java" apply plugin: "checkstyle" diff --git a/gradle/versions.toml b/gradle/versions.toml index 4a2f203c..f4e668b7 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -11,7 +11,6 @@ guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.2.32.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" -jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.85" log4jVersion = "2.24.2" @@ -50,7 +49,6 @@ hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hiber jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" } -jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index d92ba70a..d41567b4 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -14,7 +14,6 @@ dependencies { implementation libs.commons.codec implementation libs.glassfish.jakarta.json implementation libs.glassfish.jaxb.runtime - implementation libs.guava implementation libs.hibernate.core implementation libs.jcommander implementation libs.jackson.databind