From 04164d839183fbc89c562c48f1eceed456b09c13 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 30 Apr 2026 15:29:52 +0300 Subject: [PATCH 1/9] Update dependencies --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 6f0a3a9d..1718940d 100644 --- a/build.gradle +++ b/build.gradle @@ -22,7 +22,7 @@ repositories { } } -def buildInfoVersion = '2.41.13' +def buildInfoVersion = '2.43.6' dependencies { implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.15.2' implementation group: 'org.jfrog.buildinfo', name: 'build-info-extractor-npm', version: buildInfoVersion @@ -42,7 +42,7 @@ dependencies { implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11' implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' implementation group: 'commons-codec', name: 'commons-codec', version: '1.13' - implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.0.1' + implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.2.1' implementation group: 'commons-io', name: 'commons-io', version: '2.20.0' implementation(group: 'com.opencsv', name: 'opencsv', version: '5.11.1') { exclude group: 'common-collections', module: 'commons-collections' From 26579fbf4c45db9e1bdc67ebe4266896cf56e02e Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 30 Apr 2026 16:05:59 +0300 Subject: [PATCH 2/9] fix tests --- build.gradle | 2 +- .../java/com/jfrog/ide/common/nodes/subentities/ImpactPath.java | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1718940d..e5d660cf 100644 --- a/build.gradle +++ b/build.gradle @@ -42,7 +42,7 @@ dependencies { implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11' implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' implementation group: 'commons-codec', name: 'commons-codec', version: '1.13' - implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.2.1' + implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.0.1' implementation group: 'commons-io', name: 'commons-io', version: '2.20.0' implementation(group: 'com.opencsv', name: 'opencsv', version: '5.11.1') { exclude group: 'common-collections', module: 'commons-collections' diff --git a/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactPath.java b/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactPath.java index c43bd171..96c241a2 100644 --- a/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactPath.java +++ b/src/main/java/com/jfrog/ide/common/nodes/subentities/ImpactPath.java @@ -1,5 +1,6 @@ package com.jfrog.ide.common.nodes.subentities; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; import lombok.Getter; @@ -7,6 +8,7 @@ @Getter +@JsonIgnoreProperties(ignoreUnknown = true) public class ImpactPath { @JsonProperty() private String name; From e471ef5457f4673aa9a731ab68ed47b4dbd10f90 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 3 May 2026 13:29:29 +0300 Subject: [PATCH 3/9] update jacksonVersion --- build.gradle | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index e5d660cf..f47f80a1 100644 --- a/build.gradle +++ b/build.gradle @@ -23,13 +23,16 @@ repositories { } def buildInfoVersion = '2.43.6' +// Updated to 2.17.3 for security fixes - compatible with Java 8+ +def jacksonVersion = '2.17.3' + dependencies { - implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.15.2' + implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: jacksonVersion implementation group: 'org.jfrog.buildinfo', name: 'build-info-extractor-npm', version: buildInfoVersion implementation group: 'org.jfrog.buildinfo', name: 'build-info-extractor-go', version: buildInfoVersion implementation group: 'org.jfrog.buildinfo', name: 'build-info-client', version: buildInfoVersion implementation group: 'org.jfrog.buildinfo', name: 'build-info-api', version: buildInfoVersion - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.15.2' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jacksonVersion implementation(group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13') { exclude group: 'commons-codec', module: 'commons-codec' } From a29570ec357e24b5e533865f00fcbef13854a60e Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 3 May 2026 13:37:08 +0300 Subject: [PATCH 4/9] fix issue in gradle `concurrent.ExecutionException` --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index f988b374..e7b67abc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ build out .idea -.gradle \ No newline at end of file +.gradle +bin \ No newline at end of file From 6ad32fa66ad8a2877a512daf9432d9d6be7f8dd2 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 3 May 2026 13:40:30 +0300 Subject: [PATCH 5/9] fix issue in gradle `concurrent.ExecutionException` --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f47f80a1..147565f2 100644 --- a/build.gradle +++ b/build.gradle @@ -45,7 +45,7 @@ dependencies { implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11' implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' implementation group: 'commons-codec', name: 'commons-codec', version: '1.13' - implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.0.1' + implementation group: 'com.jfrog', name: 'gradle-dep-tree', version: '3.2.1' implementation group: 'commons-io', name: 'commons-io', version: '2.20.0' implementation(group: 'com.opencsv', name: 'opencsv', version: '5.11.1') { exclude group: 'common-collections', module: 'commons-collections' From 887708391fef1486fff654175580788107335e79 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 3 May 2026 15:26:06 +0300 Subject: [PATCH 6/9] add gradle user home to try fixing tests --- .../com/jfrog/ide/common/gradle/GradleDriver.java | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java b/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java index 90230642..0a907351 100644 --- a/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java +++ b/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java @@ -67,6 +67,7 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log Path initScript = Files.createTempFile("init-script", encodedPath); logger.debug("dependencies.gradle init script path: " + initScript); Path outputFile = Files.createTempFile("gradle-deps-tree", ""); + Path gradleUserHome = Files.createTempDirectory("jfrog-gradle-user-home-"); try (InputStream gradleInitScript = getClass().getResourceAsStream("/gradle-dep-tree.gradle")) { if (gradleInitScript == null) { throw new IOException("Couldn't find dependencies.gradle init script."); @@ -75,8 +76,13 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log // Copy init script to the temp file Files.copy(gradleInitScript, initScript, StandardCopyOption.REPLACE_EXISTING); - // Run "gradle generateDepTrees -q -I " -Dcom.jfrog.depsTreeOutputFile= - List args = Lists.newArrayList("generateDepTrees", "-q", "-I", initScript.toString(), + // Isolate GRADLE_USER_HOME per invocation so parallel scans/tests do not contend on ~/.gradle/caches/jars-9 + // (e.g. "Failed to create Jar file ... jackson-core-*.jar", wrapped as ExecutionException). + // --no-daemon avoids leaving daemons bound to the temporary home. + List args = Lists.newArrayList( + "--no-daemon", + "--gradle-user-home", gradleUserHome.toAbsolutePath().toString(), + "generateDepTrees", "-q", "-I", initScript.toString(), "-Dcom.jfrog.depsTreeOutputFile=" + outputFile.toString()); runCommand(workingDirectory, args, logger); List files = new ArrayList<>(); @@ -94,6 +100,11 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log } finally { FileUtils.forceDelete(initScript.toFile()); FileUtils.forceDelete(outputFile.toFile()); + try { + FileUtils.deleteDirectory(gradleUserHome.toFile()); + } catch (IOException cleanupEx) { + FileUtils.deleteQuietly(gradleUserHome.toFile()); + } } } From d64f9ad97dfa1ac10535fdde3c97a63a1f83ed10 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 4 May 2026 09:51:07 +0300 Subject: [PATCH 7/9] Revert "add gradle user home to try fixing tests" This reverts commit 887708391fef1486fff654175580788107335e79. --- .../com/jfrog/ide/common/gradle/GradleDriver.java | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java b/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java index 0a907351..90230642 100644 --- a/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java +++ b/src/main/java/com/jfrog/ide/common/gradle/GradleDriver.java @@ -67,7 +67,6 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log Path initScript = Files.createTempFile("init-script", encodedPath); logger.debug("dependencies.gradle init script path: " + initScript); Path outputFile = Files.createTempFile("gradle-deps-tree", ""); - Path gradleUserHome = Files.createTempDirectory("jfrog-gradle-user-home-"); try (InputStream gradleInitScript = getClass().getResourceAsStream("/gradle-dep-tree.gradle")) { if (gradleInitScript == null) { throw new IOException("Couldn't find dependencies.gradle init script."); @@ -76,13 +75,8 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log // Copy init script to the temp file Files.copy(gradleInitScript, initScript, StandardCopyOption.REPLACE_EXISTING); - // Isolate GRADLE_USER_HOME per invocation so parallel scans/tests do not contend on ~/.gradle/caches/jars-9 - // (e.g. "Failed to create Jar file ... jackson-core-*.jar", wrapped as ExecutionException). - // --no-daemon avoids leaving daemons bound to the temporary home. - List args = Lists.newArrayList( - "--no-daemon", - "--gradle-user-home", gradleUserHome.toAbsolutePath().toString(), - "generateDepTrees", "-q", "-I", initScript.toString(), + // Run "gradle generateDepTrees -q -I " -Dcom.jfrog.depsTreeOutputFile= + List args = Lists.newArrayList("generateDepTrees", "-q", "-I", initScript.toString(), "-Dcom.jfrog.depsTreeOutputFile=" + outputFile.toString()); runCommand(workingDirectory, args, logger); List files = new ArrayList<>(); @@ -100,11 +94,6 @@ public List generateDependenciesGraphAsJson(File workingDirectory, Log log } finally { FileUtils.forceDelete(initScript.toFile()); FileUtils.forceDelete(outputFile.toFile()); - try { - FileUtils.deleteDirectory(gradleUserHome.toFile()); - } catch (IOException cleanupEx) { - FileUtils.deleteQuietly(gradleUserHome.toFile()); - } } } From 9b8ca5738cc3a71b354c219e42ef837948ea4417 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 4 May 2026 09:53:53 +0300 Subject: [PATCH 8/9] Try update test to use v5 --- src/test/resources/gradle/groovy/build.gradle | 2 +- src/test/resources/gradle/kotlin/build.gradle.kts | 2 +- src/test/resources/gradle/unresolvedGroovy/build.gradle | 2 +- src/test/resources/gradle/unresolvedKotlin/build.gradle.kts | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/resources/gradle/groovy/build.gradle b/src/test/resources/gradle/groovy/build.gradle index 1b27b377..f7dfe943 100644 --- a/src/test/resources/gradle/groovy/build.gradle +++ b/src/test/resources/gradle/groovy/build.gradle @@ -19,7 +19,7 @@ buildscript { mavenCentral() } dependencies { - classpath(group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '4.+') + classpath(group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '5.+') } configurations.classpath { resolutionStrategy { diff --git a/src/test/resources/gradle/kotlin/build.gradle.kts b/src/test/resources/gradle/kotlin/build.gradle.kts index 64eba09f..8b6e9019 100644 --- a/src/test/resources/gradle/kotlin/build.gradle.kts +++ b/src/test/resources/gradle/kotlin/build.gradle.kts @@ -6,7 +6,7 @@ buildscript { mavenCentral() } dependencies { - classpath("org.jfrog.buildinfo", "build-info-extractor-gradle", "4.+") + classpath("org.jfrog.buildinfo", "build-info-extractor-gradle", "5.+") } configurations.classpath { resolutionStrategy { diff --git a/src/test/resources/gradle/unresolvedGroovy/build.gradle b/src/test/resources/gradle/unresolvedGroovy/build.gradle index 1304bf38..fcdd8a6f 100644 --- a/src/test/resources/gradle/unresolvedGroovy/build.gradle +++ b/src/test/resources/gradle/unresolvedGroovy/build.gradle @@ -19,7 +19,7 @@ buildscript { mavenCentral() } dependencies { - classpath(group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '4.+') + classpath(group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '5.+') } configurations.classpath { resolutionStrategy { diff --git a/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts b/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts index 645a07ea..59e78c1e 100644 --- a/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts +++ b/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts @@ -6,7 +6,7 @@ buildscript { mavenCentral() } dependencies { - classpath("org.jfrog.buildinfo", "build-info-extractor-gradle", "4.+") + classpath("org.jfrog.buildinfo", "build-info-extractor-gradle", "5.+") } configurations.classpath { resolutionStrategy { From 3ab3fe78d4cc4ca3b54d743d6ef07d49a962623a Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 4 May 2026 09:59:47 +0300 Subject: [PATCH 9/9] fix test projects --- src/test/resources/gradle/groovy/api/build.gradle | 5 ++--- src/test/resources/gradle/kotlin/build.gradle.kts | 4 ++-- src/test/resources/gradle/unresolvedGroovy/api/build.gradle | 5 ++--- src/test/resources/gradle/unresolvedKotlin/build.gradle.kts | 4 ++-- src/test/resources/packageFinder/gradle/api/build.gradle | 5 ++--- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/test/resources/gradle/groovy/api/build.gradle b/src/test/resources/gradle/groovy/api/build.gradle index 492158b1..5660b719 100644 --- a/src/test/resources/gradle/groovy/api/build.gradle +++ b/src/test/resources/gradle/groovy/api/build.gradle @@ -4,9 +4,8 @@ configurations { dependencies { implementation project(':shared') - implementation module("commons-lang:commons-lang:2.4") { - dependency("commons-io:commons-io:1.2") - } + implementation "commons-lang:commons-lang:2.4" + implementation "commons-io:commons-io:1.2" implementation group: 'org.apache.wicket', name: 'wicket', version: '1.3.7' } diff --git a/src/test/resources/gradle/kotlin/build.gradle.kts b/src/test/resources/gradle/kotlin/build.gradle.kts index 8b6e9019..e288028a 100644 --- a/src/test/resources/gradle/kotlin/build.gradle.kts +++ b/src/test/resources/gradle/kotlin/build.gradle.kts @@ -103,8 +103,8 @@ configure { publish { repository { setRepoKey("libs-snapshot-local") // The Artifactory repository key to publish to - setUsername(findProperty("artifactory_user")) // The publisher user name - setPassword(findProperty("artifactory_password")) // The publisher password + setUsername(findProperty("artifactory_user")?.toString().orEmpty()) // The publisher user name + setPassword(findProperty("artifactory_password")?.toString().orEmpty()) // The publisher password // This is an optional section for configuring Ivy publication (when publishIvy = true). ivy { setIvyLayout("[organization]/[module]/ivy-[revision].xml") diff --git a/src/test/resources/gradle/unresolvedGroovy/api/build.gradle b/src/test/resources/gradle/unresolvedGroovy/api/build.gradle index 492158b1..5660b719 100644 --- a/src/test/resources/gradle/unresolvedGroovy/api/build.gradle +++ b/src/test/resources/gradle/unresolvedGroovy/api/build.gradle @@ -4,9 +4,8 @@ configurations { dependencies { implementation project(':shared') - implementation module("commons-lang:commons-lang:2.4") { - dependency("commons-io:commons-io:1.2") - } + implementation "commons-lang:commons-lang:2.4" + implementation "commons-io:commons-io:1.2" implementation group: 'org.apache.wicket', name: 'wicket', version: '1.3.7' } diff --git a/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts b/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts index 59e78c1e..44108172 100644 --- a/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts +++ b/src/test/resources/gradle/unresolvedKotlin/build.gradle.kts @@ -103,8 +103,8 @@ configure { publish { repository { setRepoKey("libs-snapshot-local") // The Artifactory repository key to publish to - setUsername(findProperty("artifactory_user")) // The publisher user name - setPassword(findProperty("artifactory_password")) // The publisher password + setUsername(findProperty("artifactory_user")?.toString().orEmpty()) // The publisher user name + setPassword(findProperty("artifactory_password")?.toString().orEmpty()) // The publisher password // This is an optional section for configuring Ivy publication (when publishIvy = true). ivy { setIvyLayout("[organization]/[module]/ivy-[revision].xml") diff --git a/src/test/resources/packageFinder/gradle/api/build.gradle b/src/test/resources/packageFinder/gradle/api/build.gradle index 5b5b84c0..5130c1c8 100644 --- a/src/test/resources/packageFinder/gradle/api/build.gradle +++ b/src/test/resources/packageFinder/gradle/api/build.gradle @@ -6,9 +6,8 @@ configurations { dependencies { implementation project(':shared') - implementation module("commons-lang:commons-lang:2.4") { - dependency("commons-io:commons-io:1.2") - } + implementation "commons-lang:commons-lang:2.4" + implementation "commons-io:commons-io:1.2" implementation group: 'org.apache.wicket', name: 'wicket', version: '1.3.7' }