[Testing WG] Status of 3rd party dependency check #test


xudan
 

Hi all PTLs,

 

I have updated the global 3rd party direct dependency scopes of both Go and JAVA as well as the check tool. Go global scope and JAVA global scope.

Also the 3rdparty check Jenkins jobs are added for each Go and JAVA project as gating job.

You can find all the jobs under the Jenkins view 3rdpartyCheck, also I have created several Jenkins views for all projects in EdgeGallery Jenkins Portal which also include the 3rdparty Check Section.

 

The following are the projects included into the 3rdparty check scope and the latest check result of them. Please update the dependencies in your project according to this.

We are only focus on the master branch now.

 

Project Name

Illegal Dependency Name

Current Version

Need to be

Reference Jenkins Link

Api-emulator

None

 

 

 

Appstore-be

None

 

 

 

Developer-be

None

 

 

 

Mecm-applcm

None

 

 

 

toolchain

None

 

 

 

atp

com.google.code.gson:gson
junit:junit
org.apache.commons:commons-collections4
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.slf4j:slf4j-api
org.springframework.boot:spring-boot-starter-jdbc
org.springframework.boot:spring-boot-starter-test
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security:spring-security-test
2.8.2
4.12
4.2
2.11.2
2.11.2
2.11.2
42.2.10
1.7.26
2.1.6.RELEASE
2.1.6.RELEASE
2.1.10.RELEASE
4.2.2.RELEASE
2.8.5
4.13
4.4
2.13.3
2.13.3
2.13.3
42.2.16
1.7.30
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/atp-3rdparty-check-master/3/console

Mecm-apm

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
2.11.2
2.8.2
1.4.190
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
2.10.5
2.8.5
1.4.199
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-apm-3rdparty-check-master/1/console

Mecm-appo

com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-appo-3rdparty-check-master/1/console

Mecm-inventory

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.11.2
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.10.5
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-inventory-3rdparty-check-master/1/console

mep

github.com/sirupsen/logrus
v1.4.2
v1.6.0

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mep-3rdparty-check-master/1/console

Mep-agent

github.com/sirupsen/logrus
 
v1.4.2
v1.6.0

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mep-agent-3rdparty-check-master/1/console

Plugins

github.com/sirupsen/logrus
github.com/stretchr/testify
k8s.io/api
k8s.io/apimachinery
k8s.io/client-go
v1.4.2
v1.4.0
v0.18.3
v0.18.3
v0.18.3
v1.6.0
v1.6.1
v0.18.4
v0.18.4
v0.18.4

 

User-mgmt

org.apache.httpcomponents:httpclient
org.projectlombok:lombok
org.springframework.boot:spring-boot-starter-jdbc
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security.oauth:spring-security-oauth2
org.springframework.security:spring-security-confi org.springframework.security:spring-security-core
org.springframework.security:spring-security-web
4.5.7
1.18.6
2.2.9.RELEASE
2.2.9.RELEASE
2.2.9.RELEASE
2.1.16.RELEASE
2.3.8.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
4.5.10
1.18.10
2.3.3.RELEASE
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
2.5.0.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/user-mgmt-3rdparty-check-master/1/console

Website-gateway

org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.springframework.boot:spring-boot-starter-security
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security.oauth:spring-security-oauth2
org.springframework.security:spring-security-config
org.springframework.security:spring-security-core
org.springframework.security:spring-security-web
4.5.7
2.12.1
2.12.1
2.12.1
2.2.6.RELEAS
2.2.6.RELEAS
2.2.6.RELEAS
2.1.10.RELEASE
2.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
4.5.10
2.13.3
2.13.3
2.13.3
2.2.9.RELEASE
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
2.5.0.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/website-gateway-3rdparty-check-master/1/console

 

 

Please make sure the 3rd party gating job pass before you merge any PR. The result can be easily find in the PR page as a comment several seconds later after submitting the PR.

 

 

BR,

Dan Xu

 

发件人: xudan (N)
发送时间: 20201028 17:16
收件人: main <main@edgegallery.groups.io>
主题: [Testing WG] Phase 2 of 3rd party dependency check

 

Hi all,

 

Following the 1.0 release plan, now we are going to disable the exemption of multiple versions of one direct dependency.

This means the number of versions of each direct dependency should be only one for all golang and java projects.

I have create the new global dependency list without multiple versions for golang and java projects respectively.

Please refer to this PR to find out the removed versions of some dependencies. The policy now is to keep the highest version.

Please try to develop with the new dependency lists and let me know if your projects can’t work with some versions.

 

We plan to use the new lists for 3rd party dependency check 2 weeks later. Please test and update the dependency version in these 2 weeks.

 

Following are the projects already included in the 3rd party check. If there are any other golang or java projects, let me know. Thanks.

·         api-emulator

·         appstore-be

·         developer-be

·         mep and mep-agent

·         mecm-apm, mecm-appo, mecm-applcm, mecm-inventory

·         plugins

·         user-mgmt

·         website-gateway

 

 

许丹

M: +86-18621071189

E: xudan16@...

网络产品与解决方案 云化网络OSDT

Cloudify Network OSDT, Network Products & Solutions

 


xudan
 

Hi all,

 

The latest status of the 3rd party dependency check. Please update the versions and pass the check.

 

Project Name

Illegal Dependency Name

Current Version

Need to be

Reference Jenkins Link

Api-emulator

None

 

 

 

Appstore-be

None

 

 

 

Developer-be

None

 

 

 

Mecm-applcm

None

 

 

 

mep

None

 

 

 

Mep-agent

None

 

 

 

plugins

None

 

 

 

toolchain

None

 

 

 

User-mgmt

None

 

 

 

atp

com.google.code.gson:gson
junit:junit
org.apache.commons:commons-collections4
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.slf4j:slf4j-api
org.springframework.boot:spring-boot-starter-jdbc
org.springframework.boot:spring-boot-starter-test
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security:spring-security-test
2.8.2
4.12
4.2
2.11.2
2.11.2
2.11.2
42.2.10
1.7.26
2.1.6.RELEASE
2.1.6.RELEASE
2.1.10.RELEASE
4.2.2.RELEASE
2.8.5
4.13
4.4
2.13.3
2.13.3
2.13.3
42.2.16
1.7.30
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/atp-3rdparty-check-master/3/console

Mecm-apm

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
2.11.2
2.8.2
1.4.190
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
2.10.5
2.8.5
1.4.199
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-apm-3rdparty-check-master/1/console

Mecm-appo

com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-appo-3rdparty-check-master/1/console

Mecm-inventory

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.11.2
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.10.5
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-inventory-3rdparty-check-master/1/console

Website-gateway

org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.springframework.boot:spring-boot-starter-security
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security.oauth:spring-security-oauth2
org.springframework.security:spring-security-config
org.springframework.security:spring-security-core
org.springframework.security:spring-security-web
4.5.7
2.12.1
2.12.1
2.12.1
2.2.6.RELEAS
2.2.6.RELEAS
2.2.6.RELEAS
2.1.10.RELEASE
2.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
4.5.10
2.13.3
2.13.3
2.13.3
2.2.9.RELEASE
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
2.5.0.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/website-gateway-3rdparty-check-master/1/console

 

 

 

发件人: main@edgegallery.groups.io [mailto:main@edgegallery.groups.io] 代表 xudan via groups.io
发送时间: 20201113 16:14
收件人: main <main@edgegallery.groups.io>
主题: [EdgeGallery] [Testing WG] Status of 3rd party dependency check

 

Hi all PTLs,

 

I have updated the global 3rd party direct dependency scopes of both Go and JAVA as well as the check tool. Go global scope and JAVA global scope.

Also the 3rdparty check Jenkins jobs are added for each Go and JAVA project as gating job.

You can find all the jobs under the Jenkins view 3rdpartyCheck, also I have created several Jenkins views for all projects in EdgeGallery Jenkins Portal which also include the 3rdparty Check Section.

 

The following are the projects included into the 3rdparty check scope and the latest check result of them. Please update the dependencies in your project according to this.

We are only focus on the master branch now.

 

Project Name

Illegal Dependency Name

Current Version

Need to be

Reference Jenkins Link

Api-emulator

None

 

 

 

Appstore-be

None

 

 

 

Developer-be

None

 

 

 

Mecm-applcm

None

 

 

 

toolchain

None

 

 

 

atp

com.google.code.gson:gson
junit:junit
org.apache.commons:commons-collections4
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.slf4j:slf4j-api
org.springframework.boot:spring-boot-starter-jdbc
org.springframework.boot:spring-boot-starter-test
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security:spring-security-test
2.8.2
4.12
4.2
2.11.2
2.11.2
2.11.2
42.2.10
1.7.26
2.1.6.RELEASE
2.1.6.RELEASE
2.1.10.RELEASE
4.2.2.RELEASE
2.8.5
4.13
4.4
2.13.3
2.13.3
2.13.3
42.2.16
1.7.30
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/atp-3rdparty-check-master/3/console

Mecm-apm

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
2.11.2
2.8.2
1.4.190
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
2.10.5
2.8.5
1.4.199
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-apm-3rdparty-check-master/1/console

Mecm-appo

com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-appo-3rdparty-check-master/1/console

Mecm-inventory

com.fasterxml.jackson.core:jackson-databind
com.google.code.gson:gson
com.h2database:h2
org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-jcl
org.apache.logging.log4j:log4j-slf4j-impl
org.postgresql:postgresql
org.springframework.security:spring-security-test
2.11.2
2.8.2
1.4.190
4.5
2.13.2
2.13.2
2.13.2
2.13.2
42.2.14
4.2.2.RELEASE
2.10.5
2.8.5
1.4.199
4.5.10
2.13.3
2.13.3
2.13.3
2.13.3
42.2.16
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mecm-inventory-3rdparty-check-master/1/console

mep

github.com/sirupsen/logrus
v1.4.2
v1.6.0

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mep-3rdparty-check-master/1/console

Mep-agent

github.com/sirupsen/logrus
 
v1.4.2
v1.6.0

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/mep-agent-3rdparty-check-master/1/console

Plugins

github.com/sirupsen/logrus
github.com/stretchr/testify
k8s.io/api
k8s.io/apimachinery
k8s.io/client-go
v1.4.2
v1.4.0
v0.18.3
v0.18.3
v0.18.3
v1.6.0
v1.6.1
v0.18.4
v0.18.4
v0.18.4

 

User-mgmt

org.apache.httpcomponents:httpclient
org.projectlombok:lombok
org.springframework.boot:spring-boot-starter-jdbc
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security.oauth:spring-security-oauth2
org.springframework.security:spring-security-confi org.springframework.security:spring-security-core
org.springframework.security:spring-security-web
4.5.7
1.18.6
2.2.9.RELEASE
2.2.9.RELEASE
2.2.9.RELEASE
2.1.16.RELEASE
2.3.8.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
4.5.10
1.18.10
2.3.3.RELEASE
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
2.5.0.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/user-mgmt-3rdparty-check-master/1/console

Website-gateway

org.apache.httpcomponents:httpclient
org.apache.logging.log4j:log4j-api
org.apache.logging.log4j:log4j-core
org.apache.logging.log4j:log4j-slf4j-impl
org.springframework.boot:spring-boot-starter-security
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure
org.springframework.security.oauth:spring-security-oauth2
org.springframework.security:spring-security-config
org.springframework.security:spring-security-core
org.springframework.security:spring-security-web
4.5.7
2.12.1
2.12.1
2.12.1
2.2.6.RELEAS
2.2.6.RELEAS
2.2.6.RELEAS
2.1.10.RELEASE
2.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
5.2.6.RELEASE
4.5.10
2.13.3
2.13.3
2.13.3
2.2.9.RELEASE
2.3.3.RELEASE
2.3.3.RELEASE
2.2.2.RELEASE
2.5.0.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE
5.3.4.RELEASE

http://jenkins.edgegallery.org/view/3rdpartyCheck/job/website-gateway-3rdparty-check-master/1/console

 

 

Please make sure the 3rd party gating job pass before you merge any PR. The result can be easily find in the PR page as a comment several seconds later after submitting the PR.

 

 

BR,

Dan Xu

 

发件人: xudan (N)
发送时间: 20201028 17:16
收件人: main <
main@edgegallery.groups.io>
主题: [Testing WG] Phase 2 of 3rd party dependency check

 

Hi all,

 

Following the 1.0 release plan, now we are going to disable the exemption of multiple versions of one direct dependency.

This means the number of versions of each direct dependency should be only one for all golang and java projects.

I have create the new global dependency list without multiple versions for golang and java projects respectively.

Please refer to this PR to find out the removed versions of some dependencies. The policy now is to keep the highest version.

Please try to develop with the new dependency lists and let me know if your projects can’t work with some versions.

 

We plan to use the new lists for 3rd party dependency check 2 weeks later. Please test and update the dependency version in these 2 weeks.

 

Following are the projects already included in the 3rd party check. If there are any other golang or java projects, let me know. Thanks.

·         api-emulator

·         appstore-be

·         developer-be

·         mep and mep-agent

·         mecm-apm, mecm-appo, mecm-applcm, mecm-inventory

·         plugins

·         user-mgmt

·         website-gateway

 

 

许丹

M: +86-18621071189

E: xudan16@...

网络产品与解决方案 云化网络OSDT

Cloudify Network OSDT, Network Products & Solutions