Update dependencies (#6499)

* Update dependencies * Strictly pin slf4j and logback versions * logback 1.3 * Only use slf4j 2.0.0 internally in the javaagent * Pre-initialize slf4j provider * Bump jackson version * licenses
2022-09-06 22:04:30 +02:00 · 2022-09-06 22:04:30 +02:00 · 0d6f0b15d0
parent a665a7f014
commit 0d6f0b15d0
15 changed files with 145 additions and 24 deletions
--- a/benchmark-overhead/build.gradle.kts
+++ b/benchmark-overhead/build.gradle.kts
@ -24,7 +24,7 @@ dependencies {
  testImplementation("org.jooq:joox:1.6.2")
  testImplementation("com.jayway.jsonpath:json-path:2.6.0")
  testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-  testImplementation("org.slf4j:slf4j-simple:1.7.36")
+  testImplementation("org.slf4j:slf4j-simple:2.0.0")
 }

 tasks {
--- a/dependencyManagement/build.gradle.kts
+++ b/dependencyManagement/build.gradle.kts
@ -31,13 +31,13 @@ val groovyVersion = "4.0.4"
 // configurations.testRuntimeClasspath.resolutionStrategy.force "com.google.guava:guava:19.0"

 val DEPENDENCY_BOMS = listOf(
-  "com.fasterxml.jackson:jackson-bom:2.13.2.20220328",
+  "com.fasterxml.jackson:jackson-bom:2.13.4",
  "com.google.guava:guava-bom:31.1-jre",
  "org.apache.groovy:groovy-bom:${groovyVersion}",
  "io.opentelemetry:opentelemetry-bom:${otelVersion}",
  "io.opentelemetry:opentelemetry-bom-alpha:${otelVersion}-alpha",
-  "org.junit:junit-bom:5.8.2",
-  "org.testcontainers:testcontainers-bom:1.17.1",
+  "org.junit:junit-bom:5.9.0",
+  "org.testcontainers:testcontainers-bom:1.17.3",
 )

 val DEPENDENCY_SETS = listOf(
@ -69,7 +69,7 @@ val DEPENDENCY_SETS = listOf(
  ),
  DependencySet(
    "org.mockito",
-    "4.5.1",
+    "4.7.0",
    listOf("mockito-core", "mockito-junit-jupiter", "mockito-inline")
  ),
  DependencySet(
@ -87,7 +87,7 @@ val DEPENDENCIES = listOf(
  "com.github.stefanbirkner:system-lambda:1.2.1",
  "com.github.stefanbirkner:system-rules:1.19.0",
  "uk.org.webcompere:system-stubs-jupiter:2.0.1",
-  "com.uber.nullaway:nullaway:0.9.7",
+  "com.uber.nullaway:nullaway:0.9.9",
  "commons-beanutils:commons-beanutils:1.9.4",
  "commons-cli:commons-cli:1.5.0",
  "commons-codec:commons-codec:1.15",
--- a/examples/distro/smoke-tests/build.gradle
+++ b/examples/distro/smoke-tests/build.gradle
@ -10,7 +10,7 @@ dependencies {
  testImplementation("io.opentelemetry.proto:opentelemetry-proto:0.16.0-alpha")
  testImplementation("io.opentelemetry:opentelemetry-api:1.6.0")

-  testImplementation("ch.qos.logback:logback-classic:1.2.3")
+  testImplementation("ch.qos.logback:logback-classic:1.2.11")
 }

 tasks.test {
--- a/examples/extension/build.gradle
+++ b/examples/extension/build.gradle
@ -101,14 +101,13 @@ dependencies {

  testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.0")
  testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-  testRuntimeOnly("ch.qos.logback:logback-classic:1.2.3")
+  testRuntimeOnly("ch.qos.logback:logback-classic:1.2.11")

  //Otel Java instrumentation that we use and extend during integration tests
  otel("io.opentelemetry.javaagent:opentelemetry-javaagent:${versions.opentelemetryJavaagent}")

  //TODO remove when start using io.opentelemetry.instrumentation.javaagent-instrumentation plugin
  add("codegen", "io.opentelemetry.javaagent:opentelemetry-javaagent-tooling:${versions.opentelemetryJavaagentAlpha}")
-  add("codegen", "ch.qos.logback:logback-classic:1.2.3")
  add("muzzleBootstrap", "io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations-support:${versions.opentelemetryJavaagentAlpha}")
  add("muzzleTooling", "io.opentelemetry.javaagent:opentelemetry-javaagent-extension-api:${versions.opentelemetryJavaagentAlpha}")
  add("muzzleTooling", "io.opentelemetry.javaagent:opentelemetry-javaagent-tooling:${versions.opentelemetryJavaagentAlpha}")
--- a/instrumentation/logback/logback-appender-1.0/javaagent/build.gradle.kts
+++ b/instrumentation/logback/logback-appender-1.0/javaagent/build.gradle.kts
@ -15,7 +15,34 @@ muzzle {
 }

 dependencies {
-  library("ch.qos.logback:logback-classic:0.9.16")
+  // pin the version strictly to avoid overriding by dependencyManagement versions
+  compileOnly("ch.qos.logback:logback-classic") {
+    version {
+      strictly("0.9.16")
+    }
+  }
+  compileOnly("org.slf4j:slf4j-api") {
+    version {
+      strictly("1.5.8")
+    }
+  }
+
+  if (findProperty("testLatestDeps") as Boolean) {
+    testImplementation("ch.qos.logback:logback-classic:+")
+  } else {
+    // TODO these versions are actually used during test
+    // currently our tests fail for logback-classic 0.9.16
+    testImplementation("ch.qos.logback:logback-classic") {
+      version {
+        strictly("1.2.11")
+      }
+    }
+    testImplementation("org.slf4j:slf4j-api") {
+      version {
+        strictly("1.7.36")
+      }
+    }
+  }

  compileOnly(project(":instrumentation-appender-api-internal"))
  compileOnly(project(":javaagent-bootstrap"))
--- a/instrumentation/logback/logback-appender-1.0/library/build.gradle.kts
+++ b/instrumentation/logback/logback-appender-1.0/library/build.gradle.kts
@ -6,7 +6,34 @@ dependencies {
  implementation(project(":instrumentation-appender-api-internal"))
  implementation(project(":instrumentation-appender-sdk-internal"))

-  library("ch.qos.logback:logback-classic:0.9.16")
+  // pin the version strictly to avoid overriding by dependencyManagement versions
+  compileOnly("ch.qos.logback:logback-classic") {
+    version {
+      strictly("0.9.16")
+    }
+  }
+  compileOnly("org.slf4j:slf4j-api") {
+    version {
+      strictly("1.5.8")
+    }
+  }
+
+  if (findProperty("testLatestDeps") as Boolean) {
+    testImplementation("ch.qos.logback:logback-classic:+")
+  } else {
+    // TODO these versions are actually used during test
+    // currently our tests fail for logback-classic 0.9.16
+    testImplementation("ch.qos.logback:logback-classic") {
+      version {
+        strictly("1.2.11")
+      }
+    }
+    testImplementation("org.slf4j:slf4j-api") {
+      version {
+        strictly("1.7.36")
+      }
+    }
+  }

  testImplementation("io.opentelemetry:opentelemetry-sdk-logs")
  testImplementation("io.opentelemetry:opentelemetry-sdk-testing")
--- a/instrumentation/logback/logback-mdc-1.0/javaagent/build.gradle.kts
+++ b/instrumentation/logback/logback-mdc-1.0/javaagent/build.gradle.kts
@ -13,7 +13,32 @@ muzzle {
 dependencies {
  implementation(project(":instrumentation:logback:logback-mdc-1.0:library"))

-  library("ch.qos.logback:logback-classic:1.0.0")
+  // pin the version strictly to avoid overriding by dependencyManagement versions
+  compileOnly("ch.qos.logback:logback-classic") {
+    version {
+      strictly("1.0.0")
+    }
+  }
+  compileOnly("org.slf4j:slf4j-api") {
+    version {
+      strictly("1.6.4")
+    }
+  }
+
+  if (findProperty("testLatestDeps") as Boolean) {
+    testImplementation("ch.qos.logback:logback-classic:+")
+  } else {
+    testImplementation("ch.qos.logback:logback-classic") {
+      version {
+        strictly("1.0.0")
+      }
+    }
+    testImplementation("org.slf4j:slf4j-api") {
+      version {
+        strictly("1.6.4")
+      }
+    }
+  }

  testImplementation(project(":instrumentation:logback:logback-mdc-1.0:testing"))
 }
--- a/instrumentation/logback/logback-mdc-1.0/library/build.gradle.kts
+++ b/instrumentation/logback/logback-mdc-1.0/library/build.gradle.kts
@ -3,7 +3,32 @@ plugins {
 }

 dependencies {
-  library("ch.qos.logback:logback-classic:1.0.0")
+  // pin the version strictly to avoid overriding by dependencyManagement versions
+  compileOnly("ch.qos.logback:logback-classic") {
+    version {
+      strictly("1.0.0")
+    }
+  }
+  compileOnly("org.slf4j:slf4j-api") {
+    version {
+      strictly("1.6.4")
+    }
+  }
+
+  if (findProperty("testLatestDeps") as Boolean) {
+    testImplementation("ch.qos.logback:logback-classic:+")
+  } else {
+    testImplementation("ch.qos.logback:logback-classic") {
+      version {
+        strictly("1.0.0")
+      }
+    }
+    testImplementation("org.slf4j:slf4j-api") {
+      version {
+        strictly("1.6.4")
+      }
+    }
+  }

  testImplementation(project(":instrumentation:logback:logback-mdc-1.0:testing"))
 }
--- a/javaagent-bootstrap/build.gradle.kts
+++ b/javaagent-bootstrap/build.gradle.kts
@ -5,11 +5,13 @@ plugins {

 group = "io.opentelemetry.javaagent"

+val agentSlf4jVersion = "2.0.0"
+
 dependencies {
  implementation(project(":instrumentation-api"))
  implementation(project(":instrumentation-appender-api-internal"))
-  implementation("org.slf4j:slf4j-api")
-  implementation("org.slf4j:slf4j-simple")
+  implementation("org.slf4j:slf4j-api:$agentSlf4jVersion")
+  implementation("org.slf4j:slf4j-simple:$agentSlf4jVersion")

  testImplementation(project(":testing-common"))
 }
--- a/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/DefaultLoggingCustomizer.java
+++ b/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/DefaultLoggingCustomizer.java
@ -5,6 +5,7 @@

 package io.opentelemetry.javaagent.tooling;

+import java.lang.reflect.InvocationTargetException;
 import java.util.Locale;

 final class DefaultLoggingCustomizer implements LoggingCustomizer {
@ -33,6 +34,21 @@ final class DefaultLoggingCustomizer implements LoggingCustomizer {
      // by default muzzle warnings are turned off
      setSystemPropertyDefault(SIMPLE_LOGGER_PREFIX + "muzzleMatcher", "OFF");
    }
+
+    ClassLoader previous = Thread.currentThread().getContextClassLoader();
+    try {
+      // make sure that slf4j finds the provider in the bootstrap CL
+      Thread.currentThread().setContextClassLoader(null);
+      Class<?> loggerFactory = Class.forName("org.slf4j.LoggerFactory");
+      loggerFactory.getMethod("getILoggerFactory").invoke(null);
+    } catch (ClassNotFoundException
+        | InvocationTargetException
+        | IllegalAccessException
+        | NoSuchMethodException e) {
+      throw new IllegalStateException("Failed to initialize logging", e);
+    } finally {
+      Thread.currentThread().setContextClassLoader(previous);
+    }
  }

  @Override
--- a/licenses/jackson-core-2.13.4.jar/META-INF/LICENSE
+++ b/licenses/jackson-core-2.13.4.jar/META-INF/LICENSE
--- a/licenses/jackson-core-2.13.4.jar/META-INF/NOTICE
+++ b/licenses/jackson-core-2.13.4.jar/META-INF/NOTICE
--- a/licenses/jackson-jr-objects-2.13.4.jar/META-INF/LICENSE
+++ b/licenses/jackson-jr-objects-2.13.4.jar/META-INF/LICENSE
--- a/licenses/jackson-jr-objects-2.13.4.jar/META-INF/NOTICE
+++ b/licenses/jackson-jr-objects-2.13.4.jar/META-INF/NOTICE
--- a/licenses/licenses.md
+++ b/licenses/licenses.md
@ -1,7 +1,7 @@

 #javaagent
 ##Dependency License Report
-_2022-08-12 13:38:10 PDT_
+_2022-09-06 12:21:05 CEST_
 ## Apache License, Version 2.0

 **1** **Group:** `com.blogspot.mydailyjava` **Name:** `weak-lock-free` **Version:** `0.18` 
@ -9,19 +9,19 @@ _2022-08-12 13:38:10 PDT_
 > - **POM Project URL**: [https://github.com/raphw/weak-lock-free](https://github.com/raphw/weak-lock-free)
 > - **POM License**: Apache License, Version 2.0 - [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)

-**2** **Group:** `com.fasterxml.jackson.core` **Name:** `jackson-core` **Version:** `2.13.2` 
+**2** **Group:** `com.fasterxml.jackson.core` **Name:** `jackson-core` **Version:** `2.13.4` 
 > - **Project URL**: [https://github.com/FasterXML/jackson-core](https://github.com/FasterXML/jackson-core)
 > - **Manifest License**: Apache License, Version 2.0 (Not Packaged)
 > - **POM License**: Apache License, Version 2.0 - [https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
-> - **Embedded license files**: [jackson-core-2.13.2.jar/META-INF/LICENSE](jackson-core-2.13.2.jar/META-INF/LICENSE) 
-    - [jackson-core-2.13.2.jar/META-INF/NOTICE](jackson-core-2.13.2.jar/META-INF/NOTICE)
+> - **Embedded license files**: [jackson-core-2.13.4.jar/META-INF/LICENSE](jackson-core-2.13.4.jar/META-INF/LICENSE) 
+    - [jackson-core-2.13.4.jar/META-INF/NOTICE](jackson-core-2.13.4.jar/META-INF/NOTICE)

-**3** **Group:** `com.fasterxml.jackson.jr` **Name:** `jackson-jr-objects` **Version:** `2.13.2` 
+**3** **Group:** `com.fasterxml.jackson.jr` **Name:** `jackson-jr-objects` **Version:** `2.13.4` 
 > - **Project URL**: [http://wiki.fasterxml.com/JacksonHome](http://wiki.fasterxml.com/JacksonHome)
 > - **Manifest License**: Apache License, Version 2.0 (Not Packaged)
 > - **POM License**: Apache License, Version 2.0 - [https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
-> - **Embedded license files**: [jackson-jr-objects-2.13.2.jar/META-INF/LICENSE](jackson-jr-objects-2.13.2.jar/META-INF/LICENSE) 
-    - [jackson-jr-objects-2.13.2.jar/META-INF/NOTICE](jackson-jr-objects-2.13.2.jar/META-INF/NOTICE)
+> - **Embedded license files**: [jackson-jr-objects-2.13.4.jar/META-INF/LICENSE](jackson-jr-objects-2.13.4.jar/META-INF/LICENSE) 
+    - [jackson-jr-objects-2.13.4.jar/META-INF/NOTICE](jackson-jr-objects-2.13.4.jar/META-INF/NOTICE)

 **4** **Group:** `com.googlecode.concurrentlinkedhashmap` **Name:** `concurrentlinkedhashmap-lru` **Version:** `1.4.2` 
 > - **Manifest License**: Apache License, Version 2.0 (Not Packaged)
@ -201,11 +201,11 @@ _2022-08-12 13:38:10 PDT_

 ## MIT License

-**44** **Group:** `org.slf4j` **Name:** `slf4j-api` **Version:** `1.7.36` 
+**44** **Group:** `org.slf4j` **Name:** `slf4j-api` **Version:** `2.0.0` 
 > - **POM Project URL**: [http://www.slf4j.org](http://www.slf4j.org)
 > - **POM License**: MIT License - [https://opensource.org/licenses/MIT](https://opensource.org/licenses/MIT)

-**45** **Group:** `org.slf4j` **Name:** `slf4j-simple` **Version:** `1.7.36` 
+**45** **Group:** `org.slf4j` **Name:** `slf4j-simple` **Version:** `2.0.0` 
 > - **POM Project URL**: [http://www.slf4j.org](http://www.slf4j.org)
 > - **POM License**: MIT License - [https://opensource.org/licenses/MIT](https://opensource.org/licenses/MIT)