otj-parent-spring
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>com.opentable</groupId>
<artifactId>otj-parent-spring</artifactId>
<version>393</version>
</dependency><?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.basepom</groupId>
<artifactId>basepom-minimal</artifactId>
<version>59</version>
<relativePath />
</parent>
<groupId>com.opentable</groupId>
<artifactId>otj-parent-spring</artifactId>
<packaging>pom</packaging>
<version>393</version>
<name>OpenTable Spring base pom</name>
<description>This is the Base POM for internal OpenTable Spring Maven projects.</description>
<properties>
<!-- tweak basepom settings -->
<!-- use classpath instead of module path when building javadoc -->
<basepom.javadoc.legacy-mode>true</basepom.javadoc.legacy-mode>
<dep.plugin.dependency.outputxml>true</dep.plugin.dependency.outputxml>
<basepom.test.memory>1G</basepom.test.memory>
<basepom.maven.version>3.8.4</basepom.maven.version>
<basepom.check.skip-checkstyle>${basepom.check.skip-extended}</basepom.check.skip-checkstyle>
<basepom.check.checkstyle-severity>warning</basepom.check.checkstyle-severity>
<!-- currently newer than basepom/foundation -->
<dep.pmd.version>7.1.0</dep.pmd.version>
<!-- this should normally be the same as pmd.version unless there's a bug -->
<dep.compat-pmd6.version>${dep.pmd.version}</dep.compat-pmd6.version>
<dep.checkstyle.version>10.16.0</dep.checkstyle.version>
<!-- necessary for intellij to function -->
<project.build.targetJdk>17</project.build.targetJdk>
<maven.compiler.target>${project.build.targetJdk}</maven.compiler.target>
<!-- basepom8 switches to separating, this basically reverts that -->
<project.build.systemJdk>${project.build.targetJdk}</project.build.systemJdk>
<project.build.generated-resources>${basedir}/target/generated-resources</project.build.generated-resources>
<basepom.release.push-changes>true</basepom.release.push-changes>
<basepom.test.timeout>600</basepom.test.timeout>
<basepom.test.fork-count>0.5C</basepom.test.fork-count>
<!-- basepom-oss picks -->
<!-- License checker for OSS deployments. -->
<basepom.check.skip-license>${basepom.check.skip-extended}</basepom.check.skip-license>
<basepom.check.fail-license>${basepom.check.fail-extended}</basepom.check.fail-license>
<!-- Some plugins can run early ("validate") or late ("verify") -->
<basepom.check.phase-license>validate</basepom.check.phase-license> <!-- this is overriding basepom default -->
<basepom.license.skip-existing>true</basepom.license.skip-existing>
<!-- release profiles -->
<basepom.release.profiles>basepom.deploy-release</basepom.release.profiles>
<!-- Maven plugins -->
<dep.plugin.exec.version>3.1.1</dep.plugin.exec.version>
<!-- Plugin versions, ordered like http://maven.apache.org/plugins/ -->
<dep.plugin.gpg.version>3.1.0</dep.plugin.gpg.version>
<!-- https://github.com/mycila/license-maven-plugin/releases -->
<dep.plugin.license.version>4.1</dep.plugin.license.version>
<dep.plugin.echo.version>2.1.0</dep.plugin.echo.version>
<dep.plugin.numbers.version>2.0</dep.plugin.numbers.version>
<dep.plugin.eclipse-lifecycle.version>1.0.0</dep.plugin.eclipse-lifecycle.version>
<dep.plugin.enforcer-extra-rules>1.7.0</dep.plugin.enforcer-extra-rules>
<!--
Findbugs is no longer enabled by default, but the dependencies of findbugs-annotations, etc is still supported
and child poms may reference this value
-->
<dep.findbugs.version>3.0.1</dep.findbugs.version>
<!-- PMD versions - otj-pmdruleset -->
<dep.plugin.pmd.ruleset.version>7.0.1</dep.plugin.pmd.ruleset.version>
<!-- Expose Versions Plugin - our own plugin -->
<dep.plugin.expose-versions-maven-plugin.version>1.6</dep.plugin.expose-versions-maven-plugin.version>
<dep.plugin.expose-versions-maven-plugin.skip>false</dep.plugin.expose-versions-maven-plugin.skip>
<!-- Core Spring Libraries -->
<dep.spring-boot.version>2.7.18</dep.spring-boot.version>
<!-- last SB release had 5.3.31 and reactor 2020.0.38 -->
<!-- reactor-netty also changes netty -->
<dep.spring.version>5.3.39</dep.spring.version>
<dep.reactor.bom>2020.0.47</dep.reactor.bom>
<dep.spring-security.version>5.7.11</dep.spring-security.version>
<!-- it's banned, but we should nudge folks to the later one anyway if they must use -->
<dep.spring-security-oauth2.version>2.5.2.RELEASE</dep.spring-security-oauth2.version>
<!-- logging versions -->
<dep.logback.version>1.2.13</dep.logback.version>
<dep.slf4j.version>1.7.36</dep.slf4j.version>
<dep.otj-test-log-config.version>1.1.2</dep.otj-test-log-config.version>
<dep.otj-otl.version>0.12.1</dep.otj-otl.version>
<dep.scala.version>2.13.12</dep.scala.version>
<!-- validator implementation -->
<dep.validator.version>6.2.5.Final</dep.validator.version>
<!-- Validator API -->
<dep.validator-api.version>2.0.1.Final</dep.validator-api.version>
<!-- Validator EL -->
<dep.el.version>3.0.1-b11</dep.el.version>
<!-- http versions -->
<dep.jetty.version>10.0.20.1</dep.jetty.version>
<dep.jetty-server.version>10.0.20</dep.jetty-server.version>
<!-- manage jetty-reactive-httpclient to not pull in slf4j2 in 1.1.13+ -->
<dep.jetty-reactive-httpclient.version>1.1.12</dep.jetty-reactive-httpclient.version>
<!-- instrumentation versions -->
<!--
NB: There is a related version in otj-metrics for
com.ryantenney.metrics:metrics-spring.
-->
<dep.metrics4.version>4.2.22</dep.metrics4.version>
<!-- library versions -->
<!-- Last javax supporting version - use 3.1.8+ for SBT3 -->
<dep.caffeine.version>3.1.6</dep.caffeine.version>
<dep.aspectjweaver.version>1.9.21</dep.aspectjweaver.version>
<dep.jackson.version>2.13.5</dep.jackson.version>
<dep.gson.version>2.10.1</dep.gson.version>
<dep.kafka.version>3.1.2</dep.kafka.version>
<dep.kafka-clients.version>${dep.kafka.version}</dep.kafka-clients.version>
<dep.snappy.version>1.1.10.5</dep.snappy.version>
<dep.reactive-streams.version>1.0.4</dep.reactive-streams.version>
<dep.jdbi3.version>3.44.0</dep.jdbi3.version>
<dep.flyway.version>9.16.3</dep.flyway.version>
<!-- com.sun.mail:javax -->
<dep.javamail.version>1.6.2</dep.javamail.version>
<!-- com.sun.mail:jakarta.mail -->
<dep.sun-jakarta-mail.version>1.6.7</dep.sun-jakarta-mail.version>
<dep.snakeyaml.version>1.33</dep.snakeyaml.version>
<dep.jna.version>5.14.0</dep.jna.version>
<dep.guava.version>33.0.0-jre</dep.guava.version>
<dep.guava-failure.version>1.0.1</dep.guava-failure.version>
<dep.error-prone.version>2.23.0</dep.error-prone.version>
<dep.hikari.version>5.1.0</dep.hikari.version>
<dep.quartz.version>2.3.2</dep.quartz.version>
<dep.zookeeper.version>3.6.3</dep.zookeeper.version>
<dep.mustache.version>0.9.11</dep.mustache.version>
<!-- DB Drivers -->
<dep.postgres-jdbc.version>42.7.3</dep.postgres-jdbc.version>
<dep.mongo.version>4.11.2</dep.mongo.version>
<dep.mssql-jdbc.version>12.6.1.jre11</dep.mssql-jdbc.version>
<dep.snowflake-jdbc.version>3.15.1</dep.snowflake-jdbc.version>
<!-- Apache HttpClient -->
<dep.apache-httpclient.version>4.5.14</dep.apache-httpclient.version>
<dep.apache-httpcore.version>4.4.16</dep.apache-httpcore.version>
<!-- BouncyCastle -->
<dep.bouncycastle-bcpkix.version>1.78.1</dep.bouncycastle-bcpkix.version>
<dep.bouncycastle-bcxprov.version>1.78.1</dep.bouncycastle-bcxprov.version>
<dep.bouncycastle-bcpkix-legacy.version>1.70</dep.bouncycastle-bcpkix-legacy.version>
<dep.bouncycastle-bcxprov-legacy.version>1.70</dep.bouncycastle-bcxprov-legacy.version>
<ot.build.allow-insecure-bouncycastle>false</ot.build.allow-insecure-bouncycastle>
<!-- Nimbus -->
<dep.nimbus-jose-jwt.version>9.37.3</dep.nimbus-jose-jwt.version>
<!-- Apache Commons -->
<dep.commons-text.version>1.10.0</dep.commons-text.version>
<dep.commons-compress.version>1.26.0</dep.commons-compress.version>
<dep.commons-codec.version>1.16.0</dep.commons-codec.version>
<dep.commons-lang.version>3.14.0</dep.commons-lang.version>
<dep.commons-configuration.version>1.10</dep.commons-configuration.version>
<dep.commons-configuration2.version>2.9.0</dep.commons-configuration2.version>
<dep.commons-collections3.version>3.2.2</dep.commons-collections3.version>
<dep.commons-collections4.version>4.4</dep.commons-collections4.version>
<dep.commons-io.version>2.15.1</dep.commons-io.version>
<dep.commons-beanutils.version>1.9.4</dep.commons-beanutils.version>
<!-- immutables and lombok -->
<dep.lombok.version>1.18.30</dep.lombok.version>
<dep.immutables.version>2.10.0</dep.immutables.version>
<!-- Failsafe -->
<!-- MJB: TODO -->
<dep.failsafe2.version>2.4.4</dep.failsafe2.version>
<dep.failsafe3.version>3.3.2</dep.failsafe3.version>
<!-- byte code gens -->
<dep.javassist.version>3.30.1-GA</dep.javassist.version>
<dep.asm.version>9.6</dep.asm.version>
<dep.bytebuddy.version>1.14.10</dep.bytebuddy.version>
<dep.objenesis.version>3.3</dep.objenesis.version>
<!-- Testing libraries -->
<dep.testcontainers.version>1.19.6</dep.testcontainers.version>
<dep.mockito.version>5.10.0</dep.mockito.version>
<dep.assertj.version>3.25.2</dep.assertj.version>
<dep.junit.version>4.13.2</dep.junit.version>
<!-- Note that the BOM for this doesn't include some transitive dependencies -->
<!-- these are grouped below and must also be updated -->
<dep.junit5.version>5.10.1</dep.junit5.version>
<dep.apiguardian.version>1.1.2</dep.apiguardian.version>
<dep.opentest4j.version>1.3.0</dep.opentest4j.version>
<dep.easymock.version>5.2.0</dep.easymock.version>
<dep.wiremock-jre8-standalone.version>2.35.1</dep.wiremock-jre8-standalone.version>
<dep.bucket4j.version>7.6.0</dep.bucket4j.version>
<dep.hamcrest.version>2.2</dep.hamcrest.version>
<dep.jsr305.version>3.0.2</dep.jsr305.version>
<!-- Some J2ee standards -->
<dep.javax-annotation.version>1.3.2</dep.javax-annotation.version>
<dep.javax.inject.version>1</dep.javax.inject.version>
<dep.servlet-api.version>4.0.1</dep.servlet-api.version>
<!-- Java 9, 10, 11 no longer bundled
Note a pending nightmare:
Some of these are now separated between api and implementation
AND also are changing GAV coordinates.
That will mean we can declare them all here, but
people still often need to pick up the pieces, sigh
-->
<dep.javax-activation.version>1.2.0</dep.javax-activation.version>
<dep.javax-jaxws.version>2.3.1</dep.javax-jaxws.version>
<dep.glassfish-jaxb.version>2.3.9</dep.glassfish-jaxb.version>
<dep.javax-jaxb.version>2.3.1</dep.javax-jaxb.version>
<!-- OTJ Stack -->
<dep.otj-core.version>6.0.0</dep.otj-core.version>
<dep.otj-spring.version>6.0.0</dep.otj-spring.version>
<dep.otj-quartz.version>5.2.1</dep.otj-quartz.version>
<dep.otj-pausedetector.version>5.2.1</dep.otj-pausedetector.version>
<dep.otj-executors.version>6.0.0</dep.otj-executors.version>
<dep.otj-scopes.version>6.0.0</dep.otj-scopes.version>
<dep.otj-jvm.version>6.0.0</dep.otj-jvm.version>
<dep.otj-rest-template.version>7.0.0</dep.otj-rest-template.version>
<dep.otj-webclient.version>7.0.0</dep.otj-webclient.version>
<dep.otj-spring-boot-actuator.version>5.2.6</dep.otj-spring-boot-actuator.version>
<dep.otj-logging.version>6.0.0</dep.otj-logging.version>
<dep.otj-metrics.version>6.0.1</dep.otj-metrics.version>
<dep.otj-server.version>6.0.4</dep.otj-server.version>
<dep.otj-security-mitigation.version>1.0.1</dep.otj-security-mitigation.version>
<dep.discovery.version>1.4.3</dep.discovery.version>
<dep.otj-kafka.version>5.2.12</dep.otj-kafka.version>
<dep.otj-jackson.version>5.2.3</dep.otj-jackson.version>
<dep.otj-conservedheaders.version>6.0.1</dep.otj-conservedheaders.version>
<dep.otj-spring-profiles.version>5.2.1</dep.otj-spring-profiles.version>
<dep.otj-f5.version>1.0.6</dep.otj-f5.version>
<dep.otj-filterorder.version>5.2.1</dep.otj-filterorder.version>
<dep.otj-versioned-config.version>4.0.6</dep.otj-versioned-config.version>
<dep.jgit.version>6.7.0.202309050840-r</dep.jgit.version>
<dep.otj-sql.version>5.2.3</dep.otj-sql.version>
<dep.otj-mongo.version>5.3.2</dep.otj-mongo.version>
<dep.otj-credentials.version>2.0.11</dep.otj-credentials.version>
<dep.otj-pgembedded.version>1.0.3</dep.otj-pgembedded.version>
<dep.otj-httpheaders.version>6.0.0</dep.otj-httpheaders.version>
<dep.otj-http-common.version>6.0.1</dep.otj-http-common.version>
<!-- In case we need to issue a test or one off of these, default to otj-credentials version but allow override -->
<dep.otj-credentials-mongo.version>${dep.otj-credentials.version}</dep.otj-credentials-mongo.version>
<dep.otj-credentials-sql.version>${dep.otj-credentials.version}</dep.otj-credentials-sql.version>
<dep.otj-credentials-redis.version>${dep.otj-credentials.version}</dep.otj-credentials-redis.version>
<dep.otj-credentials-snowflake.version>${dep.otj-credentials.version}</dep.otj-credentials-snowflake.version>
<dep.otj-service-security.version>6.0.1</dep.otj-service-security.version>
<!-- In case we need to change one of these, default to otj-service-security version but allow override -->
<dep.otj-service-security-api.version>${dep.otj-service-security.version}</dep.otj-service-security-api.version>
<dep.otj-service-security-claims-provider.version>${dep.otj-service-security.version}</dep.otj-service-security-claims-provider.version>
<dep.otj-service-security-reactive.version>${dep.otj-service-security.version}</dep.otj-service-security-reactive.version>
<dep.otj-service-security-servlet.version>${dep.otj-service-security.version}</dep.otj-service-security-servlet.version>
<!-- REDiS related -->
<dep.otj-lettuce.version>1.0.13</dep.otj-lettuce.version>
<dep.io.lettuce-core.version>6.1.10.RELEASE</dep.io.lettuce-core.version>
<!-- eda -->
<dep.eda-client.version>3.2.16</dep.eda-client.version>
<dep.eda-base.version>2.0.2</dep.eda-base.version>
<!-- spring-kafka -->
<dep.spring-kafka.version>2.8.11</dep.spring-kafka.version>
<!-- clients maintained by arch team -->
<!-- 0.24.0 was last JAXRS version -->
<dep.abtest-client.version>0.30.112</dep.abtest-client.version>
<!-- 0.0.13 was last JAXRS version -->
<dep.otj-eventsender.version>1.0.6</dep.otj-eventsender.version>
<!-- 0.2.10 was last JAXRS version -->
<dep.otj-statspage.version>1.0.1</dep.otj-statspage.version>
<!-- Conditional bans (Maven Enforcer) -->
<ot.build.allow-flapdoodle>false</ot.build.allow-flapdoodle>
<ot.build.allow-spring>true</ot.build.allow-spring>
<ot.build.allow-guice>false</ot.build.allow-guice>
<ot.build.allow-jaxrs>false</ot.build.allow-jaxrs>
<ot.build.allow-joda-time>false</ot.build.allow-joda-time>
<!-- https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 -->
<ot.build.allow-codehaus-jackson>false</ot.build.allow-codehaus-jackson>
<ot.build.allow-jersey>false</ot.build.allow-jersey>
<ot.build.allow-apache-httpclient>true</ot.build.allow-apache-httpclient>
<ot.build.allow-spring-security-oauth2>false</ot.build.allow-spring-security-oauth2>
<ot.build.allow-jetty9>false</ot.build.allow-jetty9>
<!-- hic sunt dracones -->
<ot.build.allow-circular-dependencies>false</ot.build.allow-circular-dependencies>
<!-- enable otpl to be used in sub-directories -->
<otpl.project.dir>${basedir}</otpl.project.dir>
<!-- Allow to override the executable -->
<otpl.executable>otpl-package-docker</otpl.executable>
<!-- Allow to override the docker repo -->
<otpl.docker.repo>${project.artifactId}</otpl.docker.repo>
<!-- allow to override docker TAG -->
<otpl.docker.tag>${project.build.finalName}</otpl.docker.tag>
<!-- Docker container should run as root, but can be overridden -->
<otpl.docker.uid>0</otpl.docker.uid>
<dep.netty.version>4.1.112.Final</dep.netty.version>
</properties>
<build>
<!-- Make the artifacts contain the build number for snapshot builds. -->
<finalName>${ot.build.name}</finalName>
<resources>
<resource>
<directory>${basedir}/src/main/resources</directory>
</resource>
<resource>
<directory>${basedir}/src/main/java</directory>
<excludes>
<exclude>**/*.java</exclude>
</excludes>
</resource>
<resource>
<directory>${project.build.generated-resources}</directory>
</resource>
</resources>
<testResources>
<testResource>
<directory>${basedir}/src/test/resources</directory>
</testResource>
<testResource>
<directory>${basedir}/src/test/java</directory>
<excludes>
<exclude>**/*.java</exclude>
</excludes>
</testResource>
</testResources>
<pluginManagement>
<plugins>
<!-- this exists because of a weird dependency issue in the dependency-version-checker. Although excluded, conflicts with slf4j occur
the syntax is awkward since it must be repeated for each version of slf4j
-->
<plugin>
<groupId>org.basepom.maven</groupId>
<artifactId>dependency-versions-check-maven-plugin</artifactId>
<configuration>
<exceptions>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.0</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.1</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.2</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.3</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.4</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.5</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.6</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.7</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.8</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.0.9</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.1.0</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.1.1</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.1.2</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
<exception>
<dependency>org.slf4j:slf4j-api</dependency>
<expected>2.1.3</expected>
<resolved>${dep.slf4j.version}</resolved>
</exception>
</exceptions>
<resolvers>
<resolver>
<!--
The "dependency-versions-check-maven-plugin" not ignoring excluded dependencies in some cases. As a workaround,
we are turning on APR for jetty, so minor versions are compatible. We can drop this when we sync jetty with SBT.
-->
<strategy>apr</strategy>
<includes>
<include>org.eclipse.jetty:jetty-server</include>
<include>org.eclipse.jetty:jetty-util</include>
<include>org.eclipse.jetty:jetty-http</include>
</includes>
</resolver>
</resolvers>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${dep.spring-boot.version}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${dep.plugin.dependency.version}</version>
<configuration>
<!-- MDEP-791 -->
<ignoredNonTestScopedDependencies>
<ignoredNonTestScopedDependency>*</ignoredNonTestScopedDependency>
</ignoredNonTestScopedDependencies>
<outputXML>${dep.plugin.dependency.outputxml}</outputXML>
</configuration>
</plugin>
<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
<plugin>
<groupId>org.eclipse.m2e</groupId>
<artifactId>lifecycle-mapping</artifactId>
<version>${dep.plugin.eclipse-lifecycle.version}</version>
<configuration>
<lifecycleMappingMetadata>
<pluginExecutions combine.children="append">
<pluginExecution>
<pluginExecutionFilter>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<versionRange>[0,)</versionRange>
<goals>
<goal>enforce</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
<pluginExecution>
<pluginExecutionFilter>
<groupId>com.nesscomputing.mojo</groupId>
<artifactId>numbers-maven-plugin</artifactId>
<versionRange>[0,)</versionRange>
<goals>
<goal>get</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
<pluginExecution>
<pluginExecutionFilter>
<groupId>pl.project13.maven</groupId>
<artifactId>git-commit-id-plugin</artifactId>
<versionRange>[0,)</versionRange>
<goals>
<goal>revision</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
<pluginExecution>
<pluginExecutionFilter>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<versionRange>[0,)</versionRange>
<goals>
<goal>analyze-dep-mgt</goal>
<goal>analyze-duplicate</goal>
<goal>analyze-only</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
<pluginExecution>
<pluginExecutionFilter>
<groupId>com.ning.maven.plugins</groupId>
<artifactId>maven-duplicate-finder-plugin</artifactId>
<versionRange>[0,)</versionRange>
<goals>
<goal>check</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
</pluginExecutions>
</lifecycleMappingMetadata>
</configuration>
</plugin>
<!--
MAVEN-ENFORCER-PLUGIN (The Loving Iron Fist of Mavenâ„¢)
Global banhammer
Why? These artifacts are considered hazardous to your health. Each has its own rationale,
descibed below inline.
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>${dep.plugin.enforcer.version}</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>${dep.plugin.enforcer-extra-rules}</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>basepom.default</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${basepom.check.skip-enforcer}</skip>
<fail>${basepom.check.fail-enforcer}</fail>
<rules>
<bannedDependencies>
<!-- Now here is an arcane trick. See http://www.sonatype.com/people/2007/06/how-to-merge-sub-items-from-parent-pom-to-child-pom-in-a-maven-plugin-configuration-2/ for details... -->
<excludes combine.children="append">
<!-- c3p0 is old, outdated, and hikari is better. It now has a serious CVE as of 2019 -->
<exclude>com.mchange:c3p0</exclude>
<!-- clashes with commons-logging:commons-logging -->
<exclude>commons-logging:commons-logging-api</exclude>
<!-- replaced by org.apache.httpcomponents -->
<exclude>commons-httpclient</exclude>
<!-- logback implements slf4j directly. No need for slf4j -->
<exclude>org.slf4j:slf4j</exclude>
<!-- slf4j-simple only allowed for tests -->
<exclude>org.slf4j:slf4j-simple:*:*:compile</exclude>
<!-- We don't use log4j, use log4j-over-slf4j instead -->
<exclude>org.slf4j:slf4j-log4j12</exclude>
<!-- junit-dep used to avoid a classless repackaging, but it is now obsoleted -->
<exclude>junit:junit-dep</exclude>
<!-- No Ness components, port them over. -->
<exclude>ness.components:*</exclude>
<exclude>com.nesscomputing.components:*</exclude>
<exclude>com.nesscomputing.testing:*</exclude>
<!-- Trumpet was the code-name for Ness, don't allow that to creep in. -->
<exclude>io.trumpet.components:*</exclude>
<!-- use Spring JMX instead -->
<exclude>org.weakref:jmxutils</exclude>
<!-- only the jsr305 jar is allowed, for @SuppressWarnings use findbugs-annotations -->
<exclude>com.google.code.findbugs:annotations</exclude>
<exclude>net.jcip:jcip-annotations</exclude>
<!-- replaced with org.kitei.testing:kitei-lessio -->
<exclude>ness.kawala:*</exclude>
<exclude>com.nesscomputing.testing:testing-lessio</exclude>
<!-- OpenTable transitional bans -->
<exclude>log4j:log4j</exclude>
<exclude>commons-logging:commons-logging</exclude>
<exclude>org.jboss.resteasy:jaxrs-api</exclude>
<exclude>org.jboss.spec.javax.annotation:*</exclude>
<exclude>javax.annotation:jsr250-api</exclude>
<exclude>com.opentable.components:otj-tracking</exclude>
<exclude>com.opentable.components:otj-server-templates</exclude>
<exclude>com.opentable.components:otj-config</exclude>
<exclude>com.opentable.components:otj-lifecycle</exclude>
<exclude>com.opentable.components:otj-jaxrs</exclude>
<exclude>com.opentable.components:otj-metrics:(,0.7.0)</exclude>
<exclude>com.opentable.components:otj-requestid</exclude>
<exclude>com.opentable.components:otj-httpclient</exclude>
<!-- Spring killed these. die die die -->
<exclude>com.opentable.components:otj-config</exclude>
<exclude>com.opentable.components:otj-httpserver</exclude>
<exclude>com.opentable.components:otj-integration-testing</exclude>
<exclude>com.opentable.components:otj-jmx</exclude>
<exclude>com.opentable.components:otj-lifecycle</exclude>
<exclude>com.opentable.components:otj-migratory</exclude>
<exclude>com.opentable.components:otj-serverinfo</exclude>
<exclude>com.opentable.components:otj-service-packaging</exclude>
<exclude>com.opentable.components:otj-tinyhttp</exclude>
<exclude>com.opentable.components:otj-uuid</exclude>
<exclude>org.springframework:spring-jcl</exclude>
<!-- Shitty repackaged versions, use the real ones -->
<exclude>org.jboss.spec.javax.ws.rs</exclude>
<exclude>org.jboss.spec.javax.annotation</exclude>
<exclude>org.jboss.spec.javax.xml.bind</exclude>
<exclude>org.jboss.spec.javax.servlet</exclude>
<!-- Exclude jetty-servlet-api to not conflict with javax.servlet-api-->
<exclude>org.eclipse.jetty.toolchain:jetty-servlet-api</exclude>
<!-- Exclude alternate versions of wiremock allow onlystandalone -->
<exclude>com.github.tomakehurst:wiremock</exclude>
<exclude>com.github.tomakehurst:wiremock-jre8</exclude>
</excludes>
</bannedDependencies>
<requireFilesDontExist>
<files>
<file>${basedir}/src/main/resources/log4j.xml</file>
<file>${basedir}/src/test/resources/log4j.xml</file>
</files>
</requireFilesDontExist>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of joda-time, supplanted by JSR310 time in Java 8 -->
<execution>
<id>ban-joda-time</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-joda-time}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>joda-time:joda-time</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Spring Security OAuth2 is no longer supported with Spring Security 5 -->
<execution>
<id>ban-spring-security-oauth2</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-spring-security-oauth2}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>org.springframework.security.oauth:spring-security-oauth2</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- flapdoodle -->
<execution>
<id>ban-flapdoodle</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-flapdoodle}</skip>
<rules>
<bannedDependencies combine.children="append">
<message>
flapdoodle usage is no longer recommended, because it is poorly maintained
and has cross architecture support problems.
Replacements have been released for otj-mongo and other libraries using this.
Use ot.build.allow-flapdoodle to suppress this error.
</message>
<excludes combine.children="append">
<exclude>
de.flapdoodle.embed:de.flapdoodle.embed.process
</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of old org.codehaus.jackson artifacts -->
<execution>
<id>ban-codehaus-jackson</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-codehaus-jackson}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>org.codehaus.jackson:*</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of Spring, for writing modules which are DI-independent -->
<execution>
<id>ban-spring</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-spring}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>org.springframework</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of Guice, for writing modules which are DI-independent -->
<execution>
<id>ban-guice</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-guice}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>com.google.inject</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Ban JAXRS/Resteasy -->
<execution>
<id>ban-jaxrs</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-jaxrs}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>org.jboss.resteasy</exclude>
<exclude>com.opentable.components:otj-jaxrs</exclude>
<exclude>com.opentable.components:otj-jaxrs-shared</exclude>
<exclude>com.opentable.components:otj-jaxrs-client</exclude>
<exclude>com.opentable.components:otj-jaxrs-clientfactory-resteasy</exclude>
<exclude>com.opentable.components:otj-jaxrs-clientfactory-jersey</exclude>
<exclude>com.opentable.components:otj-server-jaxrs</exclude>
<exclude>com.opentable.components:otj-conservedheaders-jaxrs</exclude>
<exclude>com.opentable.components:otj-metrics-jaxrs</exclude>
<exclude>javax.ws.rs:javax.ws.rs-api</exclude>
<exclude>jakarta.ws.rs:jakarta.ws.rs-api</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<execution>
<id>ban-jetty9</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-jetty9}</skip>
<rules>
<bannedDependencies combine.children="append">
<message>Jetty 9 is only supported in Spring Boot 2.6 and prior. It is EOL and insecure.</message>
<excludes combine.children="append">
<exclude>org.eclipse.jetty:jetty-alpn-openjdk8-client</exclude>
<exclude>org.eclipse.jetty:jetty-alpn-openjdk8-server</exclude>
<exclude>org.eclipse.jetty:jetty-continuation</exclude>
<exclude>org.eclipse.jetty:jetty-distribution</exclude>
<exclude>org.eclipse.jetty:jetty-unixsocket</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-server</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-common</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-client</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-api</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-server-impl</exclude>
<exclude>org.eclipse.jetty.websocket:javax-websocket-client-impl</exclude>
<exclude>org.eclipse.jetty.websocket:websocket-api</exclude>
<exclude>io.dropwizard.metrics:metrics-jetty9</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Ban log4j-core -->
<execution>
<id>ban-log4j-core</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>false</skip>
<rules>
<bannedDependencies combine.children="append">
<message>The log4shell vulnerability - banning all log4j-core</message>
<excludes combine.children="append">
<exclude>org.apache.logging.log4j:log4j-core</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<execution>
<id>ban-insecure-bouncycastle</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-insecure-bouncycastle}</skip>
<rules>
<bannedDependencies combine.children="append">
<message>Bouncycastle artifacts ending in -jdk15on are banned due to known cves. Migrate to corresponding artifacts ending in -jdk18on.</message>
<excludes combine.children="append">
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bcprov-jdk15on</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of Jersey, which we replaced with RESTeasy but
some external components still use
-->
<execution>
<id>ban-jersey</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-jersey}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>com.sun.jersey:jersey-core</exclude>
<exclude>org.glassfish.jersey.core:jersey-common</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Allow optional banning of Apache HttpClient, for migrating to Jetty HttpClient -->
<execution>
<id>ban-apache-httpclient</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-apache-httpclient}</skip>
<rules>
<bannedDependencies combine.children="append">
<excludes combine.children="append">
<exclude>org.apache.httpcomponents</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
<!-- Ban circular dependencies by default, as they are generally a design smell -->
<execution>
<id>ban-circular-dependencies</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<skip>${ot.build.allow-circular-dependencies}</skip>
<rules>
<banCircularDependencies />
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs combine.children="append">
<arg>-parameters</arg>
</compilerArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${dep.plugin.surefire.version}</version>
<configuration>
<!-- Make sure we run all tests including those that do not have 'Test' in the name
(default includes *Test and Test* only) -->
<includes>
<include>**/*.java</include>
</includes>
<!-- And static nested classes ('$' in the name excluded by default) -->
<excludes>
<exclude />
</excludes>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
</configuration>
</plugin>
<plugin>
<groupId>com.nesscomputing.mojo</groupId>
<artifactId>numbers-maven-plugin</artifactId>
<version>${dep.plugin.numbers.version}</version>
<executions>
<execution>
<id>default-validate</id>
<phase>validate</phase>
<goals>
<goal>get</goal>
</goals>
</execution>
</executions>
<configuration>
<activeGroups>
<activeGroup>snapshot</activeGroup>
<activeGroup>release</activeGroup>
</activeGroups>
<propertyGroups>
<propertyGroup>
<id>snapshot</id>
<!-- This group is used for the snapshot builds.
It generates artifact names with a date
-->
<activeOnRelease>false</activeOnRelease>
<onMissingProperty>ignore</onMissingProperty>
<properties>
<property>
<name>ot.build.name</name>
<value>${project.artifactId}-${project.version}-#{ot.build.timestamp}_${user.name}</value>
</property>
<property>
<name>ot.build.number</name>
<value>#{ot.build.timestamp}_${user.name}</value>
</property>
</properties>
</propertyGroup>
<propertyGroup>
<id>release</id>
<!-- This group is used for the release builds.
It generates normal artifact names
-->
<activeOnSnapshot>false</activeOnSnapshot>
<properties>
<property>
<name>ot.build.name</name>
<value>${project.artifactId}-${project.version}</value>
</property>
<property>
<name>ot.build.number</name>
<value>release_${user.name}</value>
</property>
</properties>
</propertyGroup>
</propertyGroups>
<dates>
<date>
<export>true</export>
<id>ot.build.timestamp</id>
<format>yyyyMMdd_HHmmss</format>
<timezone>UTC</timezone>
</date>
</dates>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<linkXRef>false</linkXRef>
<verbose>true</verbose>
<rulesets>
<ruleset>otj-pmd-rulesets/ot-pmd.xml</ruleset>
</rulesets>
<excludeRoots>
<excludeRoot>target/generated-sources</excludeRoot>
</excludeRoots>
</configuration>
<dependencies>
<!--
Note added for hacking past pmd plugin issues
These should be removed asap once full PMD 7
exists.
See https://github.com/pmd/pmd/discussions/4478
-->
<!-- order is critical - this one must be first -->
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-compat6</artifactId>
<version>${dep.compat-pmd6.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId>
<version>${dep.pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
<version>${dep.pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-javascript</artifactId>
<version>${dep.pmd.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-jsp</artifactId>
<version>${dep.pmd.version}</version>
</dependency>
<!-- end pmd 7 hack -->
<dependency>
<groupId>com.opentable</groupId>
<artifactId>otj-pmd-rulesets</artifactId>
<version>${dep.plugin.pmd.ruleset.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.basepom.maven</groupId>
<artifactId>duplicate-finder-maven-plugin</artifactId>
<configuration combine.children="append">
<!--
To deal with the Jakarta EE maven GAV rewrites, we
aren't initially forcing people to change their POMS.
In Jakarta EE 8, the GAV changes, but the package namespace is the same.
We are banking on conflicts being small, and handleable.
In Jakarta EE 9 the GAV changes, AND the package namespace changes. At that
point we can leave frozen javax deps and just have people use it.
Approach is therefore
1. We don't fail if equal content, only if differing.
2. We will mark special changes in this POM above as JAKARTAGAV
3. We have made some special exceptions before and note them
-->
<!-- this is ignore the duplicates found in wiremock and slf4j/jsr305 -->
<!-- <checkTestClasspath>true</checkTestClasspath> doesn't seem to work -->
<failBuildInCaseOfDifferentContentConflict>true</failBuildInCaseOfDifferentContentConflict>
<failBuildInCaseOfEqualContentConflict>false</failBuildInCaseOfEqualContentConflict>
<failBuildInCaseOfConflict>false</failBuildInCaseOfConflict>
<ignoredClassPatterns>
<ignoredClassPattern>^.*META-INF\.versions\.9\.module-info$</ignoredClassPattern>
</ignoredClassPatterns>
<ignoredDependencies combine.children="append">
<!-- This existed before, and is due to the careless packaging of apache -->
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<classifier>test</classifier>
</dependency>
</ignoredDependencies>
<exceptions>
<!-- wiremock-jre8-standalone standalone -->
<exception>
<conflictingDependencies>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>${dep.jsr305.version}</version>
</dependency>
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8-standalone</artifactId>
<version>${dep.wiremock-jre8-standalone.version}</version>
</dependency>
</conflictingDependencies>
<classes> <!-- wiremock-jre8-standalone -->
<class>javax.annotation.CheckForNull</class>
<class>javax.annotation.CheckForSigned</class>
<class>javax.annotation.CheckReturnValue</class>
<class>javax.annotation.Detainted</class>
<class>javax.annotation.MatchesPattern</class>
<class>javax.annotation.Nonnegative</class>
<class>javax.annotation.Nonnull</class>
<class>javax.annotation.Nullable</class>
<class>javax.annotation.OverridingMethodsMustInvokeSuper</class>
<class>javax.annotation.ParametersAreNonnullByDefault</class>
<class>javax.annotation.ParametersAreNullableByDefault</class>
<class>javax.annotation.PropertyKey</class>
<class>javax.annotation.RegEx</class>
<class>javax.annotation.Signed</class>
<class>javax.annotation.Syntax</class>
<class>javax.annotation.Tainted</class>
<class>javax.annotation.Untainted</class>
<class>javax.annotation.WillClose</class>
<class>javax.annotation.WillCloseWhenClosed</class>
<class>javax.annotation.WillNotClose</class>
<class>javax.annotation.concurrent.GuardedBy</class>
<class>javax.annotation.concurrent.Immutable</class>
<class>javax.annotation.concurrent.NotThreadSafe</class>
<class>javax.annotation.concurrent.ThreadSafe</class>
<class>javax.annotation.meta.Exclusive</class>
<class>javax.annotation.meta.Exhaustive</class>
<class>javax.annotation.meta.TypeQualifier</class>
<class>javax.annotation.meta.TypeQualifierDefault</class>
<class>javax.annotation.meta.TypeQualifierNickname</class>
<class>javax.annotation.meta.TypeQualifierValidator</class>
<class>javax.annotation.meta.When</class>
</classes>
</exception>
<exception>
<conflictingDependencies>
<!-- wiremock and slf4j conflicts-->
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging-kafka</artifactId>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
</dependency>
</conflictingDependencies>
<resources>
<resource>kafka/kafka-version.properties</resource>
</resources>
</exception>
<exception>
<conflictingDependencies>
<!-- These existed before and keep from complaining about mixed kafka versions for logging etc -->
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging-kafka</artifactId>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
</dependency>
</conflictingDependencies>
<resources>
<resource>kafka/kafka-version.properties</resource>
</resources>
</exception>
<!--JAKARTAGAV exceptions - all new for Spring 5.2 -->
<exception>
<conflictingDependencies>
<!-- jaxb 2.3.1 was the last javax release, we are hoping for compatible in jakarta -->
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<!-- dmitry - changed to 2.3.3 from 2.3.2, as that's what ships with current spring boot -->
<!-- JAKARTAGAV: Must track as upgrades occur -->
<version>2.3.3</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
</conflictingDependencies>
</exception>
<exception>
<conflictingDependencies>
<!-- Discuss with dmitry - apparently some conflicts here between javax 2.0.1 (final) and others) -->
<!-- Also why can't the version of javax be pinned -->
<dependency>
<groupId>jakarta.validation</groupId>
<artifactId>jakarta.validation-api</artifactId>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</dependency>
</conflictingDependencies>
</exception>
<exception>
<!-- This has always been a mess -->
<!-- MJB: Added com.sun.activation -->
<conflictingDependencies>
<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>jakarta.activation</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>jakarta.activation</groupId>
<artifactId>jakarta.activation-api</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
</conflictingDependencies>
</exception>
<exception>
<conflictingDependencies>
<!-- Ask dmitry for more details where this occurred -->
<dependency>
<groupId>org.glassfish.hk2.external</groupId>
<artifactId>jakarta.inject</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
</conflictingDependencies>
</exception>
<exception>
<conflictingDependencies>
<!-- JAKARTA GAV - again -->
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
<version>2.1.6</version>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.1.1</version>
</dependency>
</conflictingDependencies>
</exception>
<!--JAKARTAGAV exceptions-->
<!--Kafka streams-->
<!-- Ask dmitry what occurred here - this doesn't appear to be jakarta related -->
<exception>
<conflictingDependencies>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-streams-test-utils</artifactId>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-streams</artifactId>
</dependency>
</conflictingDependencies>
</exception>
<!--Kafka streams-->
</exceptions>
</configuration>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<!-- Provide a build number -->
<plugin>
<groupId>com.nesscomputing.mojo</groupId>
<artifactId>numbers-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.opentable</groupId>
<artifactId>expose-versions-maven-plugin</artifactId>
<version>${dep.plugin.expose-versions-maven-plugin.version}</version>
<executions>
<execution>
<phase>generate-resources</phase>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
<configuration>
<serviceSignalProperty>ot.mainclass</serviceSignalProperty>
<frameworkGroupId>com.opentable</frameworkGroupId>
<frameworkArtifactId>otj-parent-spring</frameworkArtifactId>
<frameworkPropertyName>otj.parent.pom.version</frameworkPropertyName>
<frameworkVersionFileName>otj-version</frameworkVersionFileName>
<skip>${dep.plugin.expose-versions-maven-plugin.skip}</skip>
</configuration>
</plugin>
</plugins>
</build>
<!-- Note: This pulls in slf4j jcl adapter and api by default in ALL child POMS -->
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<scope>runtime</scope>
</dependency>
</dependencies>
<!-- Contains a number of "global" dependencies that should never change across our code base. -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>${dep.spring-security-oauth2.version}</version>
</dependency>
<!-- OT module dependencies -->
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-core</artifactId>
<version>${dep.otj-core.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-spring</artifactId>
<version>${dep.otj-spring.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-quartz</artifactId>
<version>${dep.otj-quartz.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-pausedetector</artifactId>
<version>${dep.otj-pausedetector.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-f5</artifactId>
<version>${dep.otj-f5.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-filterorder</artifactId>
<version>${dep.otj-filterorder.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-versioned-config</artifactId>
<version>${dep.otj-versioned-config.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
<version>${dep.jgit.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.logging</groupId>
<artifactId>otj-otl</artifactId>
<version>${dep.otj-otl.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging</artifactId>
<version>${dep.otj-logging.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging-bucket</artifactId>
<version>${dep.otj-logging.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging-kafka</artifactId>
<version>${dep.otj-logging.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-logging-jetty</artifactId>
<version>${dep.otj-logging.version}</version>
<exclusions>
<exclusion>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-spring-boot-actuator</artifactId>
<version>${dep.otj-spring-boot-actuator.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-client</artifactId>
<version>${dep.otj-credentials.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-client</artifactId>
<version>${dep.otj-credentials.version}</version>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-sql</artifactId>
<version>${dep.otj-credentials-sql.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-sql-snowflake</artifactId>
<version>${dep.otj-credentials-snowflake.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-redis</artifactId>
<version>${dep.otj-credentials-redis.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-mongo</artifactId>
<version>${dep.otj-credentials-mongo.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.credentials</groupId>
<artifactId>otj-credentials-bootstrap</artifactId>
<version>${dep.otj-credentials.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-executors</artifactId>
<version>${dep.otj-executors.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-eventsender</artifactId>
<version>${dep.otj-eventsender.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-stats-page</artifactId>
<version>${dep.otj-statspage.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-conservedheaders</artifactId>
<version>${dep.otj-conservedheaders.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-conservedheaders-core</artifactId>
<version>${dep.otj-conservedheaders.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-conservedheaders-reactive</artifactId>
<version>${dep.otj-conservedheaders.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-spring-profiles</artifactId>
<version>${dep.otj-spring-profiles.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-scopes</artifactId>
<version>${dep.otj-scopes.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-security-mitigation</artifactId>
<version>${dep.otj-security-mitigation.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-rest-template</artifactId>
<version>${dep.otj-rest-template.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-rest-template-boot</artifactId>
<version>${dep.otj-rest-template.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-webclient</artifactId>
<version>${dep.otj-webclient.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-jackson</artifactId>
<version>${dep.otj-jackson.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-metrics</artifactId>
<version>${dep.otj-metrics.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-metrics-core</artifactId>
<version>${dep.otj-metrics.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-metrics-mvc</artifactId>
<version>${dep.otj-metrics.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-metrics-reactive</artifactId>
<version>${dep.otj-metrics.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-metrics-actuator</artifactId>
<version>${dep.otj-metrics.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-kafka</artifactId>
<version>${dep.otj-kafka.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-kafka-streams</artifactId>
<version>${dep.otj-kafka.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-kafka-tests</artifactId>
<version>${dep.otj-kafka.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-kafka-spring</artifactId>
<version>${dep.otj-kafka.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-mongo-core</artifactId>
<version>${dep.otj-mongo.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-mongo-sync</artifactId>
<version>${dep.otj-mongo.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-mongo-reactive</artifactId>
<version>${dep.otj-mongo.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-mongo-embed</artifactId>
<version>${dep.otj-mongo.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-mongo-embed</artifactId>
<version>${dep.otj-mongo.version}</version>
<classifier>tests</classifier>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-server</artifactId>
<version>${dep.otj-server.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-server-core</artifactId>
<version>${dep.otj-server.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-server-mvc</artifactId>
<version>${dep.otj-server.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-server-reactive</artifactId>
<version>${dep.otj-server.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-server-core</artifactId>
<version>${dep.otj-server.version}</version>
<classifier>tests</classifier>
</dependency>
<!-- Service security -->
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-service-security-api</artifactId>
<version>${dep.otj-service-security-api.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-service-security-claims-provider</artifactId>
<version>${dep.otj-service-security-claims-provider.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-service-security-reactive</artifactId>
<version>${dep.otj-service-security-reactive.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-service-security-servlet</artifactId>
<version>${dep.otj-service-security-servlet.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-jvm</artifactId>
<version>${dep.otj-jvm.version}</version>
</dependency>
<!-- EDA -->
<dependency>
<groupId>com.opentable</groupId>
<artifactId>ot-messaging-client</artifactId>
<version>${dep.eda-client.version}</version>
</dependency>
<dependency>
<groupId>com.opentable</groupId>
<artifactId>ot-messaging-client</artifactId>
<type>test-jar</type>
<version>${dep.eda-client.version}</version>
</dependency>
<dependency>
<groupId>com.opentable</groupId>
<artifactId>ot-messaging-base</artifactId>
<version>${dep.eda-base.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-pg-embedded</artifactId>
<version>${dep.otj-pgembedded.version}</version>
<exclusions>
<exclusion>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.opentable</groupId>
<artifactId>otj-httpheaders</artifactId>
<version>${dep.otj-httpheaders.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-http-common</artifactId>
<version>${dep.otj-http-common.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.service.discovery</groupId>
<artifactId>discovery-client</artifactId>
<version>${dep.discovery.version}</version>
</dependency>
<!-- testcontainers and modules -->
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers-bom</artifactId>
<version>${dep.testcontainers.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>${dep.jna.version}</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna-platform</artifactId>
<version>${dep.jna.version}</version>
</dependency>
<!-- SnakeYml -->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${dep.snakeyaml.version}</version>
</dependency>
<!-- ABtest client -->
<dependency>
<groupId>com.opentable.service.abtest</groupId>
<artifactId>abtest-client</artifactId>
<version>${dep.abtest-client.version}</version>
</dependency>
<!-- gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${dep.gson.version}</version>
</dependency>
<!-- jackson -->
<!-- Core BOM to manage dependencies -->
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${dep.jackson.version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!-- Jetty BOM -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-bom</artifactId>
<version>${dep.jetty.version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${dep.jetty-server.version}</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.jetty.orbit</groupId>
<artifactId>javax.servlet</artifactId>
</exclusion>
<exclusion>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-servlet-api</artifactId>
</exclusion>
<!-- slf4j 2.0 -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Junit 5 bom -->
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
<version>${dep.junit5.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.apiguardian</groupId>
<artifactId>apiguardian-api</artifactId>
<version>${dep.apiguardian.version}</version>
</dependency>
<dependency>
<groupId>org.opentest4j</groupId>
<artifactId>opentest4j</artifactId>
<version>${dep.opentest4j.version}</version>
</dependency>
<!-- Manages netty-bom version. It's constantly a moving target to keep this, spring, spring boot, and others happy, so we manage it outselves -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>${dep.netty.version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<!-- The above dependencies such as jetty, netty, junit are listed BEFORE spring/spring boot -->
<!-- This is DELIBERATE as that makes them higher priority and conflicts will be resolved in their favor -->
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-bom</artifactId>
<version>${dep.reactor.bom}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Spring -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${dep.spring-security.version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${dep.spring.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${dep.spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- exclude old bouncy castle to avoid conflicts. They will have to manually include
normally not much of an issue since service-security or otj-credentials bring
in, but could lead to some classdefnotfound
-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>${dep.spring-security.version}</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- These will never go beyond 1.70. Future updates are in bcpkix-jdk18on above -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>${dep.bouncycastle-bcpkix-legacy.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${dep.bouncycastle-bcxprov-legacy.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-reactive-httpclient</artifactId>
<version>${dep.jetty-reactive-httpclient.version}</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${dep.spring.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jcl</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${dep.spring.version}</version>
<exclusions>
<exclusion>
<groupId>com.ibm.websphere</groupId>
<artifactId>uow</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Immutables -->
<dependency>
<groupId>org.immutables</groupId>
<artifactId>bom</artifactId>
<version>${dep.immutables.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- Lombok -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${dep.lombok.version}</version>
</dependency>
<!-- javassist - mostly deprecated library for hibernate -->
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>${dep.javassist.version}</version>
</dependency>
<!-- caffeine -->
<dependency>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
<version>${dep.caffeine.version}</version>
</dependency>
<!-- Guava -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${dep.guava.version}</version>
<exclusions>
<exclusion>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>failureaccess</artifactId>
<version>${dep.guava-failure.version}</version>
</dependency>
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>${dep.error-prone.version}</version>
</dependency>
<!-- Bean Validation -->
<!-- The validation API itself -->
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>${dep.validator-api.version}</version>
</dependency>
<!--
Implementation of BV API
Hibernate changed the maven groupId in Hibernate 6 (not even the first release).
We double maintain for the foreseeable future.
-->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${dep.validator.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${dep.validator.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator-annotation-processor</artifactId>
<version>${dep.validator.version}</version>
</dependency>
<!-- "unified EL" as opposed to "spring EL". -->
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.el</artifactId>
<version>${dep.el.version}</version>
</dependency>
<!-- Kafka -->
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-streams-test-utils</artifactId>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka_2.13</artifactId>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka_2.13</artifactId>
<classifier>test</classifier>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${dep.kafka-clients.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${dep.kafka.version}</version>
<classifier>test</classifier>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-streams</artifactId>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>connect-api</artifactId>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>connect-json</artifactId>
<version>${dep.kafka.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.xerial.snappy</groupId>
<artifactId>snappy-java</artifactId>
<version>${dep.snappy.version}</version>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>${dep.scala.version}</version>
</dependency>
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
<version>${dep.hikari.version}</version>
<exclusions>
<!-- slf4j 2.0 -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
<version>${dep.spring-boot.version}</version>
<!-- slf4j 2.0 -->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jooq</artifactId>
<version>${dep.spring-boot.version}</version>
<exclusions>
<!-- slf4j 2.0 -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- END: slf4j alpha issue -->
<dependency>
<groupId>com.github.vladimir-bukhtoyarov</groupId>
<artifactId>bucket4j-core</artifactId>
<version>${dep.bucket4j.version}</version>
</dependency>
<!-- Quartz -->
<dependency>
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz</artifactId>
<version>${dep.quartz.version}</version>
<exclusions>
<exclusion>
<groupId>com.mchange</groupId>
<artifactId>mchange-commons-java</artifactId>
</exclusion>
<exclusion>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
</exclusion>
<exclusion>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP-java7</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>${dep.zookeeper.version}</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</exclusion>
<exclusion>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- logging -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${dep.logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${dep.logback.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${dep.slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
<version>${dep.slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${dep.slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${dep.slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>${dep.slf4j.version}</version>
</dependency>
<!-- Apache commons components -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>${dep.commons-text.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${dep.commons-lang.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
<version>${dep.commons-configurations2.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>${dep.commons-configuration.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>${dep.commons-compress.version}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${dep.commons-codec.version}</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${dep.commons-collections3.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>${dep.commons-collections4.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${dep.commons-io.version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>${dep.commons-beanutils.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Codahale Metrics -->
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jmx</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-core</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-annotation</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-servlet</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-servlets</artifactId>
<version>${dep.metrics4.version}</version>
<!--
used only in dropwizard 3.2.3+, and only for cpuServlet/adminServlet, this
pulls in joda time if not excluded. Started to be an issue with abtest-client recently
-->
<exclusions>
<exclusion>
<groupId>com.papertrail</groupId>
<artifactId>profiler</artifactId>
</exclusion>
<exclusion>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-logback</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-json</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jetty10</artifactId>
<version>${dep.metrics4.version}</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jersey2</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jdbi</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jdbi3</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-httpclient</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-graphite</artifactId>
<version>${dep.metrics4.version}</version>
<exclusions>
<!-- instead of marking optional, they pull this in -->
<exclusion>
<groupId>com.rabbitmq</groupId>
<artifactId>amqp-client</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-healthchecks</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-jvm</artifactId>
<version>${dep.metrics4.version}</version>
</dependency>
<!-- Apache httpclient -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${dep.apache-httpclient.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>${dep.apache-httpcore.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Java APIs -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${dep.servlet-api.version}</version>
</dependency>
<!-- Removed from newer java versions -->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>${dep.javax-jaxb.version}</version>
<exclusions>
<exclusion>
<groupId>javax.activation</groupId>
<artifactId>javax.activation-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- runtime -->
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${dep.glassfish-jaxb.version}</version>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
<version>${dep.javax-jaxws.version}</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>javax.activation-api</artifactId>
<version>${dep.javax-activation.version}</version>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>${dep.javax-annotation.version}</version>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>${dep.javamail.version}</version>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>jakarta.mail</artifactId>
<version>${dep.sun-jakarta-mail.version}</version>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>${dep.javax.inject.version}</version>
</dependency>
<!-- REDiS related -->
<dependency>
<groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId>
<version>${dep.io.lettuce-core.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-lettuce</artifactId>
<version>${dep.otj-lettuce.version}</version>
</dependency>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-redis-test</artifactId>
<version>${dep.otj-lettuce.version}</version>
</dependency>
<!-- Database related -->
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-sql</artifactId>
<version>${dep.otj-sql.version}</version>
</dependency>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-core</artifactId>
<version>${dep.jdbi3.version}</version>
<exclusions>
<exclusion>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-guava</artifactId>
<version>${dep.jdbi3.version}</version>
<exclusions>
<exclusion>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-sqlobject</artifactId>
<version>${dep.jdbi3.version}</version>
<exclusions>
<exclusion>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-postgres</artifactId>
<version>${dep.jdbi3.version}</version>
<exclusions>
<exclusion>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Postgres -->
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${dep.postgres-jdbc.version}</version>
<exclusions>
<exclusion>
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- MSSQL -->
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>${dep.mssql-jdbc.version}</version>
<exclusions>
<exclusion>
<artifactId>azure-keyvault</artifactId>
<groupId>com.microsoft.azure</groupId>
</exclusion>
</exclusions>
</dependency>
<!-- Snowflake JDBC -->
<dependency>
<groupId>net.snowflake</groupId>
<artifactId>snowflake-jdbc</artifactId>
<version>${dep.snowflake-jdbc.version}</version>
<!-- slf4j 2.0 -->
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Mongo -->
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-sync</artifactId>
<version>${dep.mongo.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-core</artifactId>
<version>${dep.mongo.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>bson</artifactId>
<version>${dep.mongo.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-reactivestreams</artifactId>
<version>${dep.mongo.version}</version>
</dependency>
<dependency>
<groupId>org.reactivestreams</groupId>
<artifactId>reactive-streams</artifactId>
<version>${dep.reactive-streams.version}</version>
</dependency>
<!-- Needed for pre 3.7 api. Spring data, a badly designed product needs this -->
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-legacy </artifactId>
<version>${dep.mongo.version}</version>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
<version>${dep.flyway.version}</version>
</dependency>
<dependency>
<groupId>com.github.spullara.mustache.java</groupId>
<artifactId>compiler</artifactId>
<version>${dep.mustache.version}</version>
</dependency>
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>${dep.asm.version}</version>
</dependency>
<!-- Testing -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${dep.junit.version}</version>
</dependency>
<dependency>
<groupId>org.easymock</groupId>
<artifactId>easymock</artifactId>
<version>${dep.easymock.version}</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${dep.mockito.version}</version>
</dependency>
<!-- wiremock has some conflicting class files depedending on the standalone version. So need to manage it -->
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8-standalone</artifactId>
<version>${dep.wiremock-jre8-standalone.version}</version>
</dependency>
<dependency>
<groupId>net.jodah</groupId>
<artifactId>failsafe</artifactId>
<version>${dep.failsafe2.version}</version>
</dependency>
<dependency>
<groupId>dev.failsafe</groupId>
<artifactId>failsafe</artifactId>
<version>${dep.failsafe3.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${dep.bouncycastle-bcpkix.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${dep.bouncycastle-bcxprov.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>${dep.nimbus-jose-jwt.version}</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>${dep.hamcrest.version}</version>
</dependency>
<!-- as of 2.x the remaining below are "shell" jars that merely point to the above jar -->
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>${dep.hamcrest.version}</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
<version>${dep.hamcrest.version}</version>
</dependency>
<dependency>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy</artifactId>
<version>${dep.bytebuddy.version}</version>
</dependency>
<dependency>
<groupId>net.bytebuddy</groupId>
<artifactId>byte-buddy-agent</artifactId>
<version>${dep.bytebuddy.version}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>${dep.aspectjweaver.version}</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>${dep.assertj.version}</version>
</dependency>
<dependency>
<groupId>org.objenesis</groupId>
<artifactId>objenesis</artifactId>
<version>${dep.objenesis.version}</version>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>${dep.spotbugs.version}</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>findbugs-annotations</artifactId>
<version>${dep.findbugs.version}</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>${dep.jsr305.version}</version>
</dependency>
<!-- spring-kafka -->
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
</exclusion>
</exclusions>
<version>${dep.spring-kafka.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka-test</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
</exclusion>
</exclusions>
<version>${dep.spring-kafka.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<profiles>
<!-- Disable git usage when sous is running -->
<profile>
<id>sous-build-is-running</id>
<activation>
<property>
<name>env.BUILD_SOUS</name>
<value>1</value>
</property>
</activation>
<properties>
<basepom.git-id.fail-no-info>false</basepom.git-id.fail-no-info>
</properties>
<build>
<plugins>
<plugin>
<groupId>com.github.ekryd.echo-maven-plugin</groupId>
<artifactId>echo-maven-plugin</artifactId>
<version>${dep.plugin.echo.version}</version>
<executions>
<execution>
<goals>
<goal>echo</goal>
</goals>
<phase>process-sources</phase>
</execution>
</executions>
<configuration>
<message>Sous build is running...</message>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!--
We use maven profiles (see
https://maven.apache.org/guides/introduction/introduction-to
-profiles.html) to set the compiler configuration options of
source, target, and release (see
https://docs.oracle.com/javase/9/tools/javac.htm) based on
the JDK that is installed in your build environment, the
presence of signal files, and configuration properties that
are defined in the parent pom (but may be overridden in your
project's pom file).
If Java 8 is the installed JDK: We'll set source and target
to the value defined in the project.build.targetJdk property
(currently set in the parent pom to 1.8). Java 8 doesn't
have a release compiler option, so it won't be set.
If Java 9 or above is the installed JDK : We'll set
source and target to whatever is defined in
project.build.targetJdk (currently, 1.8) and we'll set
release to project.build.targetJdk as well, except we'll
drop whatever comes before the first decimal (if anything),
so 1.8 becomes 8 (which is the format that field requires),
and 9 will remain 9.
Notes: If the JDK in your build environment is of a lower
version than what you are targeting, the maven enforcer
plugin will fail the build.
Whatever version you target will need to be installed on the
machines of all team members who may build this project and
any CI build agents you are using (e.g. TeamCity or
Jenkins). So, if you set Java 9 as a target you'll need to
be OK with that.
Very old Maven compiler plugins have OR logic instead of AND
when evaluating conditions for profile activation. This can
cause problems here.
-->
<profile>
<id>using-java-8-jdk</id>
<activation>
<jdk>[1.8,9.0)</jdk>
</activation>
<build>
<plugins>
<plugin>
<groupId>com.github.ekryd.echo-maven-plugin</groupId>
<artifactId>echo-maven-plugin</artifactId>
<version>${dep.plugin.echo.version}</version>
<executions>
<execution>
<goals>
<goal>echo</goal>
</goals>
<phase>process-sources</phase>
</execution>
</executions>
<configuration>
<message>Using Java 8 (Full) SDK</message>
</configuration>
</plugin>
<!-- Use default inheritance from basePOM for now -->
</plugins>
</build>
</profile>
<profile>
<id>using-java-9-or-higher</id>
<activation>
<jdk>[9,)</jdk>
</activation>
<build>
<plugins>
<!-- The entire purpose of this plugin is to convert 1.8 => 8 or more
accurately simply strip pre decimal (including decimal point). This is used
to build a correct release variable, since JavaC understands 8, 9, 10, etc
but not 1.8 for the release argument -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>${dep.plugin.build-helper.version}</version>
<executions>
<execution>
<id>fix-release-version</id>
<phase>validate</phase>
<goals>
<goal>regex-property</goal>
</goals>
<configuration>
<name>project.build.release</name>
<regex>^(\d*\.)</regex><!-- any numbers before and including decimal -->
<value>${project.build.targetJdk}</value>
<failIfNoMatch>false</failIfNoMatch>
<replacement /> <!-- replace with empty string -->
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.ekryd.echo-maven-plugin</groupId>
<artifactId>echo-maven-plugin</artifactId>
<version>${dep.plugin.echo.version}</version>
<executions>
<execution>
<goals>
<goal>echo</goal>
</goals>
<phase>process-sources</phase>
</execution>
</executions>
<configuration>
<message>Using Java 9+ SDK (target ${project.build.targetJdk}, release ${project.build.release})</message>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${dep.plugin.compiler.version}</version>
<configuration>
<!-- Here we let the user decide -->
<source>${project.build.targetJdk}</source>
<target>${project.build.targetJdk}</target>
<release>${project.build.release}</release>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!--
Profile for hardware architecture specific resolution on OSX for netty
-->
<profile>
<id>mac-netty-m1</id>
<activation>
<file>
<exists>.netty-mac</exists>
</file>
<os>
<family>mac</family>
<arch>aarch64</arch>
</os>
</activation>
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-resolver-dns-native-macos</artifactId>
<version>${dep.netty.version}</version>
<classifier>osx-aarch_64</classifier>
<scope>runtime</scope>
</dependency>
</dependencies>
</profile>
<profile>
<id>mac-netty-x64</id>
<activation>
<file>
<exists>.netty-mac</exists>
</file>
<os>
<family>mac</family>
<arch>x86_64</arch>
</os>
</activation>
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-resolver-dns-native-macos</artifactId>
<version>${dep.netty.version}</version>
<classifier>osx-x86_64</classifier>
<scope>runtime</scope>
</dependency>
</dependencies>
</profile>
<!--
This profile exists to disable SpotBugs on Java 11 or higher.
Sadly significant false positives began to be seen in Java 9,10, and
now they are further degrading the usefullness of this wonderful tool.
Reenable should this project ever regain its legs
-->
<profile>
<id>using-java-11-or-higher</id>
<activation>
<jdk>[11,)</jdk>
</activation>
<build>
<!-- Don't fail due to spotbugs errors -->
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!--
This is activated for nearly all projects (ones missing the marker file below
and simply sets up a default logback config for tests
-->
<profile>
<id>test-log-config</id>
<activation>
<file>
<missing>.no-test-log-config</missing>
</file>
</activation>
<dependencies>
<dependency>
<groupId>com.opentable.testing</groupId>
<artifactId>otj-test-log-config</artifactId>
<version>${dep.otj-test-log-config.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
</profile>
<!--
Normally we want to include otj-spring to get a nice MBean clean up
However doing so globally makes otj-spring itself have a cyclic dependency.
This lets otj-spring avoid this trap. Clumsy, I will admit!
Hence foundational libraries (otj-spring itself plus otj-core, otj-scopes, etc)
need this marker file.
-->
<profile>
<id>test-spring-otj</id>
<activation>
<file>
<missing>.no-otj-spring</missing>
</file>
</activation>
<dependencies>
<dependency>
<groupId>com.opentable.components</groupId>
<artifactId>otj-spring</artifactId>
<version>${dep.otj-spring.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
</dependencies>
</profile>
<!-- ======================================================================== -->
<!-- = = -->
<!-- = New Service profile. Builds a tarball which is a deployable unit. = -->
<!-- = = -->
<!-- ======================================================================== -->
<profile>
<id>build-service</id>
<activation>
<file>
<exists>.build-service</exists>
<missing>.build-service-legacy</missing>
</file>
</activation>
<properties>
</properties>
<build>
<plugins>
<!-- add in git.properties. We already add to manifest fwiw some of this -->
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
<configuration>
<generateGitPropertiesFile>true</generateGitPropertiesFile>
<!-- Renamed so there aren't conflicts -->
<generateGitPropertiesFilename>${project.build.outputDirectory}/${project.build.finalName}.git.properties</generateGitPropertiesFilename>
</configuration>
</plugin>
<!-- Make SBT uber JAR. -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>${ot.mainclass}</mainClass>
<layout>JAR</layout>
<classifier>service</classifier>
</configuration>
<executions>
<execution>
<id>build-info</id>
<goals>
<goal>build-info</goal>
</goals>
<configuration>
<additionalProperties>
<encoding.source>UTF-8</encoding.source>
<encoding.reporting>UTF-8</encoding.reporting>
<java.target>${maven.compiler.target}</java.target>
<X-BasePOM-Build-Id>${basepom.shaded.id}</X-BasePOM-Build-Id>
<X-BasePOM-Name>${project.name}</X-BasePOM-Name>
<X-BasePOM-Git-Commit-Id>${git.commit.id}</X-BasePOM-Git-Commit-Id>
</additionalProperties>
</configuration>
</execution>
<execution>
<id>repackage</id>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifestEntries>
<X-BasePOM-Build-Id>${basepom.shaded.id}</X-BasePOM-Build-Id>
<X-BasePOM-Name>${project.name}</X-BasePOM-Name>
<X-BasePOM-Git-Commit-Id>${git.commit.id}</X-BasePOM-Git-Commit-Id>
</manifestEntries>
</archive>
</configuration>
</plugin>
<!-- Require main class property. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>check-service-build</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireProperty>
<property>ot.mainclass</property>
<message>You must specify "ot.mainclass" as a Maven property for a service-enabled build.</message>
</requireProperty>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>${dep.plugin.exec.version}</version>
<executions>
<execution>
<id>build-docker</id>
<phase>deploy</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>${otpl.executable}</executable>
<arguments>
<argument>${otpl.docker.repo}</argument>
<argument>${otpl.docker.tag}</argument>
<argument>${project.build.directory}/${project.build.finalName}-service.jar</argument>
<argument>${project.version}</argument>
<argument>${otj.parent.pom.version}</argument>
<argument>${otpl.docker.uid}</argument>
</arguments>
<workingDirectory>${otpl.project.dir}</workingDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<!-- ======================================================================== -->
<!-- = = -->
<!-- = Legacy Service profile. Builds a tarball which is a deployable unit. = -->
<!-- = = -->
<!-- ======================================================================== -->
<profile>
<id>build-service-legacy</id>
<activation>
<file>
<exists>.build-service-legacy</exists>
</file>
</activation>
<properties>
</properties>
<build>
<plugins>
<!-- add in git.properties. We already add to manifest fwiw some of this -->
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
<configuration>
<generateGitPropertiesFile>true</generateGitPropertiesFile>
<!-- Renamed so there aren't conflicts -->
<generateGitPropertiesFilename>${project.build.outputDirectory}/${project.build.finalName}.git.properties</generateGitPropertiesFilename>
</configuration>
</plugin>
<!-- Make shaded JAR. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${dep.spring-boot.version}</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>assemble-app</id>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
<configuration>
<shadedArtifactAttached>false</shadedArtifactAttached>
<transformers combine.self="override">
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.handlers</resource>
</transformer>
<transformer implementation="org.springframework.boot.maven.PropertiesMergingResourceTransformer">
<resource>META-INF/spring.factories</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.schemas</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
<transformer implementation="org.basepom.maven.shade.CollectingManifestResourceTransformer">
<mainClass>${ot.mainclass}</mainClass>
<collectSections>true</collectSections>
<manifestEntries>
<X-BasePOM-Build-Id>${basepom.shaded.id}</X-BasePOM-Build-Id>
<X-BasePOM-Name>${project.name}</X-BasePOM-Name>
<X-BasePOM-Git-Commit-Id>${git.commit.id}</X-BasePOM-Git-Commit-Id>
</manifestEntries>
</transformer>
</transformers>
</configuration>
</plugin>
<!-- Require main class property. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>check-service-build</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireProperty>
<property>ot.mainclass</property>
<message>You must specify "ot.mainclass" as a Maven property for a service-enabled build.</message>
</requireProperty>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>${dep.plugin.exec.version}</version>
<executions>
<execution>
<id>build-docker</id>
<phase>deploy</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>${otpl.executable}</executable>
<arguments>
<argument>${otpl.docker.repo}</argument>
<argument>${otpl.docker.tag}</argument>
<argument>${project.build.directory}/${project.build.finalName}.jar</argument>
<argument>${project.version}</argument>
<argument>${otj.parent.pom.version}</argument>
<argument>${otpl.docker.uid}</argument>
</arguments>
<workingDirectory>${otpl.project.dir}</workingDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<!-- This profile is active when *not* building for OSS -->
<profile>
<id>internal-build</id>
<activation>
<file>
<missing>.oss-build</missing>
</file>
</activation>
<!-- use ot repos to upload jars, images -->
<distributionManagement>
<snapshotRepository>
<id>opentable.snapshot</id>
<name>opentable-snapshots</name>
<uniqueVersion>true</uniqueVersion>
<url>https://artifactory.otenv.com/snapshots</url>
</snapshotRepository>
<repository>
<id>opentable</id>
<name>opentable-internal</name>
<url>https://artifactory.otenv.com/internal</url>
<uniqueVersion>false</uniqueVersion>
</repository>
</distributionManagement>
</profile>
<!-- This profile ports basepom-oss into our spring pom
It is typically used for our open source projects.
-->
<profile>
<id>oss-build</id>
<activation>
<file>
<exists>.oss-build</exists>
</file>
</activation>
<!-- note the main difference is released artifacts go to oss.sonatype instead of internal -->
<distributionManagement>
<snapshotRepository>
<id>opentable.snapshot</id>
<name>opentable-snapshots</name>
<uniqueVersion>true</uniqueVersion>
<url>https://artifactory.otenv.com/snapshots</url>
</snapshotRepository>
<repository>
<id>sonatype-nexus-staging</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<releaseProfiles>${basepom.release.profiles}</releaseProfiles>
</configuration>
</plugin>
<plugin>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin</artifactId>
<version>${dep.plugin.license.version}</version>
<dependencies>
<dependency>
<groupId>org.basepom</groupId>
<artifactId>basepom-policy</artifactId>
<version>${dep.basepom-policy.version}</version>
</dependency>
</dependencies>
<configuration>
<skip>${basepom.check.skip-license}</skip>
<skipExistingHeaders>${basepom.license.skip-existing}</skipExistingHeaders>
<failIfMissing>${basepom.check.fail-license}</failIfMissing>
<headerDefinitions>
<headerDefinition>license/xml-prefix.xml</headerDefinition>
</headerDefinitions>
<mapping>
<g4>SLASHSTAR_STYLE</g4>
<groovy>SLASHSTAR_STYLE</groovy>
<java>SLASHSTAR_STYLE</java>
<stg>DOUBLESLASH_STYLE</stg>
<xml>XML_PREFIX</xml>
<yaml>SCRIPT_STYLE</yaml>
</mapping>
<strictCheck>true</strictCheck>
<aggregate>true</aggregate>
<useDefaultExcludes>true</useDefaultExcludes>
<encoding>${project.build.sourceEncoding}</encoding>
<licenseSets>
<licenseSet>
<header>license/basepom-apache-license-header.txt</header>
<excludes>
<exclude>.*/**</exclude>
<exclude>**/*.md</exclude>
<exclude>**/*.rst</exclude>
<exclude>**/*.adoc</exclude>
<exclude>**/*.sh</exclude>
<exclude>**/*.txt</exclude>
<exclude>**/*.thrift</exclude>
<exclude>**/*.proto</exclude>
<exclude>**/*.g</exclude>
<exclude>**/*.releaseBackup</exclude>
<exclude>**/*.vm</exclude>
<exclude>**/*.st</exclude>
<exclude>**/*.raw</exclude>
<exclude>**/*.ser</exclude>
<exclude>**/src/license/**</exclude>
<exclude>**/CNAME</exclude>
<exclude>**/.keepme</exclude>
</excludes>
<includes>
<include>src/**</include>
<include>**/pom.xml</include>
</includes>
</licenseSet>
</licenseSets>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${dep.plugin.gpg.version}</version>
<configuration>
<useAgent>true</useAgent>
</configuration>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>com.mycila</groupId>
<artifactId>license-maven-plugin</artifactId>
<executions>
<execution>
<id>basepom.default</id>
<phase>${basepom.check.phase-license}</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<!-- Active during OSS release:perform -->
<profile>
<id>basepom.deploy-release</id>
<properties>
<!-- tests have been run in the preparation step of the release -->
<basepom.test.skip>true</basepom.test.skip>
<basepom.it.skip>true</basepom.it.skip>
<!-- checks have been run in the preparation step of the release -->
<basepom.check.skip-all>true</basepom.check.skip-all>
<!-- oss requires a javadoc jar. Build one when releasing. -->
<basepom.javadoc.skip>false</basepom.javadoc.skip>
</properties>
<build>
<plugins>
<!-- Sign artifacts using gpg for oss upload -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>basepom.release.default</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report