Skip to content

Commit

Permalink
chore(dependency): upgrade springfox documentation from 2.9.2 to 3.0.0 (
Browse files Browse the repository at this point in the history 
spinnaker#1144)

Upgrading springfox fix vulnerabilities.
Followed the migration steps suggested [here](https://springfox.github.io/springfox/docs/current/#migrating-from-existing-2-x-version)
Replaced guava com.google.common.base.Predicate class with java.util.function.Predicate class and modified the logic to accomodate the same.

Note: This upgrade has introduced a breaking change where swagger-ui location has moved from http://host/context-path/swagger-ui.html to http://host/context-path/swagger-ui/index.html OR http://host/context-path/swagger-ui/ for short.

Dependency insight before the upgrade:
```
$ ./gradlew kork-swagger:dI --dependency swagger

> Task :kork-swagger:dependencyInsight
io.springfox:springfox-swagger-common:2.9.2
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger-common:2.9.2
\--- io.springfox:springfox-swagger2:2.9.2
     +--- compileClasspath (requested io.springfox:springfox-swagger2)
     \--- project :spinnaker-dependencies
          \--- compileClasspath

io.springfox:springfox-swagger-ui:2.9.2 (by constraint)
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger-ui:2.9.2
\--- project :spinnaker-dependencies
     \--- compileClasspath

io.springfox:springfox-swagger-ui -> 2.9.2
\--- compileClasspath

io.springfox:springfox-swagger2:2.9.2 (by constraint)
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger2:2.9.2
\--- project :spinnaker-dependencies
     \--- compileClasspath

io.springfox:springfox-swagger2 -> 2.9.2
\--- compileClasspath

io.swagger:swagger-annotations:1.5.20 (by constraint)
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger:swagger-annotations:1.5.20
+--- project :spinnaker-dependencies
|    \--- compileClasspath
+--- io.springfox:springfox-swagger-common:2.9.2
|    \--- io.springfox:springfox-swagger2:2.9.2
|         +--- compileClasspath (requested io.springfox:springfox-swagger2)
|         \--- project :spinnaker-dependencies (*)
+--- io.springfox:springfox-swagger2:2.9.2 (*)
\--- io.swagger:swagger-models:1.5.20
     +--- io.springfox:springfox-swagger2:2.9.2 (*)
     \--- io.springfox:springfox-swagger-common:2.9.2 (*)

io.swagger:swagger-annotations -> 1.5.20
\--- compileClasspath

io.swagger:swagger-models:1.5.20
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger:swagger-models:1.5.20
+--- io.springfox:springfox-swagger-common:2.9.2
|    \--- io.springfox:springfox-swagger2:2.9.2
|         +--- compileClasspath (requested io.springfox:springfox-swagger2)
|         \--- project :spinnaker-dependencies
|              \--- compileClasspath
\--- io.springfox:springfox-swagger2:2.9.2 (*)
```

Dependency insight after the upgrade:
```
$ ./gradlew kork-swagger:dI --dependency swagger

> Task :kork-swagger:dependencyInsight
io.springfox:springfox-swagger-common:3.0.0
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger-common:3.0.0
+--- io.springfox:springfox-oas:3.0.0
|    \--- io.springfox:springfox-boot-starter:3.0.0
|         +--- compileClasspath (requested io.springfox:springfox-boot-starter)
|         \--- project :spinnaker-dependencies
|              \--- compileClasspath
\--- io.springfox:springfox-swagger2:3.0.0
     +--- project :spinnaker-dependencies (*)
     \--- io.springfox:springfox-boot-starter:3.0.0 (*)

io.springfox:springfox-swagger-ui:3.0.0
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger-ui:3.0.0
\--- io.springfox:springfox-boot-starter:3.0.0
     +--- compileClasspath (requested io.springfox:springfox-boot-starter)
     \--- project :spinnaker-dependencies
          \--- compileClasspath

io.springfox:springfox-swagger2:3.0.0 (by constraint)
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.springfox:springfox-swagger2:3.0.0
+--- project :spinnaker-dependencies
|    \--- compileClasspath
\--- io.springfox:springfox-boot-starter:3.0.0
     +--- compileClasspath (requested io.springfox:springfox-boot-starter)
     \--- project :spinnaker-dependencies (*)

io.swagger:swagger-annotations:1.5.20 (by constraint)
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger:swagger-annotations:1.5.20
+--- project :spinnaker-dependencies
|    \--- compileClasspath
+--- io.springfox:springfox-swagger-common:3.0.0
|    +--- io.springfox:springfox-swagger2:3.0.0
|    |    +--- project :spinnaker-dependencies (*)
|    |    \--- io.springfox:springfox-boot-starter:3.0.0
|    |         +--- compileClasspath (requested io.springfox:springfox-boot-starter)
|    |         \--- project :spinnaker-dependencies (*)
|    \--- io.springfox:springfox-oas:3.0.0
|         \--- io.springfox:springfox-boot-starter:3.0.0 (*)
+--- io.springfox:springfox-swagger2:3.0.0 (*)
\--- io.swagger:swagger-models:1.5.20
     +--- io.springfox:springfox-swagger2:3.0.0 (*)
     \--- io.springfox:springfox-swagger-common:3.0.0 (*)

io.swagger:swagger-annotations -> 1.5.20
\--- compileClasspath

io.swagger:swagger-models:1.5.20
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger:swagger-models:1.5.20
+--- io.springfox:springfox-swagger-common:3.0.0
|    +--- io.springfox:springfox-swagger2:3.0.0
|    |    +--- project :spinnaker-dependencies
|    |    |    \--- compileClasspath
|    |    \--- io.springfox:springfox-boot-starter:3.0.0
|    |         +--- compileClasspath (requested io.springfox:springfox-boot-starter)
|    |         \--- project :spinnaker-dependencies (*)
|    \--- io.springfox:springfox-oas:3.0.0
|         \--- io.springfox:springfox-boot-starter:3.0.0 (*)
\--- io.springfox:springfox-swagger2:3.0.0 (*)

io.swagger.core.v3:swagger-annotations:2.1.2
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger.core.v3:swagger-annotations:2.1.2
+--- io.springfox:springfox-oas:3.0.0
|    \--- io.springfox:springfox-boot-starter:3.0.0
|         +--- compileClasspath (requested io.springfox:springfox-boot-starter)
|         \--- project :spinnaker-dependencies
|              \--- compileClasspath
\--- io.springfox:springfox-swagger-common:3.0.0
     +--- io.springfox:springfox-swagger2:3.0.0
     |    +--- project :spinnaker-dependencies (*)
     |    \--- io.springfox:springfox-boot-starter:3.0.0 (*)
     \--- io.springfox:springfox-oas:3.0.0 (*)

io.swagger.core.v3:swagger-models:2.1.2
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 11           |

io.swagger.core.v3:swagger-models:2.1.2
\--- io.springfox:springfox-oas:3.0.0
     \--- io.springfox:springfox-boot-starter:3.0.0
          +--- compileClasspath (requested io.springfox:springfox-boot-starter)
          \--- project :spinnaker-dependencies
               \--- compileClasspath
```
  • Loading branch information
@j-sandy
j-sandy authored Feb 2, 2024
1 parent cb9e9d3 commit ea4caf7
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 23 deletions.
3 changes: 1 addition & 2 deletions kork-swagger/kork-swagger.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ dependencies {

implementation "com.google.guava:guava"
implementation "org.springframework.boot:spring-boot-autoconfigure"
implementation "io.springfox:springfox-swagger2"
implementation "io.springfox:springfox-swagger-ui"
implementation "io.springfox:springfox-boot-starter"

}
24 changes: 6 additions & 18 deletions kork-swagger/src/main/java/com/netflix/spinnaker/config/SwaggerConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,10 @@

package com.netflix.spinnaker.config;

import static com.google.common.base.Predicates.or;

import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.function.Predicate;
import javax.annotation.Nullable;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
Expand All @@ -32,11 +29,9 @@
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.paths.AbstractPathProvider;
import springfox.documentation.spring.web.paths.DefaultPathProvider;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

@EnableSwagger2
@Configuration
@ConditionalOnProperty("swagger.enabled")
@ConfigurationProperties(prefix = "swagger")
Expand All @@ -54,7 +49,7 @@ public class SwaggerConfig {
@Bean
public Docket gateApi() {
return new Docket(DocumentationType.SWAGGER_2)
.pathProvider(new BasePathProvider(basePath, documentationPath))
.pathProvider(new BasePathProvider(documentationPath))
.select()
.apis(RequestHandlerSelectors.any())
.paths(paths())
Expand All @@ -80,7 +75,7 @@ private static Class<?> getClassIfPresent(String name) {
}

private Predicate<String> paths() {
return or(patterns.stream().map(PathSelectors::regex).collect(Collectors.toList()));
return patterns.stream().map(PathSelectors::regex).reduce((x, y) -> x.or(y)).get();
}

private ApiInfo apiInfo() {
Expand Down Expand Up @@ -123,20 +118,13 @@ public String getDocumentationPath() {
return documentationPath;
}

public class BasePathProvider extends AbstractPathProvider {
private String basePath;
public class BasePathProvider extends DefaultPathProvider {
private String documentationPath;

private BasePathProvider(String basePath, String documentationPath) {
this.basePath = basePath;
private BasePathProvider(String documentationPath) {
this.documentationPath = documentationPath;
}

@Override
protected String applicationPath() {
return basePath;
}

@Override
protected String getDocumentationPath() {
return documentationPath;
Expand Down
6 changes: 3 additions & 3 deletions spinnaker-dependencies/spinnaker-dependencies.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ ext {
spek2 : "2.0.9",
springBoot : "2.5.15",
springCloud : "2020.0.6",
springfoxSwagger : "2.9.2",
swagger : "1.5.20", //this should stay in sync with what springfoxSwagger expects
springfoxSwagger : "3.0.0",
swagger : "1.5.20", //this should stay in sync with what springfoxSwagger expects.

// Spring boot 2.4.13 brings in 9.0.55. Spring boot 2.5.14 brings in
// 9.0.63. Use 9.0.69 to resolve CVE-2022-42252 and CVE-2022-45143. Spring
Expand Down Expand Up @@ -133,7 +133,7 @@ dependencies {
api("de.huxhorn.sulky:de.huxhorn.sulky.ulid:8.2.0")
api("dev.minutest:minutest:1.13.0")
api("io.mockk:mockk:1.10.5")
api("io.springfox:springfox-swagger-ui:${versions.springfoxSwagger}")
api("io.springfox:springfox-boot-starter:${versions.springfoxSwagger}")
api("io.springfox:springfox-swagger2:${versions.springfoxSwagger}")
api("io.swagger:swagger-annotations:${versions.swagger}")
api("javax.annotation:javax.annotation-api:1.3.2")
Expand Down

0 comments on commit ea4caf7

Please sign in to comment.