From 2628d3929da9a4f00a174823ef81d60443e80f6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Deleuze?= Date: Mon, 23 Dec 2024 17:45:21 +0100 Subject: [PATCH] Parse JSON with openjson Code originally contributed by @snicoll. This commit upgrades the use of Jackson to plain old JSONObject. This has the advantage of significantly reduce the size of required dependencies, in particular for the graalvm-reachability-metadata module that is meant to be reused externally. --- THIRD_PARTY_LICENSES.txt | 494 +----------------- .../build.gradle.kts | 2 +- .../internal/index/artifacts/Artifact.java | 14 +- ...duleJsonVersionToConfigDirectoryIndex.java | 42 +- .../JsonModuleToConfigDirectoryIndex.java | 37 +- .../internal/index/modules/ModuleEntry.java | 10 +- common/utils/build.gradle.kts | 2 +- .../ResourcesConfigModelSerializer.java | 34 +- gradle/libs.versions.toml | 4 +- native-maven-plugin/build.gradle.kts | 2 +- .../maven/SBOMFunctionalTest.groovy | 24 +- .../buildtools/maven/sbom/SBOMGenerator.java | 38 +- 12 files changed, 149 insertions(+), 554 deletions(-) diff --git a/THIRD_PARTY_LICENSES.txt b/THIRD_PARTY_LICENSES.txt index f183de310..268aa79ec 100644 --- a/THIRD_PARTY_LICENSES.txt +++ b/THIRD_PARTY_LICENSES.txt @@ -1,454 +1,6 @@ -TOP LEVEL COMPONENT NAMES: com.fasterxml.jackson.core:jackson-databind -Copyright © 2008–2012 FasterXML. All rights reserved. ----------------------------------------------------------------------- +TOP LEVEL COMPONENT NAME: com.github.openjson:openjson -This copy of Jackson JSON processor databind module is licensed under the -Apache (Software) License, version 2.0 ("the License"). -See the License for details about distribution rights, and the -specific rights regarding derivate works. - -You may obtain a copy of the License at: - -http://www.apache.org/licenses/LICENSE-2.0 - -NOTICE FILE: -=============== -# Jackson JSON processor -"Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - ""License"" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - ""Licensor"" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - ""Legal Entity"" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - ""control"" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - ""You"" (or ""Your"") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - ""Source"" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - ""Object"" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - ""Work"" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - ""Derivative Works"" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - ""Contribution"" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, ""submitted"" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as ""Not a Contribution."" - - ""Contributor"" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a ""NOTICE"" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an ""AS IS"" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets ""[]"" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same ""printed page"" as the copyright notice for easier - identification within third-party archives. - -Copyright © 2008–2012 FasterXML. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the ""License""); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an ""AS IS"" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License." - -jackson-core ------------------ -Fourth Party Dependecy 1: com.fasterxml.jackson.core - -Copyright © 2008–2021 FasterXML. All rights reserved - -This project contains core low-level incremental ("streaming") parser and generator abstractions used by -[Jackson Data Processor](http://wiki.fasterxml.com/JacksonHome). -It also includes the default implementation of handler types (parser, generator) that handle JSON format. -The core abstractions are not JSON specific, although naming does contain 'JSON' in many places, due to historical reasons. Only packages that specifically contain word 'json' are JSON-specific. - -This package is the base on which [Jackson data-binding](https://github.com/FasterXML/jackson-databind) package builds on. -It is licensed under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0). - - -"Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - ""License"" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - ""Licensor"" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - ""Legal Entity"" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - ""control"" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - ""You"" (or ""Your"") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - ""Source"" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - ""Object"" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - ""Work"" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - ""Derivative Works"" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - ""Contribution"" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, ""submitted"" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as ""Not a Contribution."" - - ""Contributor"" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a ""NOTICE"" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an ""AS IS"" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets ""[]"" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same ""printed page"" as the copyright notice for easier - identification within third-party archives. - -Copyright © 2008–2021 FasterXML. All rights reserved - - Licensed under the Apache License, Version 2.0 (the ""License""); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an ""AS IS"" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License." - -jackson-annotation ---------------------- -Fourth Party Dependecy 1: com.fasterxml.jackson.annotation - -Copyright © 2008–2020 FasterXML. All rights reserved. - -This project contains general purpose annotations for Jackson Data Processor, used on value and handler types. The only annotations not included are ones that require dependency to the Databind package. Note that only annotations themselves (and related value classes) are included, but no functionality that uses annotations. - -Project contains versions 2.0 and above: source code for earlier (1.x) versions is available from Jackson-1 repository. - -Full Listing of Jackson Annotations details all available annotations; Project Wiki gives more details. - -Project is licensed under Apache License 2.0. - - -"Apache License + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -456,38 +8,38 @@ Project is licensed under Apache License 2.0. 1. Definitions. - ""License"" shall mean the terms and conditions for use, reproduction, + "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. - ""Licensor"" shall mean the copyright owner or entity authorized by + "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. - ""Legal Entity"" shall mean the union of the acting entity and all + "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, - ""control"" means (i) the power, direct or indirect, to cause the + "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. - ""You"" (or ""Your"") shall mean an individual or Legal Entity + "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. - ""Source"" form shall mean the preferred form for making modifications, + "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. - ""Object"" form shall mean any form resulting from mechanical + "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. - ""Work"" shall mean the work of authorship, whether in Source or + "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). - ""Derivative Works"" shall mean any work, whether in Source or Object + "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes @@ -495,21 +47,21 @@ Project is licensed under Apache License 2.0. separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. - ""Contribution"" shall mean any work of authorship, including + "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, ""submitted"" + the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as ""Not a Contribution."" + designated in writing by the copyright owner as "Not a Contribution." - ""Contributor"" shall mean Licensor and any individual or Legal Entity + "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. @@ -553,7 +105,7 @@ Project is licensed under Apache License 2.0. excluding those notices that do not pertain to any part of the Derivative Works; and - (d) If the Work includes a ""NOTICE"" text file as part of its + (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not @@ -592,7 +144,7 @@ Project is licensed under Apache License 2.0. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an ""AS IS"" BASIS, + Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A @@ -628,24 +180,24 @@ Project is licensed under Apache License 2.0. APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets ""[]"" + boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the - same ""printed page"" as the copyright notice for easier + same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright © 2008–2020 FasterXML. All rights reserved. + Copyright [yyyy] [name of copyright owner] - Licensed under the Apache License, Version 2.0 (the ""License""); + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an ""AS IS"" BASIS, + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License." + limitations under the License. diff --git a/common/graalvm-reachability-metadata/build.gradle.kts b/common/graalvm-reachability-metadata/build.gradle.kts index 8f681608c..a55de5b36 100644 --- a/common/graalvm-reachability-metadata/build.gradle.kts +++ b/common/graalvm-reachability-metadata/build.gradle.kts @@ -51,7 +51,7 @@ maven { } dependencies { - implementation(libs.jackson.databind) + implementation(libs.openjson) testImplementation(platform(libs.test.junit.bom)) testImplementation(libs.test.junit.jupiter.core) } diff --git a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/Artifact.java b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/Artifact.java index aaf6abbd3..1409293e5 100644 --- a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/Artifact.java +++ b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/Artifact.java @@ -40,14 +40,9 @@ */ package org.graalvm.reachability.internal.index.artifacts; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; - import java.util.Set; import java.util.regex.Pattern; -@JsonIgnoreProperties(ignoreUnknown = true) public class Artifact { private final String module; private final Set versions; @@ -56,13 +51,8 @@ public class Artifact { private final boolean override; private final Pattern defaultForPattern; - @JsonCreator - public Artifact(@JsonProperty("module") String module, - @JsonProperty("tested-versions") Set versions, - @JsonProperty("metadata-version") String directory, - @JsonProperty(value = "latest", defaultValue = "false") boolean latest, - @JsonProperty(value = "override", defaultValue = "false") boolean override, - @JsonProperty(value = "default-for") String defaultFor) { + public Artifact(String module, Set versions, String directory, + boolean latest, boolean override, String defaultFor) { this.module = module; this.versions = versions; this.directory = directory; diff --git a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/SingleModuleJsonVersionToConfigDirectoryIndex.java b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/SingleModuleJsonVersionToConfigDirectoryIndex.java index 15894d490..cd0be44d7 100644 --- a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/SingleModuleJsonVersionToConfigDirectoryIndex.java +++ b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/artifacts/SingleModuleJsonVersionToConfigDirectoryIndex.java @@ -40,18 +40,20 @@ */ package org.graalvm.reachability.internal.index.artifacts; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.type.TypeFactory; +import com.github.openjson.JSONArray; +import com.github.openjson.JSONObject; import org.graalvm.reachability.DirectoryConfiguration; import org.graalvm.reachability.internal.UncheckedIOException; -import java.io.BufferedReader; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; +import java.util.ArrayList; +import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.Set; import java.util.function.Predicate; import java.util.stream.Collectors; @@ -66,13 +68,13 @@ public SingleModuleJsonVersionToConfigDirectoryIndex(Path moduleRoot) { private Map> parseIndexFile(Path rootPath) { Path indexFile = rootPath.resolve("index.json"); - ObjectMapper objectMapper = new ObjectMapper(); - TypeFactory typeFactory = objectMapper.getTypeFactory(); - try (BufferedReader reader = Files.newBufferedReader(indexFile)) { - List entries = objectMapper.readValue( - reader, - typeFactory.constructCollectionType(List.class, Artifact.class) - ); + try { + String fileContent = Files.readString(indexFile); + JSONArray json = new JSONArray(fileContent); + List entries = new ArrayList<>(); + for (int i = 0; i < json.length(); i++) { + entries.add(fromJson(json.getJSONObject(i))); + } return entries.stream() .collect(Collectors.groupingBy(Artifact::getModule)); } catch (IOException e) { @@ -132,4 +134,24 @@ private Optional findConfigurationFor(String groupId, St moduleRoot.resolve(artifact.getDirectory()), artifact.isOverride())); } + private Artifact fromJson(JSONObject json) { + String module = json.optString("module", null); + Set testVersions = readTestedVersions(json.optJSONArray("tested-versions")); + String directory = json.optString("metadata-version", null); + boolean latest = json.optBoolean("latest"); + boolean override = json.optBoolean("override"); + String defaultFor = json.optString("default-for", null); + return new Artifact(module, testVersions, directory, latest, override, defaultFor); + } + + private Set readTestedVersions(JSONArray array) { + Set testVersions = new LinkedHashSet<>(); + if (array != null) { + for (int i = 0; i < array.length(); i++) { + testVersions.add(array.getString(i)); + } + } + return testVersions; + } + } diff --git a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/JsonModuleToConfigDirectoryIndex.java b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/JsonModuleToConfigDirectoryIndex.java index c072de033..a58532230 100644 --- a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/JsonModuleToConfigDirectoryIndex.java +++ b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/JsonModuleToConfigDirectoryIndex.java @@ -40,14 +40,14 @@ */ package org.graalvm.reachability.internal.index.modules; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.type.TypeFactory; +import com.github.openjson.JSONArray; +import com.github.openjson.JSONObject; import org.graalvm.reachability.internal.UncheckedIOException; -import java.io.BufferedReader; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -68,13 +68,13 @@ public JsonModuleToConfigDirectoryIndex(Path rootPath) { private Map> parseIndexFile(Path rootPath) { Path indexFile = rootPath.resolve("index.json"); - ObjectMapper objectMapper = new ObjectMapper(); - TypeFactory typeFactory = objectMapper.getTypeFactory(); - try (BufferedReader reader = Files.newBufferedReader(indexFile)) { - List entries = objectMapper.readValue( - reader, - typeFactory.constructCollectionType(List.class, ModuleEntry.class) - ); + try { + String fileContent = Files.readString(indexFile); + JSONArray json = new JSONArray(fileContent); + List entries = new ArrayList<>(); + for (int i = 0; i < json.length(); i++) { + entries.add(fromJson(json.getJSONObject(i))); + } Map> moduleToEntries = entries.stream() .collect(Collectors.groupingBy(ModuleEntry::getModule)); Map> index = new HashMap<>(moduleToEntries.size()); @@ -104,6 +104,23 @@ private Map> parseIndexFile(Path rootPath) { } + private ModuleEntry fromJson(JSONObject json) { + String module = json.optString("module", null); + String moduleDirectory = json.optString("directory", null); + List requires = readRequires(json.optJSONArray("requires")); + return new ModuleEntry(module, moduleDirectory, requires); + } + + private List readRequires(JSONArray array) { + List requires = new ArrayList<>(); + if (array != null) { + for (int i = 0; i < array.length(); i++) { + requires.add(array.getString(i)); + } + } + return requires; + } + /** * Returns the directory containing the candidate configurations for the given module. * diff --git a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/ModuleEntry.java b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/ModuleEntry.java index 7093eae97..fdcb58f75 100644 --- a/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/ModuleEntry.java +++ b/common/graalvm-reachability-metadata/src/main/java/org/graalvm/reachability/internal/index/modules/ModuleEntry.java @@ -40,23 +40,15 @@ */ package org.graalvm.reachability.internal.index.modules; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; - import java.util.Collections; import java.util.List; -@JsonIgnoreProperties(ignoreUnknown = true) public class ModuleEntry { private final String module; private final String moduleDirectory; private final List requires; - @JsonCreator - public ModuleEntry(@JsonProperty("module") String module, - @JsonProperty("directory") String moduleDirectory, - @JsonProperty("requires") List requires) { + public ModuleEntry(String module, String moduleDirectory, List requires) { this.module = module; this.moduleDirectory = moduleDirectory; this.requires = requires == null ? Collections.emptyList() : requires; diff --git a/common/utils/build.gradle.kts b/common/utils/build.gradle.kts index a35b0ff9b..89f0ae503 100644 --- a/common/utils/build.gradle.kts +++ b/common/utils/build.gradle.kts @@ -49,7 +49,7 @@ maven { } dependencies { - implementation(libs.jackson.databind) + implementation(libs.openjson) testImplementation(platform(libs.test.junit.bom)) testImplementation(libs.test.junit.jupiter.core) } diff --git a/common/utils/src/main/java/org/graalvm/buildtools/model/resources/ResourcesConfigModelSerializer.java b/common/utils/src/main/java/org/graalvm/buildtools/model/resources/ResourcesConfigModelSerializer.java index 7334728bd..41fc5c641 100644 --- a/common/utils/src/main/java/org/graalvm/buildtools/model/resources/ResourcesConfigModelSerializer.java +++ b/common/utils/src/main/java/org/graalvm/buildtools/model/resources/ResourcesConfigModelSerializer.java @@ -40,7 +40,8 @@ */ package org.graalvm.buildtools.model.resources; -import com.fasterxml.jackson.databind.ObjectMapper; +import com.github.openjson.JSONArray; +import com.github.openjson.JSONObject; import java.io.File; import java.io.FileOutputStream; @@ -50,8 +51,8 @@ public class ResourcesConfigModelSerializer { public static void serialize(ResourcesConfigModel model, File outputFile) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - String pretty = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(model); + JSONObject json = toJson(model); + String pretty = json.toString(4); File outputDir = outputFile.getParentFile(); if (outputDir.isDirectory() || outputDir.mkdirs()) { try (OutputStreamWriter out = new OutputStreamWriter(new FileOutputStream(outputFile), StandardCharsets.UTF_8)) { @@ -59,4 +60,31 @@ public static void serialize(ResourcesConfigModel model, File outputFile) throw } } } + + private static JSONObject toJson(ResourcesConfigModel model) { + JSONObject json = new JSONObject(); + json.put("resources", toJson(model.getResources())); + JSONArray namedValues = new JSONArray(); + model.getBundles().forEach(namedValue -> namedValues.put(toJson(namedValue))); + json.put("bundles", namedValues); + return json; + } + + private static JSONObject toJson(ResourcesModel model) { + JSONObject json = new JSONObject(); + JSONArray includes = new JSONArray(); + model.getIncludes().forEach(includes::put); + json.put("includes", includes); + JSONArray excludes = new JSONArray(); + model.getExcludes().forEach(excludes::put); + json.put("excludes", excludes); + return json; + } + + private static JSONObject toJson(NamedValue namedValue) { + JSONObject json = new JSONObject(); + json.put("name", namedValue.getName()); + return json; + } + } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index f6e597565..fb5343084 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -10,7 +10,7 @@ mavenAnnotations = "3.6.4" mavenEmbedder = "3.8.6" mavenWagon = "3.4.3" graalvm = "23.0.2" -jackson = "2.13.5" +openjson = "1.0.13" junitPlatform = "1.10.0" junitJupiter = "5.10.0" aether = "1.1.0" @@ -42,7 +42,7 @@ test-spock = { module = "org.spockframework:spock-core", version.ref = "spock" } graalvm-svm = { module = "org.graalvm.nativeimage:svm", version.ref = "graalvm" } -jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jackson" } +openjson = { module = "com.github.openjson:openjson", version.ref = "openjson" } maven-pluginApi = { module = "org.apache.maven:maven-plugin-api", version.ref = "maven" } maven-pluginAnnotations = { module = "org.apache.maven.plugin-tools:maven-plugin-annotations", version.ref = "mavenAnnotations" } diff --git a/native-maven-plugin/build.gradle.kts b/native-maven-plugin/build.gradle.kts index 63cc0996e..a76455c4f 100644 --- a/native-maven-plugin/build.gradle.kts +++ b/native-maven-plugin/build.gradle.kts @@ -61,7 +61,7 @@ maven { dependencies { implementation(libs.utils) - implementation(libs.jackson.databind) + implementation(libs.openjson) implementation(libs.jvmReachabilityMetadata) implementation(libs.plexus.utils) implementation(libs.plexus.xml) diff --git a/native-maven-plugin/src/functionalTest/groovy/org/graalvm/buildtools/maven/SBOMFunctionalTest.groovy b/native-maven-plugin/src/functionalTest/groovy/org/graalvm/buildtools/maven/SBOMFunctionalTest.groovy index 0805b7930..2434fc9b0 100644 --- a/native-maven-plugin/src/functionalTest/groovy/org/graalvm/buildtools/maven/SBOMFunctionalTest.groovy +++ b/native-maven-plugin/src/functionalTest/groovy/org/graalvm/buildtools/maven/SBOMFunctionalTest.groovy @@ -41,11 +41,10 @@ package org.graalvm.buildtools.maven -import com.fasterxml.jackson.databind.node.ObjectNode +import com.github.openjson.JSONObject import org.graalvm.buildtools.maven.sbom.SBOMGenerator import org.graalvm.buildtools.utils.NativeImageUtils import spock.lang.Requires -import com.fasterxml.jackson.databind.ObjectMapper class SBOMFunctionalTest extends AbstractGraalVMMavenFunctionalTest { private static boolean EE() { @@ -143,12 +142,11 @@ class SBOMFunctionalTest extends AbstractGraalVMMavenFunctionalTest { return false } - def mapper = new ObjectMapper() - def rootNode = mapper.readTree(sbom) + def rootNode = new JSONObject(sbom.getText()) // Check root fields assert rootNode.has('bomFormat') - assert rootNode.get('bomFormat').asText() == 'CycloneDX' + assert rootNode.getString('bomFormat') == 'CycloneDX' assert rootNode.has('specVersion') assert rootNode.has('serialNumber') assert rootNode.has('version') @@ -157,20 +155,20 @@ class SBOMFunctionalTest extends AbstractGraalVMMavenFunctionalTest { assert rootNode.has('dependencies') // Check metadata/component - def metadataComponent = rootNode.path('metadata').path('component') + def metadataComponent = rootNode.getJSONObject('metadata').getJSONObject('component') assert metadataComponent.has('group') - assert metadataComponent.get('group').asText() == 'org.graalvm.buildtools.examples' + assert metadataComponent.getString('group') == 'org.graalvm.buildtools.examples' assert metadataComponent.has('name') - assert metadataComponent.get('name').asText() == 'maven' + assert metadataComponent.getString('name') == 'maven' // Check that components and dependencies are non-empty - assert !rootNode.get('components').isEmpty() - assert !rootNode.get('dependencies').isEmpty() + assert !rootNode.getJSONArray('components').isEmpty() + assert !rootNode.getJSONArray('dependencies').isEmpty() // Check that the main component has no dependencies - def mainComponentId = metadataComponent.get('bom-ref').asText() - def mainComponentDependency = rootNode.get('dependencies').find { it.get('ref').asText() == mainComponentId } as ObjectNode - assert mainComponentDependency.get('dependsOn').isEmpty() + def mainComponentId = metadataComponent.getString('bom-ref') + def mainComponentDependency = rootNode.getJSONArray('dependencies').iterator().find { it.getString('ref') == mainComponentId } as JSONObject + assert mainComponentDependency.getJSONArray('dependsOn').isEmpty() // Check that the main component is not found in "components" assert !rootNode.get('components').any { it.get('bom-ref').asText() == mainComponentId } diff --git a/native-maven-plugin/src/main/java/org/graalvm/buildtools/maven/sbom/SBOMGenerator.java b/native-maven-plugin/src/main/java/org/graalvm/buildtools/maven/sbom/SBOMGenerator.java index 41bde40e1..f28e60bc0 100644 --- a/native-maven-plugin/src/main/java/org/graalvm/buildtools/maven/sbom/SBOMGenerator.java +++ b/native-maven-plugin/src/main/java/org/graalvm/buildtools/maven/sbom/SBOMGenerator.java @@ -40,10 +40,8 @@ */ package org.graalvm.buildtools.maven.sbom; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ArrayNode; -import com.fasterxml.jackson.databind.node.ObjectNode; +import com.github.openjson.JSONArray; +import com.github.openjson.JSONObject; import org.apache.maven.execution.MavenSession; import org.apache.maven.plugin.BuildPluginManager; import org.apache.maven.plugin.MojoExecutionException; @@ -237,25 +235,24 @@ private static void deleteFileIfExists(Path sbomPath) { * @param artifacts artifacts that possibly have been extended with package name data. */ private void augmentSBOM(Path baseSBOMPath, Set artifacts) throws IOException { - ObjectMapper objectMapper = new ObjectMapper(); - ObjectNode sbomJson = (ObjectNode) objectMapper.readTree(Files.newInputStream(baseSBOMPath)); + JSONObject sbomJson = new JSONObject(Files.readString(baseSBOMPath)); - ArrayNode componentsArray = (ArrayNode) sbomJson.get("components"); + JSONArray componentsArray = sbomJson.optJSONArray("components"); if (componentsArray == null) { throw new RuntimeException(String.format("SBOM generated by %s:%s contained no components.", Plugin.groupId, Plugin.artifactId)); } /* Augment the "components" */ - componentsArray.forEach(componentNode -> augmentComponentNode(componentNode, artifacts, objectMapper)); + componentsArray.forEach(componentNode -> augmentComponentNode((JSONObject) componentNode, artifacts)); /* Augment the main component in "metadata/component" */ - JsonNode metadataNode = sbomJson.get("metadata"); + JSONObject metadataNode = sbomJson.optJSONObject("metadata"); if (metadataNode != null && metadataNode.has("component")) { - augmentComponentNode(metadataNode.get("component"), artifacts, objectMapper); + augmentComponentNode(metadataNode.getJSONObject("component"), artifacts); } /* Save the augmented SBOM back to the file */ - objectMapper.writerWithDefaultPrettyPrinter().writeValue(Files.newOutputStream(baseSBOMPath), sbomJson); + Files.writeString(baseSBOMPath, sbomJson.toString(4)); } /** @@ -264,16 +261,15 @@ private void augmentSBOM(Path baseSBOMPath, Set artifacts) thro * * @param componentNode the node in the base SBOM that should be augmented. * @param artifactsWithPackageNames the artifact with information for {@link AddedComponentFields}. - * @param objectMapper the objectMapper that is used to write the updates. */ - private void augmentComponentNode(JsonNode componentNode, Set artifactsWithPackageNames, ObjectMapper objectMapper) { + private void augmentComponentNode(JSONObject componentNode, Set artifactsWithPackageNames) { String groupField = "group"; String nameField = "name"; String versionField = "version"; if (componentNode.has(groupField) && componentNode.has(nameField) && componentNode.has(versionField)) { - String groupId = componentNode.get(groupField).asText(); - String artifactId = componentNode.get(nameField).asText(); - String version = componentNode.get(versionField).asText(); + String groupId = componentNode.getString(groupField); + String artifactId = componentNode.getString(nameField); + String version = componentNode.getString(versionField); Optional optionalArtifact = artifactsWithPackageNames.stream() .filter(artifact -> artifact.groupId.equals(groupId) @@ -283,17 +279,17 @@ private void augmentComponentNode(JsonNode componentNode, Set a if (optionalArtifact.isPresent()) { ArtifactAdapter artifact = optionalArtifact.get(); - ArrayNode packageNamesArray = objectMapper.createArrayNode(); + JSONArray packageNamesArray = new JSONArray(); List sortedPackageNames = artifact.packageNames.stream().sorted().collect(Collectors.toList()); - sortedPackageNames.forEach(packageNamesArray::add); - ((ObjectNode) componentNode).set(AddedComponentFields.packageNames, packageNamesArray); + sortedPackageNames.forEach(packageNamesArray::put); + componentNode.put(AddedComponentFields.packageNames, packageNamesArray); String jarPath = ""; if (artifact.jarPath != null) { jarPath = artifact.jarPath.toString(); } - ((ObjectNode) componentNode).put(AddedComponentFields.jarPath, jarPath); - ((ObjectNode) componentNode).put(AddedComponentFields.prunable, artifact.prunable); + componentNode.put(AddedComponentFields.jarPath, jarPath); + componentNode.put(AddedComponentFields.prunable, artifact.prunable); } } }