mirror of https://github.com/elastic/logstash.git synced 2025-04-20 12:47:23 -04:00

History

github-actions[bot] 13309ad4fd deps: downgrade jruby, keep updated default-gem dependencies (forward-port #15283 ) (#15369 ) (#15370 ) * deps: downgrade jruby, keep updated default-gem dependencies (#15283) forward-ports non-release-branch components of #15283 to `main` * deps: downgrade jruby, keep updated default-gem dependencies By downgrading JRuby to 9.4.2.0 we avoid the silent global crash of the scheduler backing `Concurrent::TimerTask` that occurs when Jruby 9.4.3.0's invokedynamic promotes a method to run natively, incorrectly. Upstream bug: https://github.com/jruby/jruby/issues/7904 Along with the downgrade of JRuby itself to 9.4.2.0, we cherry-pick the updates to gems that were included in the latest JRuby 9.4.3.0 to ensure we don't back out relevant fixes to stdlib. We also remove a pinned-dependency on `racc` that is no longer relevant. Resolves: https://github.com/elastic/logstash/issues/15282 * Imported the licenses for some gems - cgi - date - ffi-binary-libfixposix - io-console - net-http - net-protocol - reline - time - timeout - uri * specs: avoid mocking global ::Gem::Dependency::new * build: remove redundanct dependsOn declaration * deps: notice use of ffi-binary-libfixposix via Ruby license this gem is tri-licensed `Ruby` / `EPL-2.0` / `LGPL-2.1-or-later` and the Ruby license is preferred to EPL when available --------- Co-authored-by: andsel <selva.andre@gmail.com> * deps: add license notices for gems moved from default to bundled --------- Co-authored-by: andsel <selva.andre@gmail.com> (cherry picked from commit `70081bbcac`) Co-authored-by: Ry Biesemeyer <yaauie@users.noreply.github.com>		2023-10-03 14:41:08 -07:00
..
src	deps: downgrade jruby, keep updated default-gem dependencies (forward-port #15283 ) (#15369 ) (#15370 )	2023-10-03 14:41:08 -07:00
build.gradle	update commons-io commons-compress jrjackson databind (#15125 )	2023-06-29 09:02:32 +02:00
gradle.properties	Add license reporting task	2018-05-02 15:35:42 +00:00
README.md	rename references of master branch to main branch (#13301 )	2021-11-08 10:23:46 +00:00

README.md

Dependency audit tool

The dependency audit tool automates the verification of the following criteria for all third-party dependencies that are shipped as part of either Logstash core or the default Logstash plugins:

The dependency has been added to the dependency list file with an appropriate project URL and SPDX license identifier.
The license for the dependency is among those approved for distribution.
There is a corresponding NOTICE.txt file in the notices folder containing the appropriate notices or license information for the dependency. These individual notice files will be combined to form the notice file shipped with Logstash.

The dependency audit tool enumerates all the dependencies, Ruby and Java, direct and transitive, for Logstash core and the default plugins. If any dependencies are found that do not conform to the criteria above, the name of the dependency(ies) along with instructions for resolving are printed to the console and the tool exits with a non-zero return code.

The dependency audit tool should be run using the script in the bin folder:

$LS_HOME/bin/dependencies-report --csv report.csv