Commit Graph

180 Commits

Author SHA1 Message Date
HenrikJannsen
9e0845e7f7
Add dependency to bitcoinj
Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-07-21 15:16:26 +07:00
Alejandro García
a090f2aa27
Merge branch 'master' into release/v1.9.17 2024-06-25 20:33:51 +00:00
Alejandro García
3a84f18d2b
Target bitcoinj containing chain work hotfix 2024-06-24 00:58:28 +00:00
Devin Bileck
8e9e665cf9
Reduce bundled javacv library size
With the introduction of the javacv library when re-adding the QR code
scanner feature for mobile notification pairing in #7050, the Bisq
binary increased to nearly 1 GB from its previous size of around 300 MB.

When including the javacv-platform dependency, it pulls in binaries
for all platforms. But it is possible to limit this by utilizing
the gradle-javacpp platform plugin which by default will pull in
binaries only for the current platform.

Reference: https://github.com/bytedeco/gradle-javacpp#the-platform-plugin

With this change, the included libs went from ~980 MB down to ~366 MB.
2024-06-24 00:58:22 +00:00
Devin Bileck
5016ad8951
Reduce bundled javacv library size
With the introduction of the javacv library when re-adding the QR code
scanner feature for mobile notification pairing in #7050, the Bisq
binary increased to nearly 1 GB from its previous size of around 300 MB.

When including the javacv-platform dependency, it pulls in binaries
for all platforms. But it is possible to limit this by utilizing
the gradle-javacpp platform plugin which by default will pull in
binaries only for the current platform.

Reference: https://github.com/bytedeco/gradle-javacpp#the-platform-plugin

With this change, the included libs went from ~980 MB down to ~366 MB.
2024-06-22 23:17:27 -07:00
HenrikJannsen
a251dadd92
Update verification-metadata.xml
Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-06-07 22:55:29 +07:00
HenrikJannsen
e4cdfa731a
Add restapi module (code from dao-node) 2024-06-07 22:53:32 +07:00
HenrikJannsen
348e66e55e
Update apache-commons-lang3 to 3.14.0
Update jackson to 2.17.1

Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-06-07 22:52:39 +07:00
HenrikJannsen
9ba9ad3bb8
Update verification-metadata.xml (add missing junit-bom-5.8.2.module)
Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-06-05 15:04:02 +07:00
HenrikJannsen
419472d4cf
Update verification-metadata.xml
Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-06-05 14:05:23 +07:00
HenrikJannsen
32a7c1513a
Update verification-metadata.xml
Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2024-06-02 18:32:54 +07:00
HenrikJannsen
4892274d58
Update new dependencies to latest versions 2024-06-02 15:02:05 +07:00
HenrikJannsen
32a8091484
Add inventory module and dependencies 2024-06-02 15:02:05 +07:00
Devin Bileck
0f373cee43
Restore QR code scanner feature for mobile notification pairing
This restores the functionality that was removed in b5beea58. However,
this implementation utilizes the JavaCV library rather than the
webcam-capture library as discussed in #4940. As a result, this should
now provide macOS support.
2024-04-01 21:52:40 -07:00
HenrikJannsen
4e13cd3934
Add sha hash for protoc-3.19.1-osx-aarch_64.exe 2024-03-08 18:29:34 +07:00
Alva Swanson
38515ce7ae
Add JUnit MockitoExtension library 2023-12-28 08:50:13 +01:00
Alva Swanson
0f33c697d1
Update to Gradle 7.6.3 2023-10-17 00:25:21 +02:00
Alva Swanson
49bc7267b3
Target latest netlayer (2b459dc) 2023-10-10 20:04:00 +02:00
Alva Swanson
5ac3a10806
Support external Tor hostname 2023-10-08 23:19:32 +02:00
Alva Swanson
65667cf4e7
Add Gradle Toolchain Resolver 2023-09-10 18:23:56 +02:00
Alva Swanson
44ab029c7e
Gradle: Apply shadow plugin only to desktop module 2023-08-05 15:18:59 +02:00
Alva Swanson
8bd51f2bd5
Gradle: Declare openjfx.javafx.plugin in version catalog 2023-08-04 13:38:14 +02:00
Alva Swanson
6b92629b86
Improve build-time: Lazily apply gRPC plugin
For details see:
https://docs.gradle.org/current/userguide/task_configuration_avoidance.html
2023-07-17 18:49:10 +02:00
Alva Swanson
d50df8f49f
Add JaCoCo Gradle Plugin to all modules
Co-authored-by: napoly <napolytan@protonmail.com>
2023-07-06 17:51:05 +02:00
Alva Swanson
14eb692a61
Fix broken gson version enforcement
We strictly enforce version 2.8.5 for all modules, but the cli module
transitively depends on version 2.8.6.
2023-05-31 16:20:17 +08:00
Alva Swanson
87ef76e323
Add missing junit-bom-5.7.0.pom to verification metadata 2023-05-26 14:17:41 +08:00
Alva Swanson
b5402d840b
Add bisq2 Gradle Tor Plugin 2023-05-09 18:09:35 +10:00
Alva Swanson
e5e09db3f1
GitHub Actions: Publish Gradle build scan 2023-05-08 17:49:41 +10:00
napoly
e19ffe2308
Upgrade JUnit4 to JUnit5 Jupiter 2023-05-04 20:04:49 +02:00
Alejandro García
1bc5d4a8c9
Target netlayer 0.7.6 2023-03-31 18:17:25 +11:00
Alva Swanson
faf9b23bc5
Gradle: Create bisq.java-conventions precompiled script 2023-02-05 21:58:46 +01:00
Alejandro García
9135d3a7ad
Target BitcoinJ version with "Reduce log level of two messages" patch 2023-01-15 17:13:39 +02:00
Alva Swanson
de600ddb30
Introduce Gradle Version Catalog
To simplify the build.gradle file, this change moves all version variables to
Gradle's version catalog.
2022-12-09 15:45:57 +02:00
Alva Swanson
80b10c88f6
Update to Gradle 7.6 2022-12-09 15:45:57 +02:00
Alva Swanson
90070c80c7
Fix broken Gradle Dependency Verification
The following artifacts failed verification:
  - javafx-base-16-linux.jar (org.openjfx:javafx-base:16) from repository MavenRepo
  - javafx-controls-16-linux.jar (org.openjfx:javafx-controls:16) from repository MavenRepo
  - javafx-fxml-16-linux.jar (org.openjfx:javafx-fxml:16) from repository MavenRepo
  - javafx-graphics-16-linux.jar (org.openjfx:javafx-graphics:16) from repository MavenRepo
  - protoc-3.19.1-linux-x86_64.exe (com.google.protobuf:protoc:3.19.1) from repository MavenRepo
  - protoc-gen-grpc-java-1.42.1-linux-x86_64.exe (io.grpc:protoc-gen-grpc-java:1.42.1) from repository MavenRepo
  - jackson-base-2.12.1.pom
  - protoc-3.19.1-windows-x86_64.exe
  - protoc-gen-grpc-java-1.42.1-windows-x86_64.exe
  - junit-bom-5.7.0.pom
  - javafx-base-16-win.jar
  - javafx-controls-16-win.jar
  - javafx-fxml-16-win.jar
  - javafx-graphics-16-win.jar
2022-12-06 20:34:17 +02:00
HenrikJannsen
0e4255c61b
Update verification-metadata.xml
Remove classpath to springframework

Signed-off-by: HenrikJannsen <boilingfrog@gmx.com>
2022-11-25 12:37:02 -05:00
Christoph Atteneder
24fe4a0495
Update missing hashes for tor 0.7.5 update 2022-10-17 11:14:32 +02:00
Christoph Atteneder
40410daef4
Update tor-browser to v11.5.2 / tor-binary to v0.4.7.10 2022-10-04 12:10:51 +02:00
Christoph Atteneder
0232a00282
Use tag instead of commit hash for netlayer 2022-07-05 10:29:13 +02:00
Christoph Atteneder
2dafd42639
Update tor-browser to v11.0.15 / tor-binary to v0.4.7.8 2022-07-04 12:04:48 +02:00
chimp1984
03efe23449
Add netlayer 0.7.3 2022-06-20 23:05:42 +02:00
chimp1984
bbf79872ac
Update dependency verification metadata 2022-06-14 12:53:11 +02:00
Christoph Atteneder
b1a53531ad
Update dependency verification for changes in pricenode 2022-06-09 09:41:33 +02:00
Daniel Bast
064c7590a8
Update gradle wrapper to 7.3.3
Done via `./gradlew wrapper --gradle-version 7.3.3 --distribution-type all`

From the release description:

This is a patch release for Gradle 7.3.

It fixes the following issues:

* #19360 Upgrade checks to Log4j 2.17.0

We recommend users upgrade to 7.3.3 instead of 7.3.

See also https://github.com/gradle/gradle/releases/tag/v7.3.3
2021-12-25 13:03:14 +01:00
Chris Beams
07a139c927
Upgrade log4j 2.15.0 => 2.17.0
This change upgrades log4j to patch fixes for recently documented
CVE-2021-45046 CVE-2021-45105 vulnerabilities related to the Log4Shell
exploit.

Like the earlier fix, Bisq does not appear to be vulnerable to these
exploits because it does not use log4j directly, only transitively
depends on it. Nevertheless, the upgrade is still the safe bet.
2021-12-20 07:34:04 +01:00
Chris Beams
55becc59c0
Avoid Log4J "Log4Shell" exploit
This commit upgrades our transitive dependency on Log4J 2 from 2.14.1 to
the newly-released 2.15.0 to avoid the CVE described at
https://www.lunasec.io/docs/blog/log4j-zero-day/.

We do not use log4j directly anywhere in our codebase, so our exposure
to this exploit was already mitigated if not eliminated, but Spring Boot
depends on Log4J 2 internally. This commit upgrades Spring Boot's
underlying dependency on Log4J to 2.15.0 in the manner recommended at
https://github.com/spring-projects/spring-boot/issues/28958.
2021-12-10 10:40:36 +01:00
Chris Beams
31c6e16e63
Use Spring dependency-management plugin in pricenode
This is in preparation for addressing log4j 2 zero day exploit described
at https://www.lunasec.io/docs/blog/log4j-zero-day/. See full details
in the next commit.

Bringing in the dependency-management plugin results in many changes to
our Gradle verification metadata file, but all are BOM / POM / Module
manifests. No additional jar or code dependencies have been whitelisted
with this change.
2021-12-10 10:34:09 +01:00
Chris Beams
42b00b3a3e
Fix guava dependency issue
Problem: a

    NoSuchMethodError: 'java.util.stream.Collector
    com.google.common.collect.ImmutableMultiset.toImmutableMultiset()'

exception was being thrown when testing the previously-merged upgrade to
Gradle 7.3, as described at keybase://chat/bisq#testing/2466.

Solution: This problem is similar to the issue reported at
jeremylong/DependencyCheck#3221. The source of the problem was multiple
conflicting guava jars on the runtime classpath. This commit upgrades to
guava 30.1.1-jre which ensures a single jar on the classpath.
2021-11-21 17:06:10 +01:00
Chris Beams
ea629de1a1
Add missing metadata for jackson-base pom 2.12.1
Problem: When merging #5824, the absence of this entry caused a build
failure at dependency verification time against JDK11 and JDK15 on
Ubuntu-latest [1]. It may also cause failures on other JDK/OS
combinations, but the GitHub workflow was aborted before those failures
couldhave occurred. In any case, this omission did not create build
failures on any of the local development machines that tested the
aforementioned PR. Reasons for this discrepancy are unknown.

Solution: manually fetch the pom from [2], run `sha256sum` on it locally
and commit the result to the verification metadata file.

[1]: https://github.com/bisq-network/bisq/runs/4249640611?check_suite_focus=true#step:6:33
[2]: https://repo1.maven.org/maven2/com/fasterxml/jackson/jackson-base/2.11.1/jackson-base-2.11.1.pom
2021-11-18 12:38:01 +01:00
Christoph Atteneder
0ea056c6d2
Add Windows artifact hashes 2021-11-15 13:26:05 +01:00