2929
3030module Package
3131
32+ # rubocop:disable Metrics/ClassLength
3233 class VersionsTask < Rake ::TaskLib
3334 include Package
3435
@@ -95,10 +96,85 @@ def initialize
9596 'your_kit_profiler' => 'YourKit Profiler'
9697 } . freeze
9798
99+ NOTE_LINKS = {
100+ 'access_logging_support' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
101+ 'agent' => { 'cve' => '' , 'release' => '' } ,
102+ 'app_dynamics_agent' => { 'cve' => '' ,
103+ 'release' => '[Release Notes](https://docs.appdynamics.com/4.5.x/en/product-and-' \
104+ 'release-announcements/release-notes/language-agent-notes/java-agent-notes)' } ,
105+ 'azure_application_insights_agent' => { 'cve' => '' , 'release' => '' } ,
106+ 'clean_up' => { 'cve' => '' , 'release' => '' } ,
107+ 'client_certificate_mapper' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
108+ 'container_customizer' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
109+ 'container_security_provider' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
110+ 'contrast_security_agent' =>
111+ { 'cve' => '' ,
112+ 'release' => '[Release Notes](https://docs.contrastsecurity.com/en/java-agent-release-notes.html)' } ,
113+ 'datadog_javaagent' => { 'cve' => '' ,
114+ 'release' => '[Release Notes](https://github.com/DataDog/dd-trace-java/releases)' } ,
115+ 'dynatrace_one_agent' =>
116+ { 'cve' => '' ,
117+ 'release' => '[Release Notes](https://www.dynatrace.com/support/help/whats-new/release-notes/#oneagent)' } ,
118+ 'elastic_apm_agent' =>
119+ { 'cve' => '' ,
120+ 'release' => '[Release Notes](https://www.elastic.co/guide/en/apm/agent/java/current/release-notes.html)' } ,
121+ 'geode_store' => { 'cve' => '' , 'release' => '' } ,
122+ 'google_stackdriver_debugger' =>
123+ { 'cve' => '' ,
124+ 'release' => '[Release Notes](https://cloud.google.com/debugger/docs/release-notes)' } ,
125+ 'google_stackdriver_profiler' =>
126+ { 'cve' => '' ,
127+ 'release' => '[Release Notes](https://cloud.google.com/profiler/docs/release-notes)' } ,
128+ 'groovy' => { 'cve' => '' , 'release' => '[Release Notes](http://www.groovy-lang.org/releases.html)' } ,
129+ 'introscope_agent' => { 'cve' => '' , 'release' => '' } ,
130+ 'jacoco_agent' => { 'cve' => '' , 'release' => '[Release Notes](https://github.com/jacoco/jacoco/releases)' } ,
131+ 'jprofiler_profiler' =>
132+ { 'cve' => '' ,
133+ 'release' => '[ChangeLog](https://www.ej-technologies.com/download/jprofiler/changelog.html)' } ,
134+ 'jre' => { 'cve' => '[Risk Matrix](https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA)' ,
135+ 'release' => '[Release Notes](https://bell-sw.com/pages/liberica-release-notes-8u312/)' } ,
136+ 'jre-11' => { 'cve' => '[Risk Matrix](https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA)' ,
137+ 'release' => '[Release Notes](https://bell-sw.com/pages/liberica-release-notes-11.0.13/)' } ,
138+ 'jre-17' => { 'cve' => '[Risk Matrix](https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA)' ,
139+ 'release' => '[Release Notes](https://bell-sw.com/pages/liberica-release-notes-17.0.1/)' } ,
140+ 'jrebel_agent' => { 'cve' => '' , 'release' => '[ChangeLog](https://www.jrebel.com/products/jrebel/changelog)' } ,
141+ 'jvmkill_agent' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
142+ 'lifecycle_support' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
143+ 'logging_support' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
144+ 'luna_security_provider' =>
145+ { 'cve' => '' ,
146+ 'release' =>
147+ '[Release Notes](https://www.thalesdocs.com/gphsm/luna/7/docs/network/Content/CRN/Luna/CRN_Luna.htm)' } ,
148+ 'maria_db_jdbc' =>
149+ { 'cve' => '' ,
150+ 'release' => '[Release Notes](https://mariadb.com/kb/en/mariadb-connector-j-274-release-notes/)' } ,
151+ 'memory_calculator' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
152+ 'metric_writer' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
153+ 'new_relic_agent' =>
154+ { 'cve' => '' ,
155+ 'release' =>
156+ '[Release Notes](https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/)' } ,
157+ 'postgresql_jdbc' => { 'cve' => '' ,
158+ 'release' => '[ChangeLog](https://jdbc.postgresql.org/documentation/changelog.html)' } ,
159+ 'protect_app_security_provider' => { 'cve' => '' , 'release' => '' } ,
160+ 'redis_store' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
161+ 'riverbed_appinternals_agent' => { 'cve' => '' , 'release' => '' } ,
162+ 'sealights_agent' => { 'cve' => '' , 'release' => '' } ,
163+ 'sky_walking_agent' => { 'cve' => '' ,
164+ 'release' => '[ChangeLog](https://github.com/apache/skywalking/tree/master/changes)' } ,
165+ 'spring_auto_reconfiguration' => { 'cve' => 'Included inline above' , 'release' => 'Included inline above' } ,
166+ 'spring_boot_cli' => { 'cve' => '' , 'release' => '' } ,
167+ 'takipi_agent' => { 'cve' => '' , 'release' => '[Release Notes](https://doc.overops.com/docs/whats-new)' } ,
168+ 'tomcat' => { 'cve' => '[Security](https://tomcat.apache.org/security-9.html)' ,
169+ 'release' => '[ChangeLog](https://tomcat.apache.org/tomcat-9.0-doc/changelog.html)' } ,
170+ 'your_kit_profiler' => { 'cve' => '' ,
171+ 'release' => '[Release Notes](https://www.yourkit.com/download/yjp_2021_3_builds.jsp)' }
172+ } . freeze
173+
98174 PLATFORM_PATTERN = /\{ platform\} / . freeze
99175
100176 private_constant :ARCHITECTURE_PATTERN , :DEFAULT_REPOSITORY_ROOT_PATTERN , :NAME_MAPPINGS ,
101- :PLATFORM_PATTERN
177+ :PLATFORM_PATTERN , :NOTE_LINKS
102178
103179 def augment ( raw , key , pattern , candidates , &block )
104180 if raw . respond_to? :at
@@ -218,7 +294,9 @@ def dependency_versions
218294 'id' => id ,
219295 'name' => name ,
220296 'uri' => uri ,
221- 'version' => version
297+ 'version' => version ,
298+ 'cve_link' => NOTE_LINKS [ id ] [ 'cve' ] ,
299+ 'release_notes_link' => NOTE_LINKS [ id ] [ 'release' ]
222300 }
223301 end
224302 end
@@ -253,7 +331,8 @@ def version_task
253331
254332 rows = v [ 'dependencies' ]
255333 . sort_by { |dependency | dependency [ 'name' ] . downcase }
256- . map { |dependency | [ dependency [ 'name' ] , dependency [ 'version' ] ] }
334+ . map { |dependency | [ dependency [ 'name' ] , dependency [ 'version' ] ,
335+ dependency [ 'cve_link' ] , dependency [ 'release_notes_link' ] ] }
257336
258337 puts Terminal ::Table . new title : "Java Buildpack #{ v [ 'buildpack' ] } , rows : rows
259338 end
@@ -263,20 +342,20 @@ def version_json_task
263342 desc 'Display the versions of buildpack dependencies in JSON form'
264343 task json : [ ] do
265344 puts JSON . pretty_generate ( versions [ 'dependencies' ]
266- . sort_by { |dependency | dependency [ 'name' ] . downcase }
267- . map { |dependency | "#{ dependency [ 'name' ] } #{ dependency [ 'version' ] } } )
345+ . sort_by { |dependency | dependency [ 'name' ] . downcase } )
268346 end
269347 end
270348
271349 def version_markdown_task
272350 desc 'Display the versions of buildpack dependencies in Markdown form'
273351 task markdown : [ ] do
274- puts '| Dependency | Version |'
275- puts '| ---------- | ------- |'
352+ puts '| Dependency | Version | CVEs | Release Notes | '
353+ puts '| ---------- | ------- | ---- | ------------- | '
276354
277355 versions [ 'dependencies' ]
278356 . sort_by { |dependency | dependency [ 'name' ] . downcase }
279- . each { |dependency | puts "| #{ dependency [ 'name' ] } #{ dependency [ 'version' ] } }
357+ . each { |dependency | puts "| #{ dependency [ 'name' ] } #{ dependency [ 'version' ] } \
358+ "#{ dependency [ 'cve_link' ] } #{ dependency [ 'release_notes_link' ] } }
280359 end
281360 end
282361
@@ -295,5 +374,6 @@ def versions
295374 end
296375
297376 end
377+ # rubocop:enable Metrics/ClassLength
298378
299379end
0 commit comments