alternatice to version pinning

Signed-off-by: jorgee <jorge.ejarque@seqera.io>

Author: jorgee

modules/nextflow/build.gradle

@@ -76,7 +76,7 @@ dependencies {
 
     testImplementation 'org.subethamail:subethasmtp:3.1.7'
     testImplementation (project(':nf-lineage'))
-    testImplementation 'org.wiremock:wiremock:3.13.1'
+    testImplementation 'org.wiremock:wiremock:3.13.2'
     // test configuration
     testFixturesApi ("org.apache.groovy:groovy-test:4.0.31") { exclude group: 'org.apache.groovy' }
     testFixturesApi ("org.objenesis:objenesis:3.4")

modules/nf-commons/build.gradle

@@ -45,6 +45,6 @@ dependencies {
     testFixturesImplementation(project(":nextflow"))
 
     testImplementation "org.apache.groovy:groovy-json:4.0.31" // needed by wiremock
-    testImplementation ('org.wiremock:wiremock:3.13.1') { exclude module: 'groovy-all' }
+    testImplementation ('org.wiremock:wiremock:3.13.2') { exclude module: 'groovy-all' }
 }
 

modules/nf-httpfs/build.gradle

@@ -36,7 +36,7 @@ dependencies {
 
     /* testImplementation inherited from top gradle build file */
     testImplementation "org.apache.groovy:groovy-json:4.0.31" // needed by wiremock
-    testImplementation ('org.wiremock:wiremock:3.13.1') { exclude module: 'groovy-all' }
+    testImplementation ('org.wiremock:wiremock:3.13.2') { exclude module: 'groovy-all' }
 
     testImplementation(testFixtures(project(":nextflow")))
 }

plugins/nf-amazon/build.gradle

@@ -48,40 +48,30 @@ sourceSets {
 configurations {
     // see https://docs.gradle.org/4.1/userguide/dependency_management.html#sub:exclude_transitive_dependencies
     runtimeClasspath.exclude group: 'org.slf4j', module: 'slf4j-api'
+    testRuntimeClasspath.exclude group: 'io.micronaut', module: 'micronaut-core-bom'
 }
 
 dependencies {
-    // Force patched Netty across all configurations (incl. testRuntimeClasspath, where
-    // a transitive fixture would otherwise escalate to 4.2.x).
-    // Addresses GHSA-pwqr-wmgm-9rr8 (netty-codec-http HTTP Request Smuggling)
-    // and GHSA-w9fj-cfpg-grvv (netty-codec-http2 CONTINUATION Frame Flood DoS).
-    constraints {
-        implementation('io.netty:netty-buffer') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-common') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-handler') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http2') { version { strictly '4.1.132.Final' } }
-    }
 
     compileOnly project(':nextflow')
     compileOnly 'org.slf4j:slf4j-api:2.0.17'
     compileOnly 'org.pf4j:pf4j:3.14.1'
 
     api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
-    api ('software.amazon.awssdk:s3:2.33.2')
-    api ('software.amazon.awssdk:ec2:2.33.2')
-    api ('software.amazon.awssdk:batch:2.33.2')
-    api ('software.amazon.awssdk:iam:2.33.2')
-    api ('software.amazon.awssdk:ecs:2.33.2')
-    api ('software.amazon.awssdk:cloudwatchlogs:2.33.2')
-    api ('software.amazon.awssdk:codecommit:2.33.2')
-    api ('software.amazon.awssdk:sts:2.33.2')
-    api ('software.amazon.awssdk:ses:2.33.2')
-    api ('software.amazon.awssdk:sso:2.33.2')
-    api ('software.amazon.awssdk:ssooidc:2.33.2')
-    api ('software.amazon.awssdk:s3-transfer-manager:2.33.2')
-    api ('software.amazon.awssdk:apache-client:2.33.2')
-    api ('software.amazon.awssdk:aws-crt-client:2.33.2')
+    api ('software.amazon.awssdk:s3:2.42.41')
+    api ('software.amazon.awssdk:ec2:2.42.41')
+    api ('software.amazon.awssdk:batch:2.42.41')
+    api ('software.amazon.awssdk:iam:2.42.41')
+    api ('software.amazon.awssdk:ecs:2.42.41')
+    api ('software.amazon.awssdk:cloudwatchlogs:2.42.41')
+    api ('software.amazon.awssdk:codecommit:2.42.41')
+    api ('software.amazon.awssdk:sts:2.42.41')
+    api ('software.amazon.awssdk:ses:2.42.41')
+    api ('software.amazon.awssdk:sso:2.42.41')
+    api ('software.amazon.awssdk:ssooidc:2.42.41')
+    api ('software.amazon.awssdk:s3-transfer-manager:2.42.41')
+    api ('software.amazon.awssdk:apache-client:2.42.41')
+    api ('software.amazon.awssdk:aws-crt-client:2.42.41')
 
     testImplementation(testFixtures(project(":nextflow")))
     testImplementation project(':nextflow')

plugins/nf-amazon/src/main/nextflow/cloud/aws/nio/S3Client.java

@@ -21,6 +21,7 @@
 import java.io.InputStream;
 import java.io.InterruptedIOException;
 import java.nio.file.*;
+import java.nio.file.AccessDeniedException;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.EnumSet;
 import java.util.Queue;

plugins/nf-azure/build.gradle

@@ -47,22 +47,10 @@ sourceSets {
 configurations {
     // see https://docs.gradle.org/4.1/userguide/dependency_management.html#sub:exclude_transitive_dependencies
     runtimeClasspath.exclude group: 'org.slf4j', module: 'slf4j-api'
+    testRuntimeClasspath.exclude group: 'io.micronaut', module: 'micronaut-core-bom'
 }
 
 dependencies {
-    // Force patched Netty across all configurations (incl. testRuntimeClasspath, where
-    // a transitive fixture would otherwise escalate to 4.2.x).
-    // Addresses GHSA-pwqr-wmgm-9rr8 (netty-codec-http HTTP Request Smuggling)
-    // and GHSA-w9fj-cfpg-grvv (netty-codec-http2 CONTINUATION Frame Flood DoS).
-    // netty-buffer must be pinned alongside the rest -- leaving it at 4.2.x
-    // (via Micronaut BOM) causes ABI mismatch in AbstractByteBufAllocator.
-    constraints {
-        implementation('io.netty:netty-buffer') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-common') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-handler') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http2') { version { strictly '4.1.132.Final' } }
-    }
 
     compileOnly project(':nextflow')
     compileOnly 'org.slf4j:slf4j-api:2.0.17'

plugins/nf-codecommit/build.gradle

@@ -43,29 +43,19 @@ sourceSets {
 configurations {
     // see https://docs.gradle.org/4.1/userguide/dependency_management.html#sub:exclude_transitive_dependencies
     runtimeClasspath.exclude group: 'org.slf4j', module: 'slf4j-api'
+    testRuntimeClasspath.exclude group: 'io.micronaut', module: 'micronaut-core-bom'
 }
 
 dependencies {
-    // Force patched Netty across all configurations (incl. testRuntimeClasspath, where
-    // a transitive fixture would otherwise escalate to 4.2.x).
-    // Addresses GHSA-pwqr-wmgm-9rr8 (netty-codec-http HTTP Request Smuggling)
-    // and GHSA-w9fj-cfpg-grvv (netty-codec-http2 CONTINUATION Frame Flood DoS).
-    constraints {
-        implementation('io.netty:netty-buffer') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-common') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-handler') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http') { version { strictly '4.1.132.Final' } }
-        implementation('io.netty:netty-codec-http2') { version { strictly '4.1.132.Final' } }
-    }
 
     compileOnly project(':nextflow')
     compileOnly 'org.slf4j:slf4j-api:2.0.17'
     compileOnly 'org.pf4j:pf4j:3.14.1'
 
     api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
-    api ('software.amazon.awssdk:codecommit:2.31.64')
-    api ('software.amazon.awssdk:sso:2.31.64')
-    api ('software.amazon.awssdk:ssooidc:2.31.64')
+    api ('software.amazon.awssdk:codecommit:2.42.41')
+    api ('software.amazon.awssdk:sso:2.42.41')
+    api ('software.amazon.awssdk:ssooidc:2.42.41')
 
     testImplementation(testFixtures(project(":nextflow")))
     testImplementation project(':nextflow')