[Builder] Build failed in Jenkins: products » product-microgateway » Choreo Connect - Enforcer #862
cbuilder at wso2.org
cbuilder at wso2.org
Wed Aug 3 00:16:34 PDT 2022
See <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/862/display/redirect>
Changes:
------------------------------------------
[...truncated 418.20 KB...]
[WARNING] - com.google.api.HttpOrBuilder
[WARNING] - com.google.api.HttpProto
[WARNING] - 14 more...
[WARNING] nimbus-jose-jwt-7.3.0.wso2v1.jar, nimbus-jose-jwt-7.9.jar define 214 overlapping classes:
[WARNING] - com.nimbusds.jose.Algorithm
[WARNING] - com.nimbusds.jose.AlgorithmFamily
[WARNING] - com.nimbusds.jose.CommonSEHeader
[WARNING] - com.nimbusds.jose.CompressionAlgorithm
[WARNING] - com.nimbusds.jose.CriticalHeaderParamsAware
[WARNING] - com.nimbusds.jose.EncryptionMethod
[WARNING] - com.nimbusds.jose.EncryptionMethod$Family
[WARNING] - com.nimbusds.jose.Header
[WARNING] - com.nimbusds.jose.JOSEException
[WARNING] - com.nimbusds.jose.JOSEObject
[WARNING] - 204 more...
[WARNING] graphql-java-17.3.jar, guava-30.0-jre.jar define 2 overlapping resources:
[WARNING] - META-INF/maven/com.google.guava/guava/pom.properties
[WARNING] - META-INF/maven/com.google.guava/guava/pom.xml
[WARNING] snakeyaml-1.26.jar, ua-parser-1.3.0.wso2v2.jar define 197 overlapping classes:
[WARNING] - org.yaml.snakeyaml.DumperOptions
[WARNING] - org.yaml.snakeyaml.DumperOptions$FlowStyle
[WARNING] - org.yaml.snakeyaml.DumperOptions$LineBreak
[WARNING] - org.yaml.snakeyaml.DumperOptions$ScalarStyle
[WARNING] - org.yaml.snakeyaml.DumperOptions$Version
[WARNING] - org.yaml.snakeyaml.LoaderOptions
[WARNING] - org.yaml.snakeyaml.TypeDescription
[WARNING] - org.yaml.snakeyaml.Yaml
[WARNING] - org.yaml.snakeyaml.Yaml$1
[WARNING] - org.yaml.snakeyaml.Yaml$2
[WARNING] - 187 more...
[WARNING] andes-client-3.3.12.jar, mina-core-1.1.7-wso2v4.jar define 241 overlapping classes:
[WARNING] - org.wso2.org.apache.mina.common.BroadcastIoSession
[WARNING] - org.wso2.org.apache.mina.common.BufferDataException
[WARNING] - org.wso2.org.apache.mina.common.ByteBuffer
[WARNING] - org.wso2.org.apache.mina.common.ByteBuffer$1
[WARNING] - org.wso2.org.apache.mina.common.ByteBuffer$2
[WARNING] - org.wso2.org.apache.mina.common.ByteBuffer$3
[WARNING] - org.wso2.org.apache.mina.common.ByteBuffer$4
[WARNING] - org.wso2.org.apache.mina.common.ByteBufferAllocator
[WARNING] - org.wso2.org.apache.mina.common.ByteBufferProxy
[WARNING] - org.wso2.org.apache.mina.common.CloseFuture
[WARNING] - 231 more...
[WARNING] andes-client-3.3.12.jar, mina-filter-ssl-1.1.7-wso2v4.jar define 8 overlapping classes:
[WARNING] - org.wso2.org.apache.mina.filter.SSLFilter
[WARNING] - org.wso2.org.apache.mina.filter.SSLFilter$1
[WARNING] - org.wso2.org.apache.mina.filter.SSLFilter$EncryptedBuffer
[WARNING] - org.wso2.org.apache.mina.filter.SSLFilter$SSLFilterMessage
[WARNING] - org.wso2.org.apache.mina.filter.support.SSLByteBufferPool
[WARNING] - org.wso2.org.apache.mina.filter.support.SSLHandler
[WARNING] - org.wso2.org.apache.mina.filter.support.SSLHandler$Event
[WARNING] - org.wso2.org.apache.mina.filter.support.SSLHandler$EventType
[WARNING] mina-core-1.1.7-wso2v4.jar, mina-filter-ssl-1.1.7-wso2v4.jar define 3 overlapping resources:
[WARNING] - META-INF/LICENSE.jzlib.txt
[WARNING] - META-INF/LICENSE.slf4j.txt
[WARNING] - META-INF/LICENSE.springframework.txt
[WARNING] axiom-api-1.2.11.jar, axiom-impl-1.2.11.jar define 3 overlapping resources:
[WARNING] - OSGI-INF/metatype/metatype.xml
[WARNING] - OSGI-INF/scr-plugin/scrinfo.xml
[WARNING] - OSGI-INF/serviceComponents.xml
[WARNING] geronimo-activation_1.1_spec-1.0.2.jar, jakarta.activation-api-1.2.1.jar define 17 overlapping classes:
[WARNING] - javax.activation.ActivationDataFlavor
[WARNING] - javax.activation.CommandInfo
[WARNING] - javax.activation.CommandMap
[WARNING] - javax.activation.CommandObject
[WARNING] - javax.activation.DataContentHandler
[WARNING] - javax.activation.DataContentHandlerFactory
[WARNING] - javax.activation.DataHandler
[WARNING] - javax.activation.DataSource
[WARNING] - javax.activation.FileDataSource
[WARNING] - javax.activation.FileTypeMap
[WARNING] - 7 more...
[WARNING] woodstox-core-6.2.3.jar, wstx-asl-3.2.9.jar define 173 overlapping classes and resources:
[WARNING] - META-INF/services/javax.xml.stream.XMLEventFactory
[WARNING] - META-INF/services/javax.xml.stream.XMLInputFactory
[WARNING] - META-INF/services/javax.xml.stream.XMLOutputFactory
[WARNING] - META-INF/services/org.codehaus.stax2.validation.XMLValidationSchemaFactory.dtd
[WARNING] - META-INF/services/org.codehaus.stax2.validation.XMLValidationSchemaFactory.relaxng
[WARNING] - com.ctc.wstx.api.CommonConfig
[WARNING] - com.ctc.wstx.api.ReaderConfig
[WARNING] - com.ctc.wstx.api.ValidatorConfig
[WARNING] - com.ctc.wstx.api.WriterConfig
[WARNING] - com.ctc.wstx.api.WstxInputProperties
[WARNING] - 163 more...
[WARNING] stax2-api-4.2.1.jar, wstx-asl-3.2.9.jar define 40 overlapping classes:
[WARNING] - org.codehaus.stax2.AttributeInfo
[WARNING] - org.codehaus.stax2.DTDInfo
[WARNING] - org.codehaus.stax2.LocationInfo
[WARNING] - org.codehaus.stax2.XMLEventReader2
[WARNING] - org.codehaus.stax2.XMLInputFactory2
[WARNING] - org.codehaus.stax2.XMLOutputFactory2
[WARNING] - org.codehaus.stax2.XMLStreamLocation2
[WARNING] - org.codehaus.stax2.XMLStreamProperties
[WARNING] - org.codehaus.stax2.XMLStreamReader2
[WARNING] - org.codehaus.stax2.XMLStreamWriter2
[WARNING] - 30 more...
[WARNING] applicationinsights-core-2.6.3.jar, wstx-asl-3.2.9.jar define 2 overlapping resources:
[WARNING] - LICENSE
[WARNING] - NOTICE
[WARNING] geronimo-jms_1.1_spec-1.1.1.wso2v1.jar, javax.jms-api-2.0.1.jar define 58 overlapping classes:
[WARNING] - javax.jms.BytesMessage
[WARNING] - javax.jms.Connection
[WARNING] - javax.jms.ConnectionConsumer
[WARNING] - javax.jms.ConnectionFactory
[WARNING] - javax.jms.ConnectionMetaData
[WARNING] - javax.jms.DeliveryMode
[WARNING] - javax.jms.Destination
[WARNING] - javax.jms.ExceptionListener
[WARNING] - javax.jms.IllegalStateException
[WARNING] - javax.jms.InvalidClientIDException
[WARNING] - 48 more...
[WARNING] commons-pool-1.5.6.jar, commons-pool-1.5.6.wso2v1.jar define 55 overlapping classes:
[WARNING] - org.apache.commons.pool.BaseKeyedObjectPool
[WARNING] - org.apache.commons.pool.BaseKeyedPoolableObjectFactory
[WARNING] - org.apache.commons.pool.BaseObjectPool
[WARNING] - org.apache.commons.pool.BasePoolableObjectFactory
[WARNING] - org.apache.commons.pool.KeyedObjectPool
[WARNING] - org.apache.commons.pool.KeyedObjectPoolFactory
[WARNING] - org.apache.commons.pool.KeyedPoolableObjectFactory
[WARNING] - org.apache.commons.pool.ObjectPool
[WARNING] - org.apache.commons.pool.ObjectPoolFactory
[WARNING] - org.apache.commons.pool.PoolUtils
[WARNING] - 45 more...
[WARNING] graphQL-17.3.wso2v1.jar, graphql-java-17.3.jar define 1765 overlapping classes:
[WARNING] - graphql.Assert
[WARNING] - graphql.AssertException
[WARNING] - graphql.Directives
[WARNING] - graphql.DirectivesUtil
[WARNING] - graphql.DirectivesUtil$DirectivesHolder
[WARNING] - graphql.ErrorClassification
[WARNING] - graphql.ErrorType
[WARNING] - graphql.ExceptionWhileDataFetching
[WARNING] - graphql.ExecutionInput
[WARNING] - graphql.ExecutionInput$1
[WARNING] - 1755 more...
[WARNING] graphQL-17.3.wso2v1.jar, java-dataloader-3.1.0.jar define 47 overlapping classes:
[WARNING] - org.dataloader.BatchLoader
[WARNING] - org.dataloader.BatchLoaderContextProvider
[WARNING] - org.dataloader.BatchLoaderEnvironment
[WARNING] - org.dataloader.BatchLoaderEnvironment$1
[WARNING] - org.dataloader.BatchLoaderEnvironment$Builder
[WARNING] - org.dataloader.BatchLoaderEnvironmentProvider
[WARNING] - org.dataloader.BatchLoaderWithContext
[WARNING] - org.dataloader.CacheKey
[WARNING] - org.dataloader.CacheMap
[WARNING] - org.dataloader.DataLoader
[WARNING] - 37 more...
[WARNING] graphQL-17.3.wso2v1.jar, reactive-streams-1.0.2.jar define 4 overlapping classes:
[WARNING] - org.reactivestreams.Processor
[WARNING] - org.reactivestreams.Publisher
[WARNING] - org.reactivestreams.Subscriber
[WARNING] - org.reactivestreams.Subscription
[WARNING] XmlSchema-1.4.7.jar, XmlSchema-1.4.7.wso2v6.jar define 108 overlapping classes:
[WARNING] - org.apache.ws.commons.schema.DocumentFragmentNodeList
[WARNING] - org.apache.ws.commons.schema.SchemaBuilder
[WARNING] - org.apache.ws.commons.schema.SchemaBuilder$1
[WARNING] - org.apache.ws.commons.schema.SchemaBuilder$2
[WARNING] - org.apache.ws.commons.schema.TypeReceiver
[WARNING] - org.apache.ws.commons.schema.ValidationEvent
[WARNING] - org.apache.ws.commons.schema.ValidationEventHandler
[WARNING] - org.apache.ws.commons.schema.XmlSchema
[WARNING] - org.apache.ws.commons.schema.XmlSchemaAll
[WARNING] - org.apache.ws.commons.schema.XmlSchemaAnnotated
[WARNING] - 98 more...
[WARNING] woden-api-1.0M9.jar, woden-impl-commons-1.0M9.jar, woden-impl-dom-1.0M9.jar define 1 overlapping resource:
[WARNING] - META-INF/README
[WARNING] jackson-datatype-jsr310-2.12.1.jar, jackson-module-jaxb-annotations-2.12.1.jar define 1 overlapping resource:
[WARNING] - META-INF/services/com.fasterxml.jackson.databind.Module
[WARNING] jackson-core-2.13.2.jar, jackson-dataformat-xml-2.12.1.jar define 1 overlapping resource:
[WARNING] - META-INF/services/com.fasterxml.jackson.core.JsonFactory
[WARNING] jackson-databind-2.13.2.1.jar, jackson-dataformat-xml-2.12.1.jar define 1 overlapping resource:
[WARNING] - META-INF/services/com.fasterxml.jackson.core.ObjectCodec
[WARNING] jakarta.activation-api-1.2.1.jar, jakarta.xml.bind-api-2.3.2.jar define 2 overlapping resources:
[WARNING] - META-INF/LICENSE.md
[WARNING] - META-INF/NOTICE.md
[WARNING] applicationinsights-core-2.6.3.jar, httpclient-4.5.13.jar define 1 overlapping resource:
[WARNING] - mozilla/public-suffix-list.txt
[WARNING] jackson-core-2.13.2.jar, jackson-databind-2.13.2.1.jar define 1 overlapping classes:
[WARNING] - META-INF.versions.9.module-info
[WARNING] maven-shade-plugin has detected that some class files are
[WARNING] present in two or more JARs. When this happens, only one
[WARNING] single version of the class is copied to the uber jar.
[WARNING] Usually this is not harmful and you can skip these warnings,
[WARNING] otherwise try to manually exclude artifacts based on
[WARNING] mvn dependency:tree -Ddetail=true and the above output.
[WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/
[INFO] Replacing original artifact with shaded artifact.
[INFO] Replacing <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/org.wso2.choreo.connect.enforcer-1.2.0-m1-SNAPSHOT.jar> with <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/org.wso2.choreo.connect.enforcer-1.2.0-m1-SNAPSHOT-shaded.jar>
[INFO] Dependency-reduced POM written at: <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/dependency-reduced-pom.xml>
[INFO] Downloading from wso2.releases: https://maven.wso2.org/nexus/content/repositories/releases/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar
[INFO] Downloading from wso2-nexus: https://maven.wso2.org/nexus/content/groups/wso2-public/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar
[INFO] Downloaded from wso2-nexus: https://maven.wso2.org/nexus/content/groups/wso2-public/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar (41 kB at 28 kB/s)
[INFO]
[INFO] --- docker-maven-plugin:0.34.1:build (docker-build) @ org.wso2.choreo.connect.enforcer ---
[INFO] Reading assembly descriptor: <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/src/main/assembly/assembly.xml>
[WARNING] The assembly descriptor contains a filesystem-root relative reference, which is not cross platform compatible /
[WARNING] The assembly descriptor contains a filesystem-root relative reference, which is not cross platform compatible /
[INFO] Copying files to <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/docker/wso2/choreo-connect-enforcer/1.2.0-m1-SNAPSHOT/build/maven>
[INFO] Building tar: <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/docker/wso2/choreo-connect-enforcer/1.2.0-m1-SNAPSHOT/tmp/docker-build.tar>
[INFO] DOCKER> [wso2/choreo-connect-enforcer:1.2.0-m1-SNAPSHOT] "choreo-connect-enforcer": Created docker-build.tar in 959 milliseconds
[INFO] DOCKER> [wso2/choreo-connect-enforcer:1.2.0-m1-SNAPSHOT] "choreo-connect-enforcer": Built image sha256:b1359
[INFO] DOCKER> [wso2/choreo-connect-enforcer:1.2.0-m1-SNAPSHOT] "choreo-connect-enforcer": Removed old image sha256:a4581
[INFO]
[INFO] --- maven-install-plugin:2.5.2:install (default-install) @ org.wso2.choreo.connect.enforcer ---
[INFO] Installing <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/org.wso2.choreo.connect.enforcer-1.2.0-m1-SNAPSHOT.jar> to /build/jenkins-home/workspace/products/product-microgateway/.repository/org/wso2/choreo/connect/org.wso2.choreo.connect.enforcer/1.2.0-m1-SNAPSHOT/org.wso2.choreo.connect.enforcer-1.2.0-m1-SNAPSHOT.jar
[INFO] Installing <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/dependency-reduced-pom.xml> to /build/jenkins-home/workspace/products/product-microgateway/.repository/org/wso2/choreo/connect/org.wso2.choreo.connect.enforcer/1.2.0-m1-SNAPSHOT/org.wso2.choreo.connect.enforcer-1.2.0-m1-SNAPSHOT.pom
[INFO]
[INFO] --- dependency-check-maven:7.1.0:check (default-cli) @ org.wso2.choreo.connect.enforcer ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (16 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (7 seconds)
[INFO] Writing report to: <https://wso2.org/jenkins/job/products/job/product-microgateway/org.wso2.choreo.connect$org.wso2.choreo.connect.enforcer/ws/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Choreo Connect - Enforcer:
tomcat-embed-core-10.0.21.jar (pkg:maven/org.apache.tomcat.embed/tomcat-embed-core at 10.0.21, cpe:2.3:a:apache:tomcat:10.0.21:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:10.0.21:*:*:*:*:*:*:*) : CVE-2022-34305
zipkin-2.23.2.jar (pkg:maven/io.zipkin.zipkin2/zipkin at 2.23.2, cpe:2.3:a:pki-core_project:pki-core:2.23.2:*:*:*:*:*:*:*) : CVE-2022-2393
zipkin-reporter-2.16.3.jar (pkg:maven/io.zipkin.reporter2/zipkin-reporter at 2.16.3, cpe:2.3:a:pki-core_project:pki-core:2.16.3:*:*:*:*:*:*:*) : CVE-2022-2393
See the dependency-check report for more details.
More information about the Builder
mailing list