diff --git a/buildSrc/src/main/kotlin/pklHtmlValidator.gradle.kts b/buildSrc/src/main/kotlin/pklHtmlValidator.gradle.kts index 88213f90..69c9ed80 100644 --- a/buildSrc/src/main/kotlin/pklHtmlValidator.gradle.kts +++ b/buildSrc/src/main/kotlin/pklHtmlValidator.gradle.kts @@ -1,5 +1,5 @@ /* - * Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved. + * Copyright © 2024-2026 Apple Inc. and the Pkl project authors. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,25 +23,27 @@ val validatorConfiguration: Configuration = configurations.create("validator") { resolutionStrategy.eachDependency { if (requested.group == "log4j" && requested.name == "log4j") { - @Suppress("UnstableApiUsage") useTarget(buildInfo.libs.findLibrary("log4j12Api").get()) + useTarget(buildInfo.libs.findLibrary("log4j12Api").get()) because("mitigate critical security vulnerabilities") } } } dependencies { - @Suppress("UnstableApiUsage") validatorConfiguration(buildInfo.libs.findLibrary("nuValidator").get()) { - // we only want jetty-util and jetty-util-ajax (with the right version) - // couldn't find a more robust way to express this + // remove unnecessary dependencies + // (some of the requested versions don't even exist on Maven Central) + exclude(group = "org.eclipse.jetty", module = "jetty-alpn-client") exclude(group = "org.eclipse.jetty", module = "jetty-continuation") exclude(group = "org.eclipse.jetty", module = "jetty-http") - exclude(group = "org.eclipse.jetty", module = "jetty-io") exclude(group = "org.eclipse.jetty", module = "jetty-security") exclude(group = "org.eclipse.jetty", module = "jetty-server") exclude(group = "org.eclipse.jetty", module = "jetty-servlets") + exclude(group = "org.eclipse.jetty", module = "jetty-jakarta-servlet-api") + exclude(group = "org.eclipse.jetty.toolchain") exclude(group = "javax.servlet") - exclude(group = "commons-fileupload") + exclude(group = "org.apache.commons", module = "commons-fileupload2-core") + exclude(group = "org.apache.commons", module = "commons-fileupload2-jakarta-servlet5") } } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index b5b6ed1b..18a762ec 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -5,6 +5,7 @@ clikt = "5.+" commonMark = "0.+" downloadTaskPlugin = "5.6.0" geantyref = "1.+" +#noinspection UnusedVersionCatalogEntry googleJavaFormat = "1.35.0" # must not use `+` because used in download URL # 23.1.x requires JDK 20+ @@ -46,11 +47,11 @@ kotlinxSerialization = "1.8.1" kotlinxCoroutines = "1.+" ktfmt = "0.53" # replaces nuValidator's log4j dependency -# something related to log4j-1.2-api is apparently broken in 2.17.2 +# 2.17.1 is the last version compatible with nuValidator log4j = "2.17.1" msgpack = "0.9.8" nexusPublishPlugin = "2.0.0" -nuValidator = "20.+" +nuValidator = "26.+" paguro = "3.+" shadowPlugin = "9.+" slf4j = "1.+" @@ -82,6 +83,7 @@ jsr305 = { group = "com.google.code.findbugs", name = "jsr305", version.ref = "j junitApi = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "junit" } junitEngine = { group = "org.junit.jupiter", name = "junit-jupiter-engine", version.ref = "junit" } junitParams = { group = "org.junit.jupiter", name = "junit-jupiter-params", version.ref = "junit" } +#noinspection UnusedVersionCatalogEntry junitLauncher = { group = "org.junit.platform", name = "junit-platform-launcher", version.ref = "junit" } kotlinPlugin = { group = "org.jetbrains.kotlin", name = "kotlin-gradle-plugin", version.ref = "kotlin" } kotlinPoet = { group = "com.squareup", name = "kotlinpoet", version.ref = "kotlinPoet" } diff --git a/pkl-doc/gradle.lockfile b/pkl-doc/gradle.lockfile index 23016205..fddc107d 100644 --- a/pkl-doc/gradle.lockfile +++ b/pkl-doc/gradle.lockfile @@ -29,10 +29,9 @@ com.google.guava:guava:33.4.8-jre=testCompileClasspath,testImplementationDepende com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath com.google.j2objc:j2objc-annotations:3.0.0=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath com.google.jimfs:jimfs:1.3.1=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath -com.ibm.icu:icu4j:58.2=validator -com.shapesecurity:salvation:2.7.2=validator -commons-codec:commons-codec:1.10=validator -commons-io:commons-io:2.4=validator +com.ibm.icu:icu4j:75.1=validator +commons-codec:commons-codec:1.15=validator +commons-io:commons-io:2.15.1=validator commons-logging:commons-logging:1.2=validator io.github.java-diff-utils:java-diff-utils:4.12=kotlinInternalAbiValidation io.opentelemetry:opentelemetry-api:1.41.0=swiftExportClasspathResolvable @@ -41,14 +40,9 @@ isorelax:isorelax:20030108=validator net.bytebuddy:byte-buddy:1.18.3=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath net.java.dev.jna:jna:5.14.0=runtimeClasspath,testRuntimeClasspath net.sf.saxon:Saxon-HE:9.6.0-4=validator -nu.validator:cssvalidator:1.0.8=validator -nu.validator:galimatias:0.1.3=validator -nu.validator:htmlparser:1.4.16=validator -nu.validator:jing:20200702VNU=validator -nu.validator:langdetect:1.2=validator -nu.validator:validator:20.7.2=validator -org.apache.httpcomponents:httpclient:4.4=validator -org.apache.httpcomponents:httpcore:4.4=validator +nu.validator:validator:26.4.2=validator +org.apache.commons:commons-lang3:3.14.0=validator +org.apache.commons:commons-text:1.12.0=validator org.apache.logging.log4j:log4j-1.2-api:2.17.1=validator org.apache.logging.log4j:log4j-api:2.17.1=validator org.apiguardian:apiguardian-api:1.1.2=testCompileClasspath,testImplementationDependenciesMetadata @@ -60,8 +54,10 @@ org.bouncycastle:bcutil-jdk18on:1.80=kotlinBouncyCastleConfiguration org.checkerframework:checker-qual:3.43.0=swiftExportClasspathResolvable org.commonmark:commonmark-ext-gfm-tables:0.28.0=compileClasspath,implementationDependenciesMetadata,nativeImageClasspath,runtimeClasspath,testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath org.commonmark:commonmark:0.28.0=compileClasspath,implementationDependenciesMetadata,nativeImageClasspath,runtimeClasspath,testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath -org.eclipse.jetty:jetty-util-ajax:9.4.18.v20190429=validator -org.eclipse.jetty:jetty-util:9.4.18.v20190429=validator +org.eclipse.jetty:jetty-client:11.0.20=validator +org.eclipse.jetty:jetty-io:11.0.20=validator +org.eclipse.jetty:jetty-util:11.0.20=validator +org.glassfish:javax.json:1.1.4=validator org.graalvm.js:js-language:25.0.0=testRuntimeClasspath org.graalvm.js:js:25.0.0=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath org.graalvm.polyglot:polyglot:25.0.0=nativeImageClasspath,runtimeClasspath,testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath @@ -76,6 +72,7 @@ org.graalvm.shadowed:xz:25.0.0=testRuntimeClasspath org.graalvm.truffle:truffle-api:25.0.0=nativeImageClasspath,runtimeClasspath,testRuntimeClasspath org.graalvm.truffle:truffle-compiler:25.0.0=nativeImageClasspath,testRuntimeClasspath org.graalvm.truffle:truffle-runtime:25.0.0=nativeImageClasspath,testRuntimeClasspath +org.htmlunit:htmlunit-csp:4.22.0=validator org.jetbrains.kotlin:abi-tools-api:2.2.21=kotlinInternalAbiValidation org.jetbrains.kotlin:abi-tools:2.2.21=kotlinInternalAbiValidation org.jetbrains.kotlin:kotlin-build-tools-api:2.2.21=kotlinBuildToolsApiClasspath @@ -127,5 +124,6 @@ org.junit:junit-bom:6.0.3=testCompileClasspath,testImplementationDependenciesMet org.msgpack:msgpack-core:0.9.8=nativeImageClasspath,runtimeClasspath,testRuntimeClasspath org.opentest4j:opentest4j:1.3.0=testCompileClasspath,testImplementationDependenciesMetadata,testRuntimeClasspath org.organicdesign:Paguro:3.10.3=nativeImageClasspath,runtimeClasspath,testRuntimeClasspath +org.slf4j:slf4j-api:2.0.9=validator org.snakeyaml:snakeyaml-engine:2.10=nativeImageClasspath,runtimeClasspath,testRuntimeClasspath empty=annotationProcessor,compileOnlyDependenciesMetadata,intransitiveDependenciesMetadata,kotlinCompilerPluginClasspath,kotlinNativeCompilerPluginClasspath,kotlinScriptDefExtensions,shadow,signatures,sourcesJar,stagedAlpineLinuxAmd64Executable,stagedLinuxAarch64Executable,stagedLinuxAmd64Executable,stagedMacAarch64Executable,stagedMacAmd64Executable,stagedWindowsAmd64Executable,testAnnotationProcessor,testApiDependenciesMetadata,testCompileOnlyDependenciesMetadata,testIntransitiveDependenciesMetadata,testKotlinScriptDefExtensions diff --git a/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/classComments.pkl b/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/classComments.pkl index 5cbbac4d..46ef2872 100644 --- a/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/classComments.pkl +++ b/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/classComments.pkl @@ -1,6 +1,6 @@ /// The greatest breakthrough since ever. /// -/// ### Installation +/// ## Installation /// /// Just follow these simple steps: /// @@ -18,7 +18,7 @@ /// /// 😀😀😀 emoji day 😎😎😎 don't get 😡😡😡 /// -/// ### Code +/// ## Code /// /// The code is beautiful: /// @@ -39,7 +39,7 @@ /// } /// ``` /// -/// ### Random Tips +/// ## Random Tips /// /// - don't give up /// - just don't diff --git a/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/moduleComments.pkl b/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/moduleComments.pkl index a43beb68..7d8e4b52 100644 --- a/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/moduleComments.pkl +++ b/pkl-doc/src/test/files/DocGeneratorTest/input/com.package1/moduleComments.pkl @@ -1,6 +1,6 @@ /// The greatest breakthrough since ever. /// -/// ### Installation +/// ## Installation /// /// Just follow these simple steps: /// @@ -18,7 +18,7 @@ /// /// 😀😀😀 emoji day 😎😎😎 don't get 😡😡😡 /// -/// ### Code +/// ## Code /// /// The code is beautiful: /// diff --git a/pkl-doc/src/test/files/DocGeneratorTest/output/run-1/com.package1/1.2.3/classComments/index.html b/pkl-doc/src/test/files/DocGeneratorTest/output/run-1/com.package1/1.2.3/classComments/index.html index 035a74f6..81791d7e 100644 --- a/pkl-doc/src/test/files/DocGeneratorTest/output/run-1/com.package1/1.2.3/classComments/index.html +++ b/pkl-doc/src/test/files/DocGeneratorTest/output/run-1/com.package1/1.2.3/classComments/index.html @@ -48,7 +48,7 @@ -