serverlessworkflow / sdk-java Goto Github PK
View Code? Open in Web Editor NEWJava SDK for Serverless Workflow
Home Page: http://serverlessworkflow.io
License: Apache License 2.0
Java SDK for Serverless Workflow
Home Page: http://serverlessworkflow.io
License: Apache License 2.0
What happened:
Cannot find dataOnly
attribute in EventDefinition
What you expected to happen:
EventDefinition
to have a boolean dataOnly
attribute as specified in the spec https://github.com/serverlessworkflow/specification/blob/main/specification.md#event-definition
How to reproduce it:
This is the decompiled EventDefinition
class in version 4.0.2
package io.serverlessworkflow.api.events;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.validation.Valid;
import javax.validation.constraints.Size;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonPropertyDescription;
import com.fasterxml.jackson.annotation.JsonPropertyOrder;
import com.fasterxml.jackson.annotation.JsonValue;
import io.serverlessworkflow.api.correlation.CorrelationDef;
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonPropertyOrder({
"name",
"source",
"type",
"correlation",
"kind",
"metadata"
})
public class EventDefinition implements Serializable
{
/**
* Event Definition unique name
*
*/
@JsonProperty("name")
@JsonPropertyDescription("Event Definition unique name")
@Size(min = 1)
private java.lang.String name;
/**
* CloudEvent source UUID
*
*/
@JsonProperty("source")
@JsonPropertyDescription("CloudEvent source UUID")
private java.lang.String source;
/**
* CloudEvent type
*
*/
@JsonProperty("type")
@JsonPropertyDescription("CloudEvent type")
private java.lang.String type;
/**
* CloudEvent correlation definitions
*
*/
@JsonProperty("correlation")
@JsonPropertyDescription("CloudEvent correlation definitions")
@Size(min = 1)
@Valid
private List<CorrelationDef> correlation = new ArrayList<CorrelationDef>();
/**
* Defines the events as either being consumed or produced by the workflow. Default is consumed
*
*/
@JsonProperty("kind")
@JsonPropertyDescription("Defines the events as either being consumed or produced by the workflow. Default is consumed")
private EventDefinition.Kind kind = EventDefinition.Kind.fromValue("consumed");
/**
* Metadata
*
*/
@JsonProperty("metadata")
@JsonPropertyDescription("Metadata")
@Valid
private Map<String, String> metadata;
private final static long serialVersionUID = -7106400632209024391L;
/**
* Event Definition unique name
*
*/
@JsonProperty("name")
public java.lang.String getName() {
return name;
}
/**
* Event Definition unique name
*
*/
@JsonProperty("name")
public void setName(java.lang.String name) {
this.name = name;
}
public EventDefinition withName(java.lang.String name) {
this.name = name;
return this;
}
/**
* CloudEvent source UUID
*
*/
@JsonProperty("source")
public java.lang.String getSource() {
return source;
}
/**
* CloudEvent source UUID
*
*/
@JsonProperty("source")
public void setSource(java.lang.String source) {
this.source = source;
}
public EventDefinition withSource(java.lang.String source) {
this.source = source;
return this;
}
/**
* CloudEvent type
*
*/
@JsonProperty("type")
public java.lang.String getType() {
return type;
}
/**
* CloudEvent type
*
*/
@JsonProperty("type")
public void setType(java.lang.String type) {
this.type = type;
}
public EventDefinition withType(java.lang.String type) {
this.type = type;
return this;
}
/**
* CloudEvent correlation definitions
*
*/
@JsonProperty("correlation")
public List<CorrelationDef> getCorrelation() {
return correlation;
}
/**
* CloudEvent correlation definitions
*
*/
@JsonProperty("correlation")
public void setCorrelation(List<CorrelationDef> correlation) {
this.correlation = correlation;
}
public EventDefinition withCorrelation(List<CorrelationDef> correlation) {
this.correlation = correlation;
return this;
}
/**
* Defines the events as either being consumed or produced by the workflow. Default is consumed
*
*/
@JsonProperty("kind")
public EventDefinition.Kind getKind() {
return kind;
}
/**
* Defines the events as either being consumed or produced by the workflow. Default is consumed
*
*/
@JsonProperty("kind")
public void setKind(EventDefinition.Kind kind) {
this.kind = kind;
}
public EventDefinition withKind(EventDefinition.Kind kind) {
this.kind = kind;
return this;
}
/**
* Metadata
*
*/
@JsonProperty("metadata")
public Map<String, String> getMetadata() {
return metadata;
}
/**
* Metadata
*
*/
@JsonProperty("metadata")
public void setMetadata(Map<String, String> metadata) {
this.metadata = metadata;
}
public EventDefinition withMetadata(Map<String, String> metadata) {
this.metadata = metadata;
return this;
}
public enum Kind {
CONSUMED("consumed"),
PRODUCED("produced");
private final java.lang.String value;
private final static Map<java.lang.String, EventDefinition.Kind> CONSTANTS = new HashMap<java.lang.String, EventDefinition.Kind>();
static {
for (EventDefinition.Kind c: values()) {
CONSTANTS.put(c.value, c);
}
}
private Kind(java.lang.String value) {
this.value = value;
}
@Override
public java.lang.String toString() {
return this.value;
}
@JsonValue
public java.lang.String value() {
return this.value;
}
@JsonCreator
public static EventDefinition.Kind fromValue(java.lang.String value) {
EventDefinition.Kind constant = CONSTANTS.get(value);
if (constant == null) {
throw new IllegalArgumentException(value);
} else {
return constant;
}
}
}
}
Anything else we need to know?:
Environment:
What would you like to be added:
Improve validation (https://github.com/serverlessworkflow/sdk-java/blob/main/validation/src/main/java/io/serverlessworkflow/validation/WorkflowValidatorImpl.java) to include more checks.
Why is this needed:
Currently only a small portion of the DSL is being validated by workflow validation
List of checks to add:
What happened:
When trying to parse something like:
{
"id": "petstore",
"version": "1.0",
"name": "Send CloudEvent after creating Pluto",
"events": [
{
"name": "Complete",
"type": "complete",
"kind": "produced"
}
],
"functions": [
{
"name": "addPet",
"operation": "openapi/specs/petstore.json#addPet"
}
],
"states": [
{
"name": "AddPluto",
"type": "operation",
"start": true,
"actions": [
{
"functionRef": {
"refName": "addPet",
"parameters": {
"body": {
"name": "Pluto"
}
}
}
}
],
"end": {
"produceEvents": [
{
"eventRef": "Complete"
}
]
}
}
]
}
This operation is expecting a parameter of type Pet, which is something like:
"Pet": {
"type": "object",
"required": [
"name",
"photoUrls"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"category": {
"$ref": "#/definitions/Category"
},
"name": {
"type": "string",
"example": "doggie"
},
"photoUrls": {
"type": "array",
"xml": {
"wrapped": true
},
"items": {
"type": "string",
"xml": {
"name": "photoUrl"
}
}
},
"tags": {
"type": "array",
"xml": {
"wrapped": true
},
"items": {
"xml": {
"name": "tag"
},
"$ref": "#/definitions/Tag"
}
},
"status": {
"type": "string",
"description": "pet status in the store",
"enum": [
"available",
"pending",
"sold"
]
}
},
"xml": {
"name": "Pet"
}
}
It's a complex type for this input parameter, as defined in the specification:
"parameters": [
{
"in": "body",
"name": "body",
"description": "Pet object that needs to be added to the store",
"required": true,
"schema": {
"$ref": "#/definitions/Pet"
}
}
],
The SDK should parse this as a JSON object, but instead, I'm getting two parameters like body: {
and name: Pluto
.
What you expected to happen:
Two have only one parameter of type JSON.
How to reproduce it:
Just try to parse the mentioned spec.
Anything else we need to know?:
Nops
Environment: Linux/IntelliJ
Specification version used: 0.5
What happened:
@tsurdilo Following our discussion on the spec repo, it configured my unit tests to run the examples.
My tests fail with the booklending.json file, because an ISO 8601 duration is I believe in an invalid format: PT2W instead of P2W. Am I correct to assume it is a typo?
What you expected to happen:
When ISO 8601 values specify a period of time, they should be prefixed with 'P' instead of 'PT'
How to reproduce it:
Read the 'timeDelay' property with an ISO 8601 duration parser.
I found some inconsistencies between the JSON schemas and the specification.
Can you please clarify which one is correct so I can submit a fix?
Spec version: 0.8
Property | Schema | Specification |
---|---|---|
id |
Required | Required if key not defined |
name |
Required | Not required |
version |
Required | Not required |
Property | Schema | Specification |
---|---|---|
default |
Required | defaultCondition is required. Seems to be a typo |
Property | Schema | Specification |
---|---|---|
transition |
Required | transition (x)or end is required |
Property | Schema | Specification |
---|---|---|
actions |
Not required | Required |
Property | Schema | Specification |
---|---|---|
actions |
Not required | Required |
Property | Schema | Specification |
---|---|---|
actions |
Not required | Required |
Property | Schema | Specification |
---|---|---|
error |
Required | error is not a property |
transition |
Required | transition or end is required |
Property | Schema | Specification |
---|---|---|
maxAttempts |
Required | Not required |
Property | Schema | Specification |
---|---|---|
kind |
Required | Not a property |
What would you like to be added:
Currently, this yaml
taskList:
type: array
items:
type: object
title: TaskItem
minProperties: 1
maxProperties: 1
additionalProperties:
$ref: '#/$defs/task'
is translated to
@Generated("jsonschema2pojo")
public class TaskItem implements Serializable
{
@JsonIgnore
@Valid
private Map<String, Task> additionalProperties = new LinkedHashMap<String, Task>();
private final static long serialVersionUID = 2309610577983775837L;
@JsonAnyGetter
public Map<String, Task> getAdditionalProperties() {
return this.additionalProperties;
}
@JsonAnySetter
public void setAdditionalProperty(String name, Task value) {
this.additionalProperties.put(name, value);
}
public TaskItem withAdditionalProperty(String name, Task value) {
this.additionalProperties.put(name, value);
return this;
}
}
which ideally should be
@Generated("jsonschema2pojo")
public class TaskItem implements Serializable
{
@JsonIgnore
@Valid
private Map<String, Task> additionalProperties = new LinkedHashMap<String, Task>();
private final static long serialVersionUID = 2309610577983775837L;
private String name;
private Task task;
public Task getTask() {
return task;
}
public void setTask(Task task) {
this.task = task;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
Why is this needed:
To make API more usable
What would you like to be added:
A check that throws a parsin error if default condition is not there for swith state
Why is this needed:
To avoid different runtimes to implement that check
What happened:
spec defines annotations
attribute on the workflow but it does not exist in the SDK
https://github.com/serverlessworkflow/specification/blob/main/specification.md#Workflow-Definition-Structure
What you expected to happen:
annotations
should be available in SDK
How to reproduce it:
use SDK to parse any workflow that uses annotations
attribute, it won't be available
What would you like to be added:
A fluent API to easily write workflow definitions programatically
Why is this needed:
The builders generated by the json schema parser are cool, but too verbose. It will better to build a wrapper API, which, using these builders internally, is more "fluent"
What happened:
When trying to create a Workflow object to convert it to JSON or YAML, the Start object is not properly formatted. I get an output like:
id: "helloworld"
name: "Hello World Workflow"
description: "Inject Hello World"
version: "1.0"
start: "io.serverlessworkflow.api.start.Start@66b6873f"
or in JSON:
{
"id" : "helloworld",
"name" : "Hello World Workflow",
"description" : "Inject Hello World",
"version" : "1.0",
"start" : "io.serverlessworkflow.api.start.Start@66b6873f",
What you expected to happen:
The output in YAML should be something like:
start:
stateName: Hello State
or
start: Hello State
How to reproduce it:
Workflow workflow =
new Workflow()
.withId(...)
.withName(...)
.withVersion(...)
.withStates(states)
.withSpecVersion(...)
.withDescription(...);
Start start = new Start();
start.setStateName("Hello State");
workflow.withStart(start);
System.out.println(Workflow.toJson(workflow));
System.out.println(Workflow.toYaml(workflow));
There is a state with that same name on the list of states, which is properly formatted:
"states" : [ {
"data" : {
"result" : "Hello World!"
},
"usedForCompensation" : false,
"name" : "Hello State",
"type" : "inject",
"onErrors" : [ ]
} ]
My full formatted output in YAML is:
{
"id" : "helloworld",
"name" : "Hello World Workflow",
"description" : "Inject Hello World",
"version" : "1.0",
"start" : "io.serverlessworkflow.api.start.Start@c4cceb",
"specVersion" : "0.8",
"expressionLang" : "jq",
"events" : [ ],
"functions" : [ ],
"retries" : [ ],
"errors" : [ ],
"secrets" : [ ],
"states" : [ {
"data" : {
"result" : "Hello World!"
},
"usedForCompensation" : false,
"name" : "Hello State",
"type" : "inject",
"onErrors" : [ ]
} ]
}
Anything else we need to know?:
I don't think so.
Environment:
4.0.1.Final
What would you like to be added:
Add utility methods that implementors can use instead of having to write it themselves.
Ideas such as:
What would you like to be added:
The 'key' property is missing in the sdk.
Why is this needed:
https://github.com/serverlessworkflow/specification/blob/main/specification.md#workflow-definition-structure
Hi, I was trying to upgrade the SDK's dependency from 4.0.3-FINAL
to 5.0.0-SNAPSHOT
but before I do that, I wanted to know if are there any breaking changes etc. I tried searching for the release notes but could not find it. Can someone help?
ignore
Given:
Workflow definition to be validated
{
"id": "workflow_1",
"name": "workflow_1",
"description": "workflow_1",
"version": "1.0",
"specVersion": "0.8",
"start": "Task1",
"functions": [
{
"name": "increment",
"type": "custom",
"operation": "worker"
}
],
"retries": [
{
"maxAttempts": 3
}
],
"states": [
{
"name": "Task1",
"type": "operation",
"actionMode": "sequential",
"actions": [
{
"functionRef": {
"refName": "increment",
"arguments": {
"input": "some text"
}
},
"retryRef": "const",
"actionDataFilter": {
"toStateData": "${ .result }"
}
}
],
"end": true
}
]
}
Expected result:
Validation failed (because of name
of RetryDefinition
missed)
Actual result:
Validation passed.
The same result(validation passed) if 'name' field is empty or/and maxAttempts
not defined.
According to specification 'name ' is required and maxAttempts
not.
But in the retrydef.json
schema they are required both.
Could you please support us in this question? May be we miss something?
What happened:
Currently, the SDK model defines data conditions of switch states as requiring a transition, this doesn't match the spec as it's outlined that either end or transition can be specified
Spec: https://github.com/serverlessworkflow/specification/blob/0.8.x/specification.md#switch-state-data-conditions
Implementation:
What you expected to happen:
SDK adheres to spec as defined
https://github.com/serverlessworkflow/specification/blob/0.8.x/specification.md#switch-state-data-conditions
Environment:
What happened:
Don't create SVG. This is the output SVG for "helloworld"
What you expected to happen:
this output is expected or something like that
How to reproduce it:
When to use WorkflowDiagramTest.testSpecExamplesParsing
Anything else we need to know?:
Not yet
Environment:
Java 11
Apache Maven 3.8.6
What happened:
See https://mvnrepository.com/artifact/io.serverlessworkflow/serverlessworkflow-api/4.0.3.Final
CVEs:
Anything else we need to know?:
Also, we need to cherry-pick the last CVE fixed here #193
Environment:
What happened:
Dependency org.json
is a transitive dependency from everit-json-schema
that has vulnerabilities (CVE Name: Cx78f40514-81ff)
The everit-json-schema
maintainer released a new version fixing it: https://github.com/everit-org/json-schema/releases
What would you like to be added:
Reactive api rest for get SVG
Why is this needed:
Interact with the application without unit tests
Spring Boot 3 is out and Quarkus 3 should be really soon and both frameworks migrated to jakarta libraries.
Would it be possible to update the codebase to use jakarta in the next version ?
Or try to maintain 2 versions: one with javax and one with jakarta ?
The problem is mainly with the validation-api
library dependency
timeouts update - serverlessworkflow/specification@53e932c
What is the question:
In serverless workflow specification EventRef Definition has "produceEventRef", "consumeEventRef", "consumeEventTimeout" properties.
https://github.com/serverlessworkflow/specification/blob/main/specification.md#eventref-definition
How can I use these properties in sdk-java?
Where to find 7.0.0.Final build:
Hi,
Maven repository only shows 5.0.0.Final build
But the Readme documentation mentions 7.0.0.Final.
Where can we use that build from?
What would you like to be added:
We should define better code formatting and license header checks
Why is this needed:
What happened: A Workflow object does not contain the events property,when use Workflow.tojson() generate JSON strings,The strings contains “ errors:[]”. If you use workflowValidator.setSource("WORKFLOW_MODEL_JSON").isValid(), you can get an error massage, such as "msg": "[{"message":"#/errors: expected type: JSONObject, found: JSONArray","type":"schemavalidation"}]"
What you expected to happen:
The Json strings do not contain " errors :[]", or validate success
How to reproduce it:
Anything else we need to know?:
Environment:
What would you like to be added:
Add more options to diagram generation. Some ideas include
What would you like to be added:
Replace harcoded serializers by automatically generated ones
Why is this needed:
Current de/serializers are hardcoded, which is error promt
What is the question:
GrantType "resourceOwner" is not supported by 4.0.5 java sdk but the spec 0.8 refers to "resourceOwner" for userName field
https://github.com/serverlessworkflow/specification/blob/0.8.x/specification.md#oauth2-properties-definition
https://github.com/serverlessworkflow/specification/blob/0.8.x/schema/auth.json#L191
public static enum GrantType {
PASSWORD("password"),
CLIENT_CREDENTIALS("clientCredentials"),
TOKEN_EXCHANGE("tokenExchange");
private final String value;
What happened: grantType "resourceOwner" mentioned in 0.8 but not supported in sdk
What you expected to happen: resourceOwner support should be present
How to reproduce it: Add grantType as "resourceOwner"
Anything else we need to know?:
Environment:
What happened:
Spec version 0.6 defines that retries have increment - a static value appended to each retry attempt but it does not existing is Java SDK. Most likely caused by not having it defined in the def json file https://github.com/serverlessworkflow/sdk-java/blob/main/api/src/main/resources/schema/retry/retrydef.json
What you expected to happen:
Increment should be part of retry definition of Java SDK
How to reproduce it:
just use Java SDK and look at the retry definition
What happened:
The artifact published into maven central repository seems that is not compiled with the latest changes.
How to reproduce it:
Download the binary from:
And review if the latest changes are applied.
For example, If you go to WorkflowValidatorImpl.java
file to line 333, the code must be the next:
if (!haveFunctionDefinition(
callbackState.getAction().getFunctionRef().getRefName(), functions)) {
addValidationError(
"CallbackState action function ref does not reference a defined workflow function definition",
ValidationError.WORKFLOW_VALIDATION);
}
But the code seems that is the old version.
Environment:
What happened:
Validation passed
What you expected to happen:
Validation Fail
How to reproduce it:
use this yaml for validation
id: Test
version: "1.0"
specVersion: "0.8"
name: Test
description: Test
functions:
- name: Test
states:
- name: TestingForEach
type: foreach
inputCollection: "${ .archives }"
iterationParam: archive
outputCollection: "${ .output}"
actions:
- functionRef:
refName: DoesNotExist
end:
terminate: true
Anything else we need to know?:
for type operation
, the functionRef will be checked against the list of functions
provided at the top of the file however the validation is missing if the type is foreach
Environment:
What would you like to be added:
We would like to remove the unnecessary <version>${project.parent.version}</version>
tags from the pom.xml files in this repository, namely:
Why is this needed:
Maven already takes the parent version by default if not specified. Additionally the pom is less cluttered without it and it also sometimes breaks our automation, which doesn't expect this.
What would you like to be added:
Make Java SDK compatible with new DSL
Why is this needed:
This is needed to be able to operate with files following the new DSL
Originally posted by mahith2108 May 23, 2024
Hi,
we are using Java sdk version "4.0.5.Final" and spec version: 0.8 as suggested (https://github.com/serverlessworkflow/sdk-java)
I am trying to define Oauth properties using "auth" field in my spec as follows based on serverlessworkflow/specification#675
"auth":[
{ "name" : "serviceCloud",
"scheme": "oauth2",
"properties":{
"scopes": ["$$$$XXXMMMMM"],
"audiences":["%%%XXXXXXX"]
}
}]
while parsing the spec using Workflow.fromSource("")
I am getting following error.
Could not convert markup to Workflow: Unrecognized field "scopes" (class io.serverlessworkflow.api.auth.BasicAuthDefinition), not marked as ignorable (3 known properties: "password", "username", "metadata"])
at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: io.serverlessworkflow.api.Workflow["auth"]->io.serverlessworkflow.api.auth.BasicAuthDefinition["scopes"])
we have tried following spec as well but the authDefinition.getOauth() is coming as null.
"auth":[
{ "name" : "serviceCloud",
"scheme": "oauth2",
"oauth":{
"scopes": ["%%%%%X"],
"audiences":["%%%XXXXXX"]
}
}]
@JsonPropertyOrder({"name", "scheme", "basicauth", "bearerauth", "oauth"})
public class AuthDefinition implements Serializable {
i am trying compile SDK java but i was getting error because IDE not found JAR.
For example:
import io.serverlessworkflow.api.Workflow;
import io.serverlessworkflow.api.actions.Action;
import io.serverlessworkflow.api.auth.AuthDefinition;
import io.serverlessworkflow.api.branches.Branch;
this jar not exists in the dependency maven.
I want to become contributor but i not know how compile SDK and use.
the readme document is not enough. something is missing
Thanks
This is a follow up of #359. The purpose is to add validation besides the one provided by the generator.
I think that the CallbackState validation is incorrect
This line must be negated, isn't?
Modern server-side Java template engine for both web and standalone environments
Library home page: http://www.thymeleaf.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar
Found in HEAD commit: 732482701d91b4e904df6d61ecb1097ad4243016
CVE | Severity | Dependency | Type | Fixed in (thymeleaf version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2023-38286 | 7.5 | thymeleaf-3.0.11.RELEASE.jar | Direct | de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Modern server-side Java template engine for both web and standalone environments
Library home page: http://www.thymeleaf.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 732482701d91b4e904df6d61ecb1097ad4243016
Found in base branch: main
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
Publish Date: 2023-07-14
URL: CVE-2023-38286
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-7gj7-224w-vpr3
Release Date: 2023-07-14
Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE
Step up your Open Source Security Game with Mend here
What is the question:
online editor:https://serverlessworkflow.io/editor.html ,the state name cannot have spaces.
But in the examples,https://github.com/serverlessworkflow/specification/tree/main/examples#hello-world-example, there are spaces in state name
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
CVE | Severity | Dependency | Type | Fixed in (serverlessworkflow-api version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-1471 | 9.8 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2022-42004 | 7.5 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2022-42003 | 7.5 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2017-18640 | 7.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2022-25857 | 7.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2020-36518 | 7.5 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2020-25649 | 7.5 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2021-46877 | 7.5 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2022-41854 | 6.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2022-38752 | 6.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2022-38751 | 6.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
CVE-2022-38749 | 6.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ | |
WS-2021-0616 | 5.9 | jackson-databind-2.10.3.jar | Transitive | N/A* | ❌ | |
CVE-2022-38750 | 5.5 | snakeyaml-1.24.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Publish Date: 2022-12-01
URL: CVE-2022-1471
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
Release Date: 2022-12-01
Fix Resolution: org.yaml:snakeyaml:2.0
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Publish Date: 2022-10-02
URL: CVE-2022-42004
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1
Publish Date: 2022-10-02
URL: CVE-2022-42003
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640
Release Date: 2019-12-12
Fix Resolution: org.yaml:snakeyaml:1.26
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Publish Date: 2022-08-30
URL: CVE-2022-25857
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
Release Date: 2022-08-30
Fix Resolution: org.yaml:snakeyaml:1.31
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.
Publish Date: 2022-03-11
URL: CVE-2020-36518
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-03-11
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Publish Date: 2020-12-03
URL: CVE-2020-25649
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-12-03
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Publish Date: 2023-03-18
URL: CVE-2021-46877
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-46877
Release Date: 2023-03-18
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Publish Date: 2022-11-11
URL: CVE-2022-41854
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/
Release Date: 2022-11-11
Fix Resolution: org.yaml:snakeyaml:1.32
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Publish Date: 2022-09-05
URL: CVE-2022-38752
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9w3m-gqgf-c4p9
Release Date: 2022-09-05
Fix Resolution: org.yaml:snakeyaml:1.32
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38751
Base Score Metrics:
Type: Upgrade version
Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
Release Date: 2022-09-05
Fix Resolution: org.yaml:snakeyaml:1.31
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38749
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
Release Date: 2022-09-05
Fix Resolution: org.yaml:snakeyaml:1.31
Step up your Open Source Security Game with Mend here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /spi/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
FasterXML jackson-databind before 2.12.6 and 2.13.1 there is DoS when using JDK serialization to serialize JsonNode.
Publish Date: 2021-11-20
URL: WS-2021-0616
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-11-20
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1
Step up your Open Source Security Game with Mend here
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /diagram/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar
Dependency Hierarchy:
Found in HEAD commit: 81f69282b99cdc8d585d0687ff8f6e4d144b6af4
Found in base branch: main
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38750
Base Score Metrics:
Type: Upgrade version
Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
Release Date: 2022-09-05
Fix Resolution: org.yaml:snakeyaml:1.31
Step up your Open Source Security Game with Mend here
POJOs are being generated with initialized collections by default. This causes properties not set in the workflow to be unmarshaled to empty collections.
For instance, given the following JSON:
{
"id": "helloworld",
"annotations": ["hello", "world"]
}
getAnnotations()
should return a collection with two objects. This is working as expected.
Given the followin JSON:
{
"id": "helloworld",
"annotations": []
}
getAnnotations()
should return an empty collection. This is also working as expected.
Given the followin JSON:
{
"id": "helloworld"
}
getAnnotations()
should return null
, but currently it's returning an empty collection. Here's the problem.
This is a problem because there are properties that aren't required, but when present, they should not be empty.
Translating this to Java:
Value | Valid |
---|---|
null |
Yes |
empty | No |
not empty | Yes |
To fix this behavior, we just need to set initializeCollections to false
in pom.xml.
But, this change can break compatibility, since methods that today never return null
might return null
after the change, which may cause NullPointerExceptions
to users.
So, what do you guys think? Can I submit a PR to fix this issue?
What would you like to be added:
For States which have actions associated in an array, a way to look at the actions in detail or atleast the names of the actions.
Right now, the diagram is linear. For ex: If there is a Parallel State, with 3 flows , the SVG generated just has a box, that says number of actions = 3.Similarly for Event state, if there are actions it just lists the number of actions.
May be a collapsible box, which when clicked shows more details.
Why is this needed:
One of the reasons to have an SVG, is to make it easier to understand the steps in the logic. It would be nice if we can dig into details on the diagram itself rather than going into the JSON to figure out what detailed actions, are associated with a State.
I talked about this on the slack channel. The link to the conversation is here.
@tsurdilo created a gist for it here.
I would enhance that with a Merge step as well, which show cases that with the default strategy of "and" as completion, the workflow will wait for all to finish and merge the results from each of the flows before passing them as data to the subsequent downstream tasks.
What is the question:
I followed the guide for v4.0.x but am having issues relating to the gradle build, can someone assist me in resolving this error?
Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
> Could not resolve com.fasterxml.jackson.core:jackson-annotations:3.0-SNAPSHOT.
Required by:
project : > io.serverlessworkflow:serverlessworkflow-api:4.0.2.Final > com.fasterxml.jackson.core:jackson-databind:3.0.0-SNAPSHOT:20220708.234610-2817
project : > io.serverlessworkflow:serverlessworkflow-api:4.0.2.Final > com.fasterxml.jackson.core:jackson-core:3.0.0-SNAPSHOT:20220711.031917-1199 > com.fasterxml.jackson:jackson-bom:3.0.0-SNAPSHOT:20220526.172315-155
> Could not resolve com.fasterxml.jackson.core:jackson-annotations:3.0-SNAPSHOT.
> Could not parse POM https://oss.sonatype.org/content/repositories/snapshots/com/fasterxml/jackson/core/jackson-annotations/3.0-SNAPSHOT/jackson-annotations-3.0-20220803.174657-62.pom
> Could not find tools.jackson:jackson-base:3.0.0-SNAPSHOT.
Searched in the following locations:
- https://repo.maven.apache.org/maven2/tools/jackson/jackson-base/3.0.0-SNAPSHOT/maven-metadata.xml
- https://repo.maven.apache.org/maven2/tools/jackson/jackson-base/3.0.0-SNAPSHOT/jackson-base-3.0.0-SNAPSHOT.pom
- https://oss.sonatype.org/content/repositories/snapshots/tools/jackson/jackson-base/3.0.0-SNAPSHOT/maven-metadata.xml
- https://oss.sonatype.org/content/repositories/snapshots/tools/jackson/jackson-base/3.0.0-SNAPSHOT/jackson-base-3.0.0-SNAPSHOT.pom
Possible solution:
- Declare repository providing the artifact, see the documentation at https://docs.gradle.org/current/userguide/declaring_repositories.html
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.