小贝子编程

Closure Compiler语言 - Protobuf vulnerability



我们使用的是Java 8,支持Java 8的闭包编译器的最大标签是v20220502,现在这个标签中使用的protobuf-java版本是3.17.0. 即提到的是protobuf_proto_rulesWORKSPACE.bazel

http_archive(
name = "protobuf_proto_rules",
# output from `sha256sum` on the downloaded tar.gz file
sha256 = "66bfdf8782796239d3875d37e7de19b1d94301e8972b3cbd2446b332429b4df1",
strip_prefix = "rules_proto-4.0.0",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_proto/archive/refs/tags/4.0.0.tar.gz",
"https://github.com/bazelbuild/rules_proto/archive/refs/tags/4.0.0.tar.gz",
],
)

我们想使用https://github.com/bazelbuild/rules_proto/blob/5.3.0-21.7/proto/private/dependencies.bzl3.21.7的protobuf_java版本所以我们编辑了WORKSPACE.bazel这样的

http_archive(
name = "protobuf_proto_rules",
sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
strip_prefix = "rules_proto-5.3.0-21.7",
urls = [
"https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
],
)

之后出现以下错误
Starting local Bazel server and connecting to it...
ERROR: Traceback (most recent call last):
File "C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/private/rules_impl/cc_flags_supplier.bzl", line 16, column 76, in <toplevel>
load("@bazel_tools//tools/cpp:toolchain_utils.bzl", "find_cpp_toolchain", "use_cpp_toolchain")
Error: file '@bazel_tools//tools/cpp:toolchain_utils.bzl' does not contain symbol 'use_cpp_toolchain' (did you mean 'find_cpp_toolchain'?)
ERROR: While resolving toolchains for target //:compiler_unshaded: com.google.devtools.build.lib.packages.BuildFileContainsErrorsException: error loading package '@bazel_tools//tools/cpp': in C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/defs.bzl: Extension file 'cc/private/rules_impl/cc_flags_supplier.bzl' has errors
ERROR: Analysis of target '//:compiler_unshaded_deploy.jar' failed; build aborted: com.google.devtools.build.lib.packages.BuildFileContainsErrorsException: error loading package '@bazel_tools//tools/cpp': in C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/defs.bzl: Extension file 'cc/private/rules_impl/cc_flags_supplier.bzl' has errors
INFO: Elapsed time: 5.810s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (2 packages loaded, 0 targets configured)

如何将protobuf_java版本升级到3.21.7

我们已经在WORKSPACE的开头添加了新的protobuf规则。巴泽尔和它解决了使用的问题。下面是v20220502

使用的文件
workspace(name = "com_google_javascript_jscomp")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
RULES_JVM_EXTERNAL_TAG = "4.2"
RULES_JVM_EXTERNAL_SHA = "cd1a77b7b02e8e008439ca76fd34f5b07aecb8c752961f9640dea15e9e5ba1ca"
http_archive(
name = "rules_jvm_external",
strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
sha256 = RULES_JVM_EXTERNAL_SHA,
url = "https://github.com/bazelbuild/rules_jvm_external/archive/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)
#
# To update google_bazel_common, locate the git commit to depend on and
# use something like the following to determine the sha256
#  curl -L https://github.com/google/bazel-common/archive/<git-commit-id>.zip |
#  sha256
#
#
http_archive(
name = "protobuf_proto_rules",
sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
strip_prefix = "rules_proto-5.3.0-21.7",
urls = [
"https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
],
)
load("@protobuf_proto_rules//proto:repositories.bzl", "rules_proto_dependencies", "rules_proto_toolchains")
rules_proto_dependencies()
rules_proto_toolchains()
http_archive(
name = "google_bazel_common",
# output from `sha256sum` on the downloaded zip file
sha256 = "cb37c4977b01311f72157897b1b180b6caf2fc88336ee64b39152af61f8708a9",
strip_prefix = "bazel-common-82a7dd0f4cd8593fdaa40d65a1fa820b14ff3493",
urls = [
"https://github.com/google/bazel-common/archive/82a7dd0f4cd8593fdaa40d65a1fa820b14ff3493.zip",
],
)
load("@google_bazel_common//:workspace_defs.bzl", "google_common_workspace_rules", "maven_import")
google_common_workspace_rules()
maven_import(
# http://args4j.kohsuke.org/index.html
group_id = "args4j",
artifact_id = "args4j",
version = "2.33",
sha256 = "91ddeaba0b24adce72291c618c00bbdce1c884755f6c4dba9c5c46e871c69ed6",
licenses = ["notice"],
)
maven_import(
# https://github.com/java-diff-utils/java-diff-utils
group_id = "io.github.java-diff-utils",
artifact_id = "java-diff-utils",
version = "4.0",
sha256 = "810232374e76a954949f0e2185cd7d9515addb918cf3da3481f77e07c356b49a",
licenses = ["notice"],
)
maven_import(
# https://github.com/google/gson
group_id = "com.google.code.gson",
artifact_id = "gson",
version = "2.9.0",
sha256 = "c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d",
licenses = ["notice"],
)
maven_import(
# https://github.com/google/re2j
group_id ="com.google.re2j",
artifact_id = "re2j",
version ="1.3",
sha256 = "d8040fa1c54c1ce208199015b6e599ec2ef37b7780f8f55a8b4b4b4299bade19",
licenses = ["notice"],
)
maven_import(
# https://ant.apache.org/
group_id ="org.apache.ant",
artifact_id = "ant",
version ="1.10.12",
sha256 = "5c6a438c3ebe7a306eba452b09fa307b0e60314926177920bca896c4a504eaf6",
licenses = ["notice"],
)
maven_import(
# https://truth.dev/protobufs
group_id = "com.google.truth.extensions",
artifact_id = "truth-liteproto-extension",
version = "1.1",
sha256 = "f637de4743194a870316a55a1c50c89638355a2323d96b6ced363a22d6ced316",
licenses = ["notice"],
)
maven_import(
# https://truth.dev/protobufs
group_id = "com.google.truth.extensions",
artifact_id = "truth-proto-extension",
version = "1.1",
sha256 = "d2fa8736dcb541813f8f4090ecc0d634b85cb82bd6d486f1af975458d0238afe",
licenses = ["notice"],
)
maven_import(
# https://github.com/google/jimfs
group_id = "com.google.jimfs",
artifact_id = "jimfs",
version = "1.2",
sha256 = "de16d5c8489729a8512f1a02fbd81f58f89249b72066987da4cc5c87ecb9f72d",
licenses = ["notice"],
)

http_archive(
name = "protobuf_java_rules",
sha256 = "7c4bbe11e41c61212a5cf16d9aafaddade3f5b1b6c8bf94270d78215fafd4007",
strip_prefix = "rules_java-c13e3ead84afb95f81fbddfade2749d8ba7cb77f",
url = "https://github.com/bazelbuild/rules_java/archive/c13e3ead84afb95f81fbddfade2749d8ba7cb77f.tar.gz",  # 2021-01-25
)
load("@protobuf_java_rules//java:repositories.bzl", "remote_jdk8_repos")
remote_jdk8_repos()
# Jarjar is a Google tool (https://github.com/google/jarjar) for generating
# shaded JARs (https://stackoverflow.com/questions/49810578). This repo contains
# Bazel bindings for Jarjar, under the Apache license.
http_archive(
name = "com_github_johnynek_bazel_jar_jar",
# output from `sha256sum` on the downloaded zip file
sha256 = "fdf2c5276e5c6f27efa1e0b64a301f5a122d84a4c1c0dd80006dbbc530a16773",
strip_prefix = "bazel_jar_jar-171f268569384c57c19474b04aebe574d85fde0d",
urls = [
"https://github.com/johnynek/bazel_jar_jar/archive/171f268569384c57c19474b04aebe574d85fde0d.zip",
],
)
load("@com_github_johnynek_bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")
jar_jar_repositories()

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium