JinwooHwang-SAS opened a new pull request, #7914: URL: https://github.com/apache/geode/pull/7914
### Summary - Updates dependency_classpath.txt with a current snapshot of the integration test runtime classpath. ### Purpose - Provide a deterministic baseline for detecting unintended dependency drift. - Support license / NOTICE aggregation and auditing. - Enable reproducible environment diagnostics and security / vulnerability scanning. - Facilitate SBOM or dependency report generation from a curated, ordered list. ### File Characteristics - Contains only jar filenames (no paths) for easier detection of changes. - Represents resolved integration test runtime artifacts at snapshot time. - Internal modules use placeholder version 0.0.0 (indicates unpublished in-repo artifacts). ### Follow-up Suggestions - Add a Gradle task to regenerate and verify this list (fail build if out-of-date). - Integrate SBOM generation referencing this baseline. - Introduce a script to diff against previous commit and flag unexpected additions. ### Verification Steps 1. Resolve integration test runtime classpath (e.g. print integrationTest.runtimeClasspath.files). 2. Compare sorted filenames to file contents; they should match exactly. 3. Commit only when intentional changes occur (new, removed, or version-changed jars). ### Risk - Documentation-only change; no production code impact. ### Added / Current Inventory (alphabetical excerpt) - jackson-datatype-jsr310-2.17.0.jar - jackson-annotations-2.17.0.jar - jackson-core-2.17.0.jar - jackson-datatype-joda-2.17.0.jar - jackson-databind-2.17.0.jar - byte-buddy-1.14.9.jar <!-- Thank you for submitting a contribution to Apache Geode. --> <!-- In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: --> ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? <!-- Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to d...@geode.apache.org. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@geode.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
