diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 847983db..9cea06c1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,19 +27,19 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: gradle/wrapper-validation-action@88425854a36845f9c881450d9660b5fd46bee142 # v3.4.2 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - name: Fetch version history # Do NOT want to fetch all tags if building a specific tag. # Doing so could result in code published with wrong version, if newer tags have been pushed if: (!startsWith(github.ref, 'refs/tags/')) run: git fetch --tag --unshallow - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: gradle-home-cache-cleanup: true - name: Build @@ -48,14 +48,14 @@ jobs: run: ./gradlew build coveralls - name: Upload Reports if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: reports-linux path: '**/build/reports/**/*.xml' retention-days: 5 - name: Upload Test Results if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-linux path: '**/build/test-results/**/*.xml' @@ -86,28 +86,28 @@ jobs: runs-on: windows-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: gradle/wrapper-validation-action@88425854a36845f9c881450d9660b5fd46bee142 # v3.4.2 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: gradle-home-cache-cleanup: true - name: Build run: ./gradlew.bat build -PexcludeContainerised - name: Upload Reports if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: reports-win path: '**/build/reports/**/*.xml' retention-days: 5 - name: Upload Test Results if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-win path: '**/build/test-results/**/*.xml' @@ -122,6 +122,6 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.0 - name: Create GitHut Release - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v0.1.15 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v0.1.15 with: generate_release_notes: true \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 629fc5a0..b298986b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,18 +28,18 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: ${{ matrix.language }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: gradle-home-cache-cleanup: true @@ -47,4 +47,4 @@ jobs: run: ./gradlew test - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 8aa3689d..7d1c233e 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 + uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve PR diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 36a28582..8a3d5748 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -18,14 +18,14 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: gradle/wrapper-validation-action@88425854a36845f9c881450d9660b5fd46bee142 # v3.4.2 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: dependency-graph: generate-and-submit gradle-home-cache-cleanup: true diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index bdc2f82a..c8987b07 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -28,7 +28,7 @@ jobs: with: fetch-depth: 0 # need full history to get page last modified times - name: Setup Ruby - uses: ruby/setup-ruby@1d0e911f615a112e322369596f10ee0b95b010ae # v1.183.0 + uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0 with: ruby-version: '3.1' bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cc403bdf..60d1e106 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,13 +20,13 @@ jobs: - name: Fetch version history run: git fetch --tags --unshallow - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: gradle-home-cache-cleanup: true - name: Ensure build is green diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b8249758..f5832230 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 77f573b4..e76f6cb8 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -27,13 +27,13 @@ jobs: - name: Fetch version history run: git fetch --tags --unshallow - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: java-version: '17' distribution: 'adopt' - name: Setup Gradle - uses: gradle/gradle-build-action@66535aaf56f831b35e3a8481c9c99b665b84dd45 # v3.4.2 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: gradle-home-cache-cleanup: true - name: Increment version diff --git a/build.gradle.kts b/build.gradle.kts index 766da7ca..ae791399 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -22,7 +22,7 @@ plugins { `creek-coverage-convention` `creek-publishing-convention` apply false `creek-sonatype-publishing-convention` - id("pl.allegro.tech.build.axion-release") version "1.17.2" // https://plugins.gradle.org/plugin/pl.allegro.tech.build.axion-release + id("pl.allegro.tech.build.axion-release") version "1.18.7" // https://plugins.gradle.org/plugin/pl.allegro.tech.build.axion-release } project.version = scmVersion.version @@ -50,15 +50,15 @@ subprojects { set("creekVersion", "0.4.2-SNAPSHOT") set("testContainersVersion", "1.19.1") // https://mvnrepository.com/artifact/org.testcontainers/testcontainers set("spotBugsVersion", "4.8.6") // https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations - set("jacksonVersion", "2.17.1") // https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations + set("jacksonVersion", "2.17.2") // https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations set("picocliVersion", "4.7.6") // https://mvnrepository.com/artifact/info.picocli/picocli set("log4jVersion", "2.23.1") // https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core - set("slf4jVersion", "2.0.13") // https://mvnrepository.com/artifact/org.slf4j/slf4j-api + set("slf4jVersion", "2.0.16") // https://mvnrepository.com/artifact/org.slf4j/slf4j-api - set("guavaVersion", "33.2.1-jre") // https://mvnrepository.com/artifact/com.google.guava/guava - set("junitVersion", "5.10.2") // https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter-api + set("guavaVersion", "33.3.0-jre") // https://mvnrepository.com/artifact/com.google.guava/guava + set("junitVersion", "5.11.0") // https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter-api set("junitPioneerVersion", "2.2.0") // https://mvnrepository.com/artifact/org.junit-pioneer/junit-pioneer - set("mockitoVersion", "5.12.0") // https://mvnrepository.com/artifact/org.mockito/mockito-junit-jupiter + set("mockitoVersion", "5.13.0") // https://mvnrepository.com/artifact/org.mockito/mockito-junit-jupiter } val creekVersion : String by extra