diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml index 4527b832b14..14baabdad36 100644 --- a/.github/workflows/codeql-v4.yml +++ b/.github/workflows/codeql-v4.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - uses: gradle/wrapper-validation-action@v1 - name: Setup Java JDK uses: actions/setup-java@v3 @@ -38,7 +38,7 @@ jobs: java-version: '17' # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2.20.1 + uses: github/codeql-action/init@v2.21.0 with: languages: java queries: security-and-quality @@ -51,6 +51,6 @@ jobs: cache-disabled: true arguments: -x javadoc -x test build -PskipOpenTypesFVT - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2.20.1 + uses: github/codeql-action/analyze@v2.21.0 with: ram: 4096 diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 826b80e2f6c..18df853c139 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 - name: Link Checker uses: lycheeverse/lychee-action@v1.8.0 with: diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 6aef50b0847..21f96883ee2 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -22,7 +22,7 @@ jobs: name: "Merge v4" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 name: Checkout source - uses: gradle/wrapper-validation-action@v1 - name: Set up JDK @@ -65,22 +65,22 @@ jobs: branch: gh-pages folder: build/docs/javadoc - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_IO_USERNAME }} password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }} - name: Login to container registry (Docker Hub) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} # QEMU is needed for ARM64 build for egeria-configure # egeria-configure needs to install utilities - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set Release version env variable run: | echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV @@ -91,7 +91,7 @@ jobs: cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly - name: Build and push(egeria) to quay.io and docker.io (tag latest only for main!) if: ${{ github.ref == 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:latest, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:latest @@ -99,7 +99,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Build and push(egeria) to quay.io and docker.io (no tag latest) if: ${{ github.ref != 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:${{ env.VERSION }} @@ -108,7 +108,7 @@ jobs: # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io (tag latest) if: ${{ github.ref == 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:latest, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:latest @@ -118,7 +118,7 @@ jobs: # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io (no tag latest) if: ${{ github.ref != 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:${{ env.VERSION }} @@ -126,19 +126,19 @@ jobs: platforms: linux/amd64,linux/arm64 # -- - name: Upload Log of any dependency failures - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Dependency Analysis Report (on failure) path: build/reports/dependency-analysis/build-health-report.txt if-no-files-found: ignore # Mostly for verification - not published to the release itself for now - name: Upload assemblies - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Assemblies path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz - name: Upload Test coverage report - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Jacoco Coverage Report path: build/reports/jacoco/codeCoverageReport diff --git a/.github/workflows/pr-v4.yml b/.github/workflows/pr-v4.yml index d3bcc7698a4..5534c701246 100644 --- a/.github/workflows/pr-v4.yml +++ b/.github/workflows/pr-v4.yml @@ -16,7 +16,7 @@ jobs: name: "Verify PR v4" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 - uses: gradle/wrapper-validation-action@v1 - name: Set up JDK uses: actions/setup-java@v3 @@ -32,12 +32,12 @@ jobs: build --scan - name: Upload Test coverage report - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Jacoco Coverage Report path: build/reports/jacoco/codeCoverageReport - name: Upload Log of any dependency failures - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Dependency Analysis Report (on failure) path: build/reports/dependency-analysis/build-health-report.txt diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 4817b0d6584..0eda2e00e40 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -24,20 +24,20 @@ jobs: name: "Release" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 name: Checkout source - uses: gradle/wrapper-validation-action@v1 # Prep for docker builds - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_IO_USERNAME }} password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }} - name: Login to container registry (docker.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} @@ -62,7 +62,7 @@ jobs: # QEMU is needed for ARM64 build for egeria-configure # egeria-configure needs to install utilities - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set Release version env variable run: | echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV @@ -72,7 +72,7 @@ jobs: mkdir -p ./open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly - name: Build and push(egeria) to quay.io and docker.io - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:stable, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:stable @@ -80,7 +80,7 @@ jobs: platforms: linux/amd64,linux/arm64 # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:stable, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:stable @@ -88,7 +88,7 @@ jobs: platforms: linux/amd64,linux/arm64 # Mostly for verification - not published to the release itself for now - name: Upload assemblies - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Assemblies path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d44b2ff7c42..65fe3ac8eae 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.5.3 # tag=v3.0.0 + uses: actions/checkout@v4.1.0 # tag=v3.0.0 with: persist-credentials: false @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v3.1.2 # tag=v3.0.0 + uses: actions/upload-artifact@v3.1.3 # tag=v3.0.0 with: name: SARIF file path: results.sarif @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v2.20.1 # tag=v1.0.26 + uses: github/codeql-action/upload-sarif@v2.21.0 # tag=v1.0.26 with: sarif_file: results.sarif diff --git a/bom/build.gradle b/bom/build.gradle index b15c16ac199..93c29ca8d02 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -23,11 +23,11 @@ ext { // TODO: version 4 under new package name antlrVersion = '3.5.3' ST4Version = '4.3.4' - avroVersion = '1.11.1' - classgraphVersion = '4.8.160' + avroVersion = '1.11.3' + classgraphVersion = '4.8.162' classmateVersion = '1.5.1' collections4Version = '4.4' - commonscodecVersion = '1.15' + commonscodecVersion = '1.16.0' commonsconfiguration2Version = '2.9.0' commonsconfigurationVersion = '1.10' commonsioVersion = '2.13.0' @@ -41,7 +41,7 @@ ext { gremlinVersion = '3.5.6' // TODO: Version 4 under new package name. 3.0.13 is held to be compat with gradle tests (fvt) groovyVersion = '3.0.15' - guavaVersion = '32.0.1-jre' + guavaVersion = '32.1.2-jre' hamcrestVersion = '2.2' hdrhistogramVersion = '2.1.12' hibernatevalidatorVersion = '8.0.1.Final' @@ -61,25 +61,25 @@ ext { jodatimeVersion = '2.12.5' jsonldVersion = '0.13.4' junitVersion = '4.13.2' - junitjupiterVersion = '5.9.3' + junitjupiterVersion = '5.10.0' junitplatformVersion = '1.9.2' - jwtVersion = '9.31' + jwtVersion = '9.35' jwtApiVersion = '0.11.5' jwtImplVersion = '0.11.5' jwtJacksonVersion = '0.11.5' - kafkaVersion = '3.5.0' - lang3Version = '3.12.0' + kafkaVersion = '3.5.1' + lang3Version = '3.13.0' logbackVersion = '1.4.5' - lettuceVersion = '6.2.4.RELEASE' + lettuceVersion = '6.2.6.RELEASE' // TODO: Version 9 now available luceneVersion = '8.11.2' - openlineageVersion = '0.29.2' - ossVersion = '4.15.0' + openlineageVersion = '1.2.2' + ossVersion = '4.16.0' // TODO: Held as data engine breaks mockitoVersion = '4.11.0' plexusVersion = '4.0.0' - prometheusVersion = '1.11.2' - nettyVersion = '4.1.94.Final' + prometheusVersion = '1.11.4' + nettyVersion = '4.1.99.Final' quartzVersion = '2.3.2' reflectionsVersion = '0.10.2' sanitizerVersion = '1.2.3' @@ -89,29 +89,29 @@ ext { sleepycatVersion = '18.3.12' slf4jVersion = '2.0.6' snappyVersion = '1.1.10.5' - springbootVersion = '3.1.1' + springbootVersion = '3.1.4' spotbugsVersion = '4.7.3' springdataVersion = '3.0.3' springldapVersion = '3.0.1' - springsecurityVersion = '6.1.1' + springsecurityVersion = '6.1.4' springsecurityJwtVersion = '1.1.1.RELEASE' - swaggerVersion = '2.2.14' + swaggerVersion = '2.2.16' testngVersion = '7.8.0' - thriftVersion = '0.18.1' + thriftVersion = '0.19.0' springwebVersion = '6.0.6' - tinkVersion = '1.9.0' - tomcatVersion = '10.1.10' + tinkVersion = '1.11.0' + tomcatVersion = '10.1.13' validationVersion = '2.0.1.Final' gsonVersion = '2.10.1' - antVersion = '1.10.13' - jnrVersion = '3.1.17' - cassandraVersion = '4.1.2' - protobufVersion = '3.23.4' + antVersion = '1.10.14' + jnrVersion = '3.1.18' + cassandraVersion = '4.1.3' + protobufVersion = '3.24.3' osgiVersion = '8.0.0' log4jVersion = '2.20.0' jacksonjdk8Version = '2.15.2' reactivestreamsVersion = '1.0.4' - springdocStarterVersion = '2.1.0' + springdocStarterVersion = '2.2.0' jacocoVersion = '0.8.8' snakeYamlVersion = '2.2' } @@ -119,7 +119,7 @@ ext { dependencies { // Only use this to bring in platforms, which are *constraints* dependencies { - api(platform('net.openhft:chronicle-bom:2.24ea71')) + api(platform('net.openhft:chronicle-bom:2.24ea80')) } constraints { api("ch.qos.logback:logback-classic:${logbackVersion}") @@ -289,7 +289,7 @@ dependencies { //TODO: Remove dependency line below in case the new parent library is updated and pulls good version. api("com.beust:jcommander:1.82") api("org.antlr:antlr4:4.13.0") - api("org.apache.ivy:ivy:2.5.1") + api("org.apache.ivy:ivy:2.5.2") // Add in Egeria's own projects -- not for us, but for our users //subprojects.forEach { subProject -> diff --git a/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle b/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle index 8ffee5d83da..584b24c5c6e 100644 --- a/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle +++ b/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle @@ -58,8 +58,8 @@ filter { includeEngines 'junit-jupiter' } dependencies { - testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.3' - testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.3' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0' } testLogging { diff --git a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile index 69651a6b937..4ff8b22f205 100644 --- a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile +++ b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright Contributors to the Egeria project -FROM docker.io/library/alpine:3.18.2 +FROM docker.io/library/alpine:3.18.4 ARG version=4.4-SNAPSHOT ARG VCS_REF=unknown ARG VCS_ORIGIN=unknown diff --git a/settings.gradle b/settings.gradle index 8658b1a2831..64750427ef8 100644 --- a/settings.gradle +++ b/settings.gradle @@ -16,16 +16,16 @@ pluginManagement { } plugins { id "io.freefair.aggregate-javadoc" version "6.6.3" - id "io.freefair.lombok" version "8.1.0" + id "io.freefair.lombok" version "8.3" // Checks for unnecessary dependencies - id("com.autonomousapps.dependency-analysis") version "1.20.0" + id("com.autonomousapps.dependency-analysis") version "1.24.0" // helps resolve log implementation clashes id 'dev.jacomet.logging-capabilities' version "0.11.1" // This plugin helps resolve jakarta/javax dev.jacomet.logging-capabilities - id 'org.gradlex.java-ecosystem-capabilities' version "1.3" + id 'org.gradlex.java-ecosystem-capabilities' version "1.3.1" // Docs don't recommend specifying a version for checkstyle id 'checkstyle' - id 'org.springframework.boot' version '2.7.13' + id 'org.springframework.boot' version '2.7.16' id 'com.github.johnrengelman.shadow' version '8.1.1' id 'com.github.psxpaul.execfork' version '0.2.2' }