Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot aggregate updates October 2023 #7892

Merged
merged 37 commits into from
Oct 3, 2023
Merged

Dependabot aggregate updates October 2023 #7892

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
34f3071
Bump com.google.crypto.tink:tink from 1.9.0 to 1.11.0
dependabot[bot] Oct 3, 2023
e0b24e7
Bump org.apache.thrift:libthrift from 0.18.1 to 0.19.0
dependabot[bot] Oct 3, 2023
60e9fc9
Bump io.micrometer:micrometer-registry-prometheus from 1.11.2 to 1.11.4
dependabot[bot] Oct 3, 2023
cbbb1f7
Bump org.apache.avro:avro from 1.11.1 to 1.11.3
dependabot[bot] Oct 3, 2023
5635a77
Bump net.openhft:chronicle-bom from 2.24ea71 to 2.24ea80
dependabot[bot] Oct 3, 2023
8249bf2
Bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.35
dependabot[bot] Oct 3, 2023
8a7edb5
Bump com.github.jnr:jnr-posix from 3.1.17 to 3.1.18
dependabot[bot] Oct 3, 2023
50432e1
Bump swaggerVersion from 2.2.14 to 2.2.16
dependabot[bot] Oct 3, 2023
fa12f08
Bump the spring group with 17 updates
dependabot[bot] Oct 3, 2023
f8974ef
Bump io.openlineage:openlineage-java from 0.29.2 to 1.2.2
dependabot[bot] Oct 3, 2023
8a65020
Bump com.autonomousapps.dependency-analysis from 1.20.0 to 1.24.0
dependabot[bot] Oct 3, 2023
4cc6332
Bump nettyVersion from 4.1.94.Final to 4.1.99.Final
dependabot[bot] Oct 3, 2023
56036df
Bump library/alpine
dependabot[bot] Oct 3, 2023
54c849b
Bump docker/setup-qemu-action from 2 to 3
dependabot[bot] Oct 1, 2023
04565ea
Bump actions/checkout from 3.5.3 to 4.1.0
dependabot[bot] Oct 1, 2023
f1e6845
Bump actions/upload-artifact from 3.1.2 to 3.1.3
dependabot[bot] Oct 1, 2023
f2c5148
Bump docker/setup-buildx-action from 2 to 3
dependabot[bot] Oct 1, 2023
bd7ce9d
Bump docker/login-action from 2 to 3
dependabot[bot] Oct 1, 2023
6bad568
Bump docker/build-push-action from 3 to 5
dependabot[bot] Oct 1, 2023
606cf56
Bump com.google.protobuf:protobuf-java from 3.23.4 to 3.24.3
dependabot[bot] Oct 3, 2023
b4a8147
Bump org.apache.ant:ant from 1.10.13 to 1.10.14
dependabot[bot] Sep 8, 2023
381a941
Bump org.apache.ivy:ivy from 2.5.1 to 2.5.2
dependabot[bot] Sep 8, 2023
af4eab4
Bump io.freefair.aggregate-javadoc from 6.6.3 to 8.3
dependabot[bot] Sep 8, 2023
cdc8c0f
Bump io.freefair.lombok from 8.1.0 to 8.3
dependabot[bot] Sep 8, 2023
4234339
Bump io.lettuce:lettuce-core from 6.2.4.RELEASE to 6.2.6.RELEASE
dependabot[bot] Sep 8, 2023
500f8a3
Bump io.github.classgraph:classgraph from 4.8.160 to 4.8.162
dependabot[bot] Sep 8, 2023
6b76e72
Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0
dependabot[bot] Aug 29, 2023
d826257
Bump org.apache.cassandra:cassandra-all from 4.1.2 to 4.1.3
dependabot[bot] Aug 29, 2023
cf213bc
Bump org.gradlex.java-ecosystem-capabilities from 1.3 to 1.3.1
dependabot[bot] Aug 29, 2023
8085f99
Bump org.apache.kafka:kafka-clients from 3.5.0 to 3.5.1
dependabot[bot] Aug 29, 2023
a95e0d2
Bump com.google.guava:guava from 32.0.1-jre to 32.1.2-jre
dependabot[bot] Aug 29, 2023
f8f2638
Bump junitjupiterVersion from 5.9.3 to 5.10.0
dependabot[bot] Aug 29, 2023
8ef90ef
Bump github/codeql-action from 2.20.1 to 2.21.0
dependabot[bot] Jul 21, 2023
6dded20
Bump com.datastax.oss:java-driver-core from 4.15.0 to 4.16.0
dependabot[bot] Jun 28, 2023
a136043
Bump commons-codec:commons-codec from 1.15 to 1.16.0
dependabot[bot] Jul 24, 2023
3896843
Bump lycheeverse/lychee-action from 1.7.0 to 1.8.0
dependabot[bot] Jun 1, 2023
9968425
bump tomcat version to 10.1.13 for spring compatibility
lpalashevski Oct 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/codeql-v4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v3.5.3
uses: actions/checkout@v4.1.0
- uses: gradle/wrapper-validation-action@v1
- name: Setup Java JDK
uses: actions/setup-java@v3
Expand All @@ -38,7 +38,7 @@ jobs:
java-version: '17'
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2.20.1
uses: github/codeql-action/init@v2.21.0
with:
languages: java
queries: security-and-quality
Expand All @@ -51,6 +51,6 @@ jobs:
cache-disabled: true
arguments: -x javadoc -x test build -PskipOpenTypesFVT
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2.20.1
uses: github/codeql-action/analyze@v2.21.0
with:
ram: 4096
2 changes: 1 addition & 1 deletion .github/workflows/linkcheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
if: startsWith(github.repository,'odpi/')
steps:
- uses: actions/checkout@v3.5.3
- uses: actions/checkout@v4.1.0
- name: Link Checker
uses: lycheeverse/[email protected]
with:
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/merge-v4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
name: "Merge v4"
if: startsWith(github.repository,'odpi/')
steps:
- uses: actions/checkout@v3.5.3
- uses: actions/checkout@v4.1.0
name: Checkout source
- uses: gradle/wrapper-validation-action@v1
- name: Set up JDK
Expand Down Expand Up @@ -65,22 +65,22 @@ jobs:
branch: gh-pages
folder: build/docs/javadoc
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
- name: Login to container registry (Quay.io)
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_IO_USERNAME }}
password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }}
- name: Login to container registry (Docker Hub)
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# QEMU is needed for ARM64 build for egeria-configure
# egeria-configure needs to install utilities
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3
- name: Set Release version env variable
run: |
echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV
Expand All @@ -91,15 +91,15 @@ jobs:
cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
- name: Build and push(egeria) to quay.io and docker.io (tag latest only for main!)
if: ${{ github.ref == 'refs/heads/main'}}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:latest, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:latest
context: ./open-metadata-resources/open-metadata-deployment/docker/egeria
platforms: linux/amd64,linux/arm64
- name: Build and push(egeria) to quay.io and docker.io (no tag latest)
if: ${{ github.ref != 'refs/heads/main'}}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:${{ env.VERSION }}
Expand All @@ -108,7 +108,7 @@ jobs:
# Publish container images(egeria-configure) to quay.io and docker.io
- name: Build and push(egeria-configure) to quay.io and docker.io (tag latest)
if: ${{ github.ref == 'refs/heads/main'}}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:latest, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:latest
Expand All @@ -118,27 +118,27 @@ jobs:
# Publish container images(egeria-configure) to quay.io and docker.io
- name: Build and push(egeria-configure) to quay.io and docker.io (no tag latest)
if: ${{ github.ref != 'refs/heads/main'}}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:${{ env.VERSION }}
context: ./open-metadata-resources/open-metadata-deployment/docker/configure
platforms: linux/amd64,linux/arm64
# --
- name: Upload Log of any dependency failures
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Dependency Analysis Report (on failure)
path: build/reports/dependency-analysis/build-health-report.txt
if-no-files-found: ignore
# Mostly for verification - not published to the release itself for now
- name: Upload assemblies
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Assemblies
path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
- name: Upload Test coverage report
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Jacoco Coverage Report
path: build/reports/jacoco/codeCoverageReport
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/pr-v4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
name: "Verify PR v4"
if: startsWith(github.repository,'odpi/')
steps:
- uses: actions/checkout@v3.5.3
- uses: actions/checkout@v4.1.0
- uses: gradle/wrapper-validation-action@v1
- name: Set up JDK
uses: actions/setup-java@v3
Expand All @@ -32,12 +32,12 @@ jobs:
build
--scan
- name: Upload Test coverage report
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Jacoco Coverage Report
path: build/reports/jacoco/codeCoverageReport
- name: Upload Log of any dependency failures
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Dependency Analysis Report (on failure)
path: build/reports/dependency-analysis/build-health-report.txt
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/release-v4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,20 +24,20 @@ jobs:
name: "Release"
if: startsWith(github.repository,'odpi/')
steps:
- uses: actions/checkout@v3.5.3
- uses: actions/checkout@v4.1.0
name: Checkout source
- uses: gradle/wrapper-validation-action@v1
# Prep for docker builds
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
- name: Login to container registry (Quay.io)
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_IO_USERNAME }}
password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }}
- name: Login to container registry (docker.io)
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
Expand All @@ -62,7 +62,7 @@ jobs:
# QEMU is needed for ARM64 build for egeria-configure
# egeria-configure needs to install utilities
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3
- name: Set Release version env variable
run: |
echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV
Expand All @@ -72,23 +72,23 @@ jobs:
mkdir -p ./open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
- name: Build and push(egeria) to quay.io and docker.io
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:stable, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:stable
context: ./open-metadata-resources/open-metadata-deployment/docker/egeria
platforms: linux/amd64,linux/arm64
# Publish container images(egeria-configure) to quay.io and docker.io
- name: Build and push(egeria-configure) to quay.io and docker.io
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
push: true
tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:stable, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:stable
context: ./open-metadata-resources/open-metadata-deployment/docker/configure
platforms: linux/amd64,linux/arm64
# Mostly for verification - not published to the release itself for now
- name: Upload assemblies
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: Assemblies
path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@v3.5.3 # tag=v3.0.0
uses: actions/checkout@v4.1.0 # tag=v3.0.0
with:
persist-credentials: false

Expand All @@ -54,14 +54,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/[email protected].2 # tag=v3.0.0
uses: actions/[email protected].3 # tag=v3.0.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v2.20.1 # tag=v1.0.26
uses: github/codeql-action/upload-sarif@v2.21.0 # tag=v1.0.26
with:
sarif_file: results.sarif
52 changes: 26 additions & 26 deletions bom/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ ext {
// TODO: version 4 under new package name
antlrVersion = '3.5.3'
ST4Version = '4.3.4'
avroVersion = '1.11.1'
classgraphVersion = '4.8.160'
avroVersion = '1.11.3'
classgraphVersion = '4.8.162'
classmateVersion = '1.5.1'
collections4Version = '4.4'
commonscodecVersion = '1.15'
commonscodecVersion = '1.16.0'
commonsconfiguration2Version = '2.9.0'
commonsconfigurationVersion = '1.10'
commonsioVersion = '2.13.0'
Expand All @@ -41,7 +41,7 @@ ext {
gremlinVersion = '3.5.6'
// TODO: Version 4 under new package name. 3.0.13 is held to be compat with gradle tests (fvt)
groovyVersion = '3.0.15'
guavaVersion = '32.0.1-jre'
guavaVersion = '32.1.2-jre'
hamcrestVersion = '2.2'
hdrhistogramVersion = '2.1.12'
hibernatevalidatorVersion = '8.0.1.Final'
Expand All @@ -61,25 +61,25 @@ ext {
jodatimeVersion = '2.12.5'
jsonldVersion = '0.13.4'
junitVersion = '4.13.2'
junitjupiterVersion = '5.9.3'
junitjupiterVersion = '5.10.0'
junitplatformVersion = '1.9.2'
jwtVersion = '9.31'
jwtVersion = '9.35'
jwtApiVersion = '0.11.5'
jwtImplVersion = '0.11.5'
jwtJacksonVersion = '0.11.5'
kafkaVersion = '3.5.0'
lang3Version = '3.12.0'
kafkaVersion = '3.5.1'
lang3Version = '3.13.0'
logbackVersion = '1.4.5'
lettuceVersion = '6.2.4.RELEASE'
lettuceVersion = '6.2.6.RELEASE'
// TODO: Version 9 now available
luceneVersion = '8.11.2'
openlineageVersion = '0.29.2'
ossVersion = '4.15.0'
openlineageVersion = '1.2.2'
ossVersion = '4.16.0'
// TODO: Held as data engine breaks
mockitoVersion = '4.11.0'
plexusVersion = '4.0.0'
prometheusVersion = '1.11.2'
nettyVersion = '4.1.94.Final'
prometheusVersion = '1.11.4'
nettyVersion = '4.1.99.Final'
quartzVersion = '2.3.2'
reflectionsVersion = '0.10.2'
sanitizerVersion = '1.2.3'
Expand All @@ -89,37 +89,37 @@ ext {
sleepycatVersion = '18.3.12'
slf4jVersion = '2.0.6'
snappyVersion = '1.1.10.5'
springbootVersion = '3.1.1'
springbootVersion = '3.1.4'
spotbugsVersion = '4.7.3'
springdataVersion = '3.0.3'
springldapVersion = '3.0.1'
springsecurityVersion = '6.1.1'
springsecurityVersion = '6.1.4'
springsecurityJwtVersion = '1.1.1.RELEASE'
swaggerVersion = '2.2.14'
swaggerVersion = '2.2.16'
testngVersion = '7.8.0'
thriftVersion = '0.18.1'
thriftVersion = '0.19.0'
springwebVersion = '6.0.6'
tinkVersion = '1.9.0'
tomcatVersion = '10.1.10'
tinkVersion = '1.11.0'
tomcatVersion = '10.1.13'
validationVersion = '2.0.1.Final'
gsonVersion = '2.10.1'
antVersion = '1.10.13'
jnrVersion = '3.1.17'
cassandraVersion = '4.1.2'
protobufVersion = '3.23.4'
antVersion = '1.10.14'
jnrVersion = '3.1.18'
cassandraVersion = '4.1.3'
protobufVersion = '3.24.3'
osgiVersion = '8.0.0'
log4jVersion = '2.20.0'
jacksonjdk8Version = '2.15.2'
reactivestreamsVersion = '1.0.4'
springdocStarterVersion = '2.1.0'
springdocStarterVersion = '2.2.0'
jacocoVersion = '0.8.8'
snakeYamlVersion = '2.2'
}

dependencies {
// Only use this to bring in platforms, which are *constraints*
dependencies {
api(platform('net.openhft:chronicle-bom:2.24ea71'))
api(platform('net.openhft:chronicle-bom:2.24ea80'))
}
constraints {
api("ch.qos.logback:logback-classic:${logbackVersion}")
Expand Down Expand Up @@ -289,7 +289,7 @@ dependencies {
//TODO: Remove dependency line below in case the new parent library is updated and pulls good version.
api("com.beust:jcommander:1.82")
api("org.antlr:antlr4:4.13.0")
api("org.apache.ivy:ivy:2.5.1")
api("org.apache.ivy:ivy:2.5.2")

// Add in Egeria's own projects -- not for us, but for our users
//subprojects.forEach { subProject ->
Expand Down
4 changes: 2 additions & 2 deletions ...nance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ filter {
includeEngines 'junit-jupiter'
}
dependencies {
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.3'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.3'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.0'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0'
}

testLogging {
Expand Down
2 changes: 1 addition & 1 deletion open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright Contributors to the Egeria project

FROM docker.io/library/alpine:3.18.2
FROM docker.io/library/alpine:3.18.4
ARG version=4.4-SNAPSHOT
ARG VCS_REF=unknown
ARG VCS_ORIGIN=unknown
Expand Down
8 changes: 4 additions & 4 deletions settings.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@ pluginManagement {
}
plugins {
id "io.freefair.aggregate-javadoc" version "6.6.3"
id "io.freefair.lombok" version "8.1.0"
id "io.freefair.lombok" version "8.3"
// Checks for unnecessary dependencies
id("com.autonomousapps.dependency-analysis") version "1.20.0"
id("com.autonomousapps.dependency-analysis") version "1.24.0"
// helps resolve log implementation clashes
id 'dev.jacomet.logging-capabilities' version "0.11.1"
// This plugin helps resolve jakarta/javax dev.jacomet.logging-capabilities
id 'org.gradlex.java-ecosystem-capabilities' version "1.3"
id 'org.gradlex.java-ecosystem-capabilities' version "1.3.1"
// Docs don't recommend specifying a version for checkstyle
id 'checkstyle'
id 'org.springframework.boot' version '2.7.13'
id 'org.springframework.boot' version '2.7.16'
id 'com.github.johnrengelman.shadow' version '8.1.1'
id 'com.github.psxpaul.execfork' version '0.2.2'
}
Expand Down
Loading