Merge pull request #7892 from lpalashevski/dependabot-aggregate

Dependabot aggregate updates, October 2023.
odpi · Oct 3, 2023 · 074878c · 074878c
2 parents b6a4eb6 + 9968425
commit 074878c
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 63 deletions.
diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.0
       - uses: gradle/wrapper-validation-action@v1
       - name: Setup Java JDK
         uses: actions/setup-java@v3
@@ -38,7 +38,7 @@ jobs:
           java-version: '17'
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2.20.1
+        uses: github/codeql-action/init@v2.21.0
         with:
           languages: java
           queries: security-and-quality
@@ -51,6 +51,6 @@ jobs:
           cache-disabled: true
           arguments: -x javadoc -x test build -PskipOpenTypesFVT
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2.20.1
+        uses: github/codeql-action/analyze@v2.21.0
         with:
           ram: 4096
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.0
       - name: Link Checker
         uses: lycheeverse/[email protected]
         with:

diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml
@@ -22,7 +22,7 @@ jobs:
     name: "Merge v4"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.0
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v1
       - name: Set up JDK
@@ -65,22 +65,22 @@ jobs:
           branch: gh-pages
           folder: build/docs/javadoc
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to container registry (Quay.io)
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_IO_USERNAME }}
           password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }}
       - name: Login to container registry (Docker Hub)
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
       # QEMU is needed for ARM64 build for egeria-configure
       # egeria-configure needs to install utilities
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set Release version env variable
         run: |
           echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV
@@ -91,15 +91,15 @@ jobs:
           cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
       - name: Build and push(egeria) to quay.io and docker.io (tag latest only for main!)
         if: ${{ github.ref == 'refs/heads/main'}}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:latest, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:latest
           context: ./open-metadata-resources/open-metadata-deployment/docker/egeria
           platforms: linux/amd64,linux/arm64
       - name: Build and push(egeria) to quay.io and docker.io (no tag latest)
         if: ${{ github.ref != 'refs/heads/main'}}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:${{ env.VERSION }}
@@ -108,7 +108,7 @@ jobs:
       # Publish container images(egeria-configure) to quay.io and docker.io
       - name: Build and push(egeria-configure) to quay.io and docker.io (tag latest)
         if: ${{ github.ref == 'refs/heads/main'}}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:latest, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:latest
@@ -118,27 +118,27 @@ jobs:
       # Publish container images(egeria-configure) to quay.io and docker.io
       - name: Build and push(egeria-configure) to quay.io and docker.io (no tag latest)
         if: ${{ github.ref != 'refs/heads/main'}}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:${{ env.VERSION }}
           context: ./open-metadata-resources/open-metadata-deployment/docker/configure
           platforms: linux/amd64,linux/arm64
       # --
       - name: Upload Log of any dependency failures
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Dependency Analysis Report (on failure)
           path: build/reports/dependency-analysis/build-health-report.txt
           if-no-files-found: ignore
       # Mostly for verification - not published to the release itself for now
       - name: Upload assemblies
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Assemblies
           path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
       - name: Upload Test coverage report
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Jacoco Coverage Report
           path: build/reports/jacoco/codeCoverageReport

diff --git a/.github/workflows/pr-v4.yml b/.github/workflows/pr-v4.yml
@@ -16,7 +16,7 @@ jobs:
     name: "Verify PR v4"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.0
       - uses: gradle/wrapper-validation-action@v1
       - name: Set up JDK
         uses: actions/setup-java@v3
@@ -32,12 +32,12 @@ jobs:
             build
             --scan
       - name: Upload Test coverage report
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Jacoco Coverage Report
           path: build/reports/jacoco/codeCoverageReport
       - name: Upload Log of any dependency failures
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Dependency Analysis Report (on failure)
           path: build/reports/dependency-analysis/build-health-report.txt

diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml
@@ -24,20 +24,20 @@ jobs:
     name: "Release"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3.5.3
+      - uses: actions/checkout@v4.1.0
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v1
       # Prep for docker builds
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to container registry (Quay.io)
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_IO_USERNAME }}
           password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }}
       - name: Login to container registry (docker.io)
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
@@ -62,7 +62,7 @@ jobs:
       # QEMU is needed for ARM64 build for egeria-configure
       # egeria-configure needs to install utilities
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set Release version env variable
         run: |
           echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV
@@ -72,23 +72,23 @@ jobs:
           mkdir -p ./open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
           cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly
       - name: Build and push(egeria) to quay.io and docker.io
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:stable, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:stable
           context: ./open-metadata-resources/open-metadata-deployment/docker/egeria
           platforms: linux/amd64,linux/arm64
       # Publish container images(egeria-configure) to quay.io and docker.io
       - name: Build and push(egeria-configure) to quay.io and docker.io
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           push: true
           tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:stable, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:stable
           context: ./open-metadata-resources/open-metadata-deployment/docker/configure
           platforms: linux/amd64,linux/arm64
       # Mostly for verification - not published to the release itself for now
       - name: Upload assemblies
-        uses: actions/[email protected].2
+        uses: actions/[email protected].3
         with:
           name: Assemblies
           path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v3.5.3  # tag=v3.0.0
+        uses: actions/checkout@v4.1.0  # tag=v3.0.0
         with:
           persist-credentials: false
 
@@ -54,14 +54,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/[email protected].2  # tag=v3.0.0
+        uses: actions/[email protected].3  # tag=v3.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2.20.1  # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@v2.21.0  # tag=v1.0.26
         with:
           sarif_file: results.sarif
diff --git a/bom/build.gradle b/bom/build.gradle
@@ -23,11 +23,11 @@ ext {
     // TODO: version 4 under new package name
     antlrVersion = '3.5.3'
     ST4Version = '4.3.4'
-    avroVersion = '1.11.1'
-    classgraphVersion = '4.8.160'
+    avroVersion = '1.11.3'
+    classgraphVersion = '4.8.162'
     classmateVersion = '1.5.1'
     collections4Version = '4.4'
-    commonscodecVersion = '1.15'
+    commonscodecVersion = '1.16.0'
     commonsconfiguration2Version = '2.9.0'
     commonsconfigurationVersion = '1.10'
     commonsioVersion = '2.13.0'
@@ -41,7 +41,7 @@ ext {
     gremlinVersion = '3.5.6'
     // TODO: Version 4 under new package name. 3.0.13 is held to be compat with gradle tests (fvt)
     groovyVersion = '3.0.15'
-    guavaVersion = '32.0.1-jre'
+    guavaVersion = '32.1.2-jre'
     hamcrestVersion = '2.2'
     hdrhistogramVersion = '2.1.12'
     hibernatevalidatorVersion = '8.0.1.Final'
@@ -61,25 +61,25 @@ ext {
     jodatimeVersion = '2.12.5'
     jsonldVersion = '0.13.4'
     junitVersion = '4.13.2'
-    junitjupiterVersion = '5.9.3'
+    junitjupiterVersion = '5.10.0'
     junitplatformVersion = '1.9.2'
-    jwtVersion = '9.31'
+    jwtVersion = '9.35'
     jwtApiVersion = '0.11.5'
     jwtImplVersion = '0.11.5'
     jwtJacksonVersion = '0.11.5'
-    kafkaVersion = '3.5.0'
-    lang3Version = '3.12.0'
+    kafkaVersion = '3.5.1'
+    lang3Version = '3.13.0'
     logbackVersion = '1.4.5'
-    lettuceVersion = '6.2.4.RELEASE'
+    lettuceVersion = '6.2.6.RELEASE'
     // TODO: Version 9 now available
     luceneVersion = '8.11.2'
-    openlineageVersion = '0.29.2'
-    ossVersion = '4.15.0'
+    openlineageVersion = '1.2.2'
+    ossVersion = '4.16.0'
     // TODO: Held as data engine breaks
     mockitoVersion = '4.11.0'
     plexusVersion = '4.0.0'
-    prometheusVersion = '1.11.2'
-    nettyVersion = '4.1.94.Final'
+    prometheusVersion = '1.11.4'
+    nettyVersion = '4.1.99.Final'
     quartzVersion = '2.3.2'
     reflectionsVersion = '0.10.2'
     sanitizerVersion = '1.2.3'
@@ -89,37 +89,37 @@ ext {
     sleepycatVersion = '18.3.12'
     slf4jVersion = '2.0.6'
     snappyVersion = '1.1.10.5'
-    springbootVersion = '3.1.1'
+    springbootVersion = '3.1.4'
     spotbugsVersion = '4.7.3'
     springdataVersion = '3.0.3'
     springldapVersion = '3.0.1'
-    springsecurityVersion = '6.1.1'
+    springsecurityVersion = '6.1.4'
     springsecurityJwtVersion = '1.1.1.RELEASE'
-    swaggerVersion = '2.2.14'
+    swaggerVersion = '2.2.16'
     testngVersion = '7.8.0'
-    thriftVersion = '0.18.1'
+    thriftVersion = '0.19.0'
     springwebVersion = '6.0.6'
-    tinkVersion = '1.9.0'
-    tomcatVersion = '10.1.10'
+    tinkVersion = '1.11.0'
+    tomcatVersion = '10.1.13'
     validationVersion = '2.0.1.Final'
     gsonVersion = '2.10.1'
-    antVersion = '1.10.13'
-    jnrVersion = '3.1.17'
-    cassandraVersion = '4.1.2'
-    protobufVersion = '3.23.4'
+    antVersion = '1.10.14'
+    jnrVersion = '3.1.18'
+    cassandraVersion = '4.1.3'
+    protobufVersion = '3.24.3'
     osgiVersion = '8.0.0'
     log4jVersion = '2.20.0'
     jacksonjdk8Version = '2.15.2'
     reactivestreamsVersion = '1.0.4'
-    springdocStarterVersion = '2.1.0'
+    springdocStarterVersion = '2.2.0'
     jacocoVersion = '0.8.8'
     snakeYamlVersion = '2.2'
 }
 
 dependencies {
     // Only use this to bring in platforms, which are *constraints*
     dependencies {
-        api(platform('net.openhft:chronicle-bom:2.24ea71'))
+        api(platform('net.openhft:chronicle-bom:2.24ea80'))
     }
     constraints {
         api("ch.qos.logback:logback-classic:${logbackVersion}")
@@ -289,7 +289,7 @@ dependencies {
         //TODO: Remove dependency line below in case the new parent library is updated and pulls good version.
         api("com.beust:jcommander:1.82")
         api("org.antlr:antlr4:4.13.0")
-        api("org.apache.ivy:ivy:2.5.1")
+        api("org.apache.ivy:ivy:2.5.2")
 
         // Add in Egeria's own projects -- not for us, but for our users
         //subprojects.forEach { subProject ->

diff --git a/...nance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle b/...nance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle
@@ -58,8 +58,8 @@ filter {
         includeEngines 'junit-jupiter'
     }
     dependencies {
-        testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.3'
-        testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.3'
+        testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.0'
+        testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0'
     }
 
     testLogging {

diff --git a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright Contributors to the Egeria project
 
-FROM docker.io/library/alpine:3.18.2
+FROM docker.io/library/alpine:3.18.4
 ARG version=4.4-SNAPSHOT
 ARG VCS_REF=unknown
 ARG VCS_ORIGIN=unknown

diff --git a/settings.gradle b/settings.gradle
@@ -16,16 +16,16 @@ pluginManagement {
     }
     plugins {
         id "io.freefair.aggregate-javadoc" version "6.6.3"
-        id "io.freefair.lombok" version "8.1.0"
+        id "io.freefair.lombok" version "8.3"
         // Checks for unnecessary dependencies
-        id("com.autonomousapps.dependency-analysis") version "1.20.0"
+        id("com.autonomousapps.dependency-analysis") version "1.24.0"
         // helps resolve log implementation clashes
         id 'dev.jacomet.logging-capabilities' version "0.11.1"
         // This plugin helps resolve jakarta/javax dev.jacomet.logging-capabilities
-        id 'org.gradlex.java-ecosystem-capabilities' version "1.3"
+        id 'org.gradlex.java-ecosystem-capabilities' version "1.3.1"
         // Docs don't recommend specifying a version for checkstyle
         id 'checkstyle'
-        id 'org.springframework.boot' version '2.7.13'
+        id 'org.springframework.boot' version '2.7.16'
         id 'com.github.johnrengelman.shadow' version '8.1.1'
         id 'com.github.psxpaul.execfork' version '0.2.2'
     }