From 34f30718fe4920e787b8368e5057fd40bd81fe74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 09:12:13 +0000 Subject: [PATCH 01/37] Bump com.google.crypto.tink:tink from 1.9.0 to 1.11.0 Bumps [com.google.crypto.tink:tink](https://github.com/tink-crypto/tink-java) from 1.9.0 to 1.11.0. - [Release notes](https://github.com/tink-crypto/tink-java/releases) - [Commits](https://github.com/tink-crypto/tink-java/compare/v1.9.0...v1.11.0) --- updated-dependencies: - dependency-name: com.google.crypto.tink:tink dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index b15c16ac199..8a035e3def0 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -99,7 +99,7 @@ ext { testngVersion = '7.8.0' thriftVersion = '0.18.1' springwebVersion = '6.0.6' - tinkVersion = '1.9.0' + tinkVersion = '1.11.0' tomcatVersion = '10.1.10' validationVersion = '2.0.1.Final' gsonVersion = '2.10.1' From e0b24e7ed3c7e4104fe5356662b66dc382c7f101 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:14:44 +0000 Subject: [PATCH 02/37] Bump org.apache.thrift:libthrift from 0.18.1 to 0.19.0 Bumps [org.apache.thrift:libthrift](https://github.com/apache/thrift) from 0.18.1 to 0.19.0. - [Release notes](https://github.com/apache/thrift/releases) - [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md) - [Commits](https://github.com/apache/thrift/compare/v0.18.1...v0.19.0) --- updated-dependencies: - dependency-name: org.apache.thrift:libthrift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 8a035e3def0..1c5883a5b39 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -97,7 +97,7 @@ ext { springsecurityJwtVersion = '1.1.1.RELEASE' swaggerVersion = '2.2.14' testngVersion = '7.8.0' - thriftVersion = '0.18.1' + thriftVersion = '0.19.0' springwebVersion = '6.0.6' tinkVersion = '1.11.0' tomcatVersion = '10.1.10' From 60e9fc92e472e89422f8a9fa8c66e45d78153203 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:14:39 +0000 Subject: [PATCH 03/37] Bump io.micrometer:micrometer-registry-prometheus from 1.11.2 to 1.11.4 Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.11.2 to 1.11.4. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.11.2...v1.11.4) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-prometheus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 1c5883a5b39..992edfffd4b 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -78,7 +78,7 @@ ext { // TODO: Held as data engine breaks mockitoVersion = '4.11.0' plexusVersion = '4.0.0' - prometheusVersion = '1.11.2' + prometheusVersion = '1.11.4' nettyVersion = '4.1.94.Final' quartzVersion = '2.3.2' reflectionsVersion = '0.10.2' From cbbb1f7cc795ef870ae87c27756b6d63edfe99c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:06:43 +0000 Subject: [PATCH 04/37] Bump org.apache.avro:avro from 1.11.1 to 1.11.3 Bumps org.apache.avro:avro from 1.11.1 to 1.11.3. --- updated-dependencies: - dependency-name: org.apache.avro:avro dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 992edfffd4b..dc94f66d86a 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -23,7 +23,7 @@ ext { // TODO: version 4 under new package name antlrVersion = '3.5.3' ST4Version = '4.3.4' - avroVersion = '1.11.1' + avroVersion = '1.11.3' classgraphVersion = '4.8.160' classmateVersion = '1.5.1' collections4Version = '4.4' From 5635a77aedb9314c0e3dc36172e5245fd88fc68b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 09:18:04 +0000 Subject: [PATCH 05/37] Bump net.openhft:chronicle-bom from 2.24ea71 to 2.24ea80 Bumps [net.openhft:chronicle-bom](https://github.com/OpenHFT/OpenHFT) from 2.24ea71 to 2.24ea80. - [Release notes](https://github.com/OpenHFT/OpenHFT/releases) - [Commits](https://github.com/OpenHFT/OpenHFT/commits) --- updated-dependencies: - dependency-name: net.openhft:chronicle-bom dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index dc94f66d86a..983a9d68bb2 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -119,7 +119,7 @@ ext { dependencies { // Only use this to bring in platforms, which are *constraints* dependencies { - api(platform('net.openhft:chronicle-bom:2.24ea71')) + api(platform('net.openhft:chronicle-bom:2.24ea80')) } constraints { api("ch.qos.logback:logback-classic:${logbackVersion}") From 8249bf20ce9af3b5aa2f8bd7dc35fb62add4d50b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 09:18:38 +0000 Subject: [PATCH 06/37] Bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.35 Bumps [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 9.31 to 9.35. - [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt) - [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.35..9.31) --- updated-dependencies: - dependency-name: com.nimbusds:nimbus-jose-jwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 983a9d68bb2..f6d3e7af3fe 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -63,7 +63,7 @@ ext { junitVersion = '4.13.2' junitjupiterVersion = '5.9.3' junitplatformVersion = '1.9.2' - jwtVersion = '9.31' + jwtVersion = '9.35' jwtApiVersion = '0.11.5' jwtImplVersion = '0.11.5' jwtJacksonVersion = '0.11.5' From 8a7edb560b0897d90f820b8fd9f2e7f3808c689a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 09:17:24 +0000 Subject: [PATCH 07/37] Bump com.github.jnr:jnr-posix from 3.1.17 to 3.1.18 Bumps [com.github.jnr:jnr-posix](https://github.com/jnr/jnr-posix) from 3.1.17 to 3.1.18. - [Commits](https://github.com/jnr/jnr-posix/compare/jnr-posix-3.1.17...jnr-posix-3.1.18) --- updated-dependencies: - dependency-name: com.github.jnr:jnr-posix dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index f6d3e7af3fe..7c300fa9938 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -104,7 +104,7 @@ ext { validationVersion = '2.0.1.Final' gsonVersion = '2.10.1' antVersion = '1.10.13' - jnrVersion = '3.1.17' + jnrVersion = '3.1.18' cassandraVersion = '4.1.2' protobufVersion = '3.23.4' osgiVersion = '8.0.0' From 50432e1bf0dc774d5aad816050cd866d47a03786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:02:45 +0000 Subject: [PATCH 08/37] Bump swaggerVersion from 2.2.14 to 2.2.16 Bumps `swaggerVersion` from 2.2.14 to 2.2.16. Updates `io.swagger.core.v3:swagger-annotations` from 2.2.14 to 2.2.16 Updates `io.swagger.core.v3:swagger-annotations-jakarta` from 2.2.14 to 2.2.16 --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 7c300fa9938..75206bb60d1 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -95,7 +95,7 @@ ext { springldapVersion = '3.0.1' springsecurityVersion = '6.1.1' springsecurityJwtVersion = '1.1.1.RELEASE' - swaggerVersion = '2.2.14' + swaggerVersion = '2.2.16' testngVersion = '7.8.0' thriftVersion = '0.19.0' springwebVersion = '6.0.6' From fa12f0815e319de3f4f10110fbc4e9a02ea95833 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:19:26 +0000 Subject: [PATCH 09/37] Bump the spring group with 17 updates Bumps the spring group with 17 updates: | Package | From | To | | --- | --- | --- | | org.springframework.boot | `2.7.13` | `2.7.16` | | [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-validation](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-actuator](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot) | `3.1.1` | `3.1.4` | | [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.1.1` | `6.1.4` | | [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.1.1` | `6.1.4` | | [org.springframework.security:spring-security-ldap](https://github.com/spring-projects/spring-security) | `6.1.1` | `6.1.4` | | [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) | `6.1.1` | `6.1.4` | | [org.springframework.security:spring-security-oauth2-jose](https://github.com/spring-projects/spring-security) | `6.1.1` | `6.1.4` | | [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) | `2.1.0` | `2.2.0` | Updates `org.springframework.boot` from 2.7.13 to 2.7.16 Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-web` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-validation` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-test` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-test` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-security` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.4) Updates `org.springframework.security:spring-security-config` from 6.1.1 to 6.1.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.1.1...6.1.4) Updates `org.springframework.security:spring-security-core` from 6.1.1 to 6.1.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.1.1...6.1.4) Updates `org.springframework.security:spring-security-ldap` from 6.1.1 to 6.1.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.1.1...6.1.4) Updates `org.springframework.security:spring-security-web` from 6.1.1 to 6.1.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.1.1...6.1.4) Updates `org.springframework.security:spring-security-oauth2-jose` from 6.1.1 to 6.1.4 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/6.1.1...6.1.4) Updates `org.springdoc:springdoc-openapi-starter-webmvc-ui` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-autoconfigure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-web dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-validation dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-security dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-data-redis dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-actuator dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.security:spring-security-ldap dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springframework.security:spring-security-oauth2-jose dependency-type: direct:production update-type: version-update:semver-patch dependency-group: spring - dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui dependency-type: direct:production update-type: version-update:semver-minor dependency-group: spring ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 6 +++--- settings.gradle | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bom/build.gradle b/bom/build.gradle index 75206bb60d1..0e3a565d6f9 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -89,11 +89,11 @@ ext { sleepycatVersion = '18.3.12' slf4jVersion = '2.0.6' snappyVersion = '1.1.10.5' - springbootVersion = '3.1.1' + springbootVersion = '3.1.4' spotbugsVersion = '4.7.3' springdataVersion = '3.0.3' springldapVersion = '3.0.1' - springsecurityVersion = '6.1.1' + springsecurityVersion = '6.1.4' springsecurityJwtVersion = '1.1.1.RELEASE' swaggerVersion = '2.2.16' testngVersion = '7.8.0' @@ -111,7 +111,7 @@ ext { log4jVersion = '2.20.0' jacksonjdk8Version = '2.15.2' reactivestreamsVersion = '1.0.4' - springdocStarterVersion = '2.1.0' + springdocStarterVersion = '2.2.0' jacocoVersion = '0.8.8' snakeYamlVersion = '2.2' } diff --git a/settings.gradle b/settings.gradle index 8658b1a2831..35f0fa8dd88 100644 --- a/settings.gradle +++ b/settings.gradle @@ -25,7 +25,7 @@ pluginManagement { id 'org.gradlex.java-ecosystem-capabilities' version "1.3" // Docs don't recommend specifying a version for checkstyle id 'checkstyle' - id 'org.springframework.boot' version '2.7.13' + id 'org.springframework.boot' version '2.7.16' id 'com.github.johnrengelman.shadow' version '8.1.1' id 'com.github.psxpaul.execfork' version '0.2.2' } From f8974efe8a6170a83f36fd7c294dcd2972589d4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:14:29 +0000 Subject: [PATCH 10/37] Bump io.openlineage:openlineage-java from 0.29.2 to 1.2.2 Bumps [io.openlineage:openlineage-java](https://github.com/OpenLineage/OpenLineage) from 0.29.2 to 1.2.2. - [Release notes](https://github.com/OpenLineage/OpenLineage/releases) - [Changelog](https://github.com/OpenLineage/OpenLineage/blob/main/CHANGELOG.md) - [Commits](https://github.com/OpenLineage/OpenLineage/compare/0.29.2...1.2.2) --- updated-dependencies: - dependency-name: io.openlineage:openlineage-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 0e3a565d6f9..6f969384470 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -73,7 +73,7 @@ ext { lettuceVersion = '6.2.4.RELEASE' // TODO: Version 9 now available luceneVersion = '8.11.2' - openlineageVersion = '0.29.2' + openlineageVersion = '1.2.2' ossVersion = '4.15.0' // TODO: Held as data engine breaks mockitoVersion = '4.11.0' From 8a650208e1ca94289b3d851b7681d70410ac2522 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:14:36 +0000 Subject: [PATCH 11/37] Bump com.autonomousapps.dependency-analysis from 1.20.0 to 1.24.0 Bumps com.autonomousapps.dependency-analysis from 1.20.0 to 1.24.0. --- updated-dependencies: - dependency-name: com.autonomousapps.dependency-analysis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- settings.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.gradle b/settings.gradle index 35f0fa8dd88..b3ce53e0857 100644 --- a/settings.gradle +++ b/settings.gradle @@ -18,7 +18,7 @@ pluginManagement { id "io.freefair.aggregate-javadoc" version "6.6.3" id "io.freefair.lombok" version "8.1.0" // Checks for unnecessary dependencies - id("com.autonomousapps.dependency-analysis") version "1.20.0" + id("com.autonomousapps.dependency-analysis") version "1.24.0" // helps resolve log implementation clashes id 'dev.jacomet.logging-capabilities' version "0.11.1" // This plugin helps resolve jakarta/javax dev.jacomet.logging-capabilities From 4cc633286ee9f3e7c39203eaf43fe2502ded1afe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 09:14:23 +0000 Subject: [PATCH 12/37] Bump nettyVersion from 4.1.94.Final to 4.1.99.Final Bumps `nettyVersion` from 4.1.94.Final to 4.1.99.Final. Updates `io.netty:netty-handler` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-common` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-buffer` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-codec` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-all` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-transport` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) Updates `io.netty:netty-resolver` from 4.1.94.Final to 4.1.99.Final - [Commits](https://github.com/netty/netty/compare/netty-4.1.94.Final...netty-4.1.99.Final) --- updated-dependencies: - dependency-name: io.netty:netty-handler dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-common dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-buffer dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-codec dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-all dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-transport dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-resolver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 6f969384470..0cbe955fd40 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -79,7 +79,7 @@ ext { mockitoVersion = '4.11.0' plexusVersion = '4.0.0' prometheusVersion = '1.11.4' - nettyVersion = '4.1.94.Final' + nettyVersion = '4.1.99.Final' quartzVersion = '2.3.2' reflectionsVersion = '0.10.2' sanitizerVersion = '1.2.3' From 56036dff60843edfea6832862789772b259396d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 12:48:17 +0000 Subject: [PATCH 13/37] Bump library/alpine Bumps library/alpine from 3.18.2 to 3.18.4. --- updated-dependencies: - dependency-name: library/alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .../open-metadata-deployment/docker/configure/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile index 69651a6b937..4ff8b22f205 100644 --- a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile +++ b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright Contributors to the Egeria project -FROM docker.io/library/alpine:3.18.2 +FROM docker.io/library/alpine:3.18.4 ARG version=4.4-SNAPSHOT ARG VCS_REF=unknown ARG VCS_ORIGIN=unknown From 54c849b01eddcc6649d2cc714fd0fa4130e86813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:46 +0000 Subject: [PATCH 14/37] Bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/merge-v4.yml | 2 +- .github/workflows/release-v4.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 6aef50b0847..2ce0ff13312 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -80,7 +80,7 @@ jobs: # QEMU is needed for ARM64 build for egeria-configure # egeria-configure needs to install utilities - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set Release version env variable run: | echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 4817b0d6584..4a632ee9559 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -62,7 +62,7 @@ jobs: # QEMU is needed for ARM64 build for egeria-configure # egeria-configure needs to install utilities - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set Release version env variable run: | echo "VERSION=$(./gradlew properties --no-daemon --console=plain -q | grep '^version:' | awk '{printf $2}')" >> $GITHUB_ENV From 04565ea9437b348c5fddbff132c77592e53d70e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:41 +0000 Subject: [PATCH 15/37] Bump actions/checkout from 3.5.3 to 4.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...v4.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/codeql-v4.yml | 2 +- .github/workflows/linkcheck.yml | 2 +- .github/workflows/merge-v4.yml | 2 +- .github/workflows/pr-v4.yml | 2 +- .github/workflows/release-v4.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml index 4527b832b14..745ab599df5 100644 --- a/.github/workflows/codeql-v4.yml +++ b/.github/workflows/codeql-v4.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - uses: gradle/wrapper-validation-action@v1 - name: Setup Java JDK uses: actions/setup-java@v3 diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 826b80e2f6c..18df853c139 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 - name: Link Checker uses: lycheeverse/lychee-action@v1.8.0 with: diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 2ce0ff13312..769b81c3c52 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -22,7 +22,7 @@ jobs: name: "Merge v4" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 name: Checkout source - uses: gradle/wrapper-validation-action@v1 - name: Set up JDK diff --git a/.github/workflows/pr-v4.yml b/.github/workflows/pr-v4.yml index d3bcc7698a4..4ec061241aa 100644 --- a/.github/workflows/pr-v4.yml +++ b/.github/workflows/pr-v4.yml @@ -16,7 +16,7 @@ jobs: name: "Verify PR v4" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 - uses: gradle/wrapper-validation-action@v1 - name: Set up JDK uses: actions/setup-java@v3 diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 4a632ee9559..74ab8a4acfd 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -24,7 +24,7 @@ jobs: name: "Release" if: startsWith(github.repository,'odpi/') steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v4.1.0 name: Checkout source - uses: gradle/wrapper-validation-action@v1 # Prep for docker builds diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d44b2ff7c42..b5a1712a619 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.5.3 # tag=v3.0.0 + uses: actions/checkout@v4.1.0 # tag=v3.0.0 with: persist-credentials: false From f1e6845ee46e18b31638692fe42a1348a8b21b9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:37 +0000 Subject: [PATCH 16/37] Bump actions/upload-artifact from 3.1.2 to 3.1.3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/merge-v4.yml | 6 +++--- .github/workflows/pr-v4.yml | 4 ++-- .github/workflows/release-v4.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 769b81c3c52..2b972cf960a 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -126,19 +126,19 @@ jobs: platforms: linux/amd64,linux/arm64 # -- - name: Upload Log of any dependency failures - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Dependency Analysis Report (on failure) path: build/reports/dependency-analysis/build-health-report.txt if-no-files-found: ignore # Mostly for verification - not published to the release itself for now - name: Upload assemblies - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Assemblies path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz - name: Upload Test coverage report - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Jacoco Coverage Report path: build/reports/jacoco/codeCoverageReport diff --git a/.github/workflows/pr-v4.yml b/.github/workflows/pr-v4.yml index 4ec061241aa..5534c701246 100644 --- a/.github/workflows/pr-v4.yml +++ b/.github/workflows/pr-v4.yml @@ -32,12 +32,12 @@ jobs: build --scan - name: Upload Test coverage report - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Jacoco Coverage Report path: build/reports/jacoco/codeCoverageReport - name: Upload Log of any dependency failures - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Dependency Analysis Report (on failure) path: build/reports/dependency-analysis/build-health-report.txt diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 74ab8a4acfd..4779cd376cb 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -88,7 +88,7 @@ jobs: platforms: linux/amd64,linux/arm64 # Mostly for verification - not published to the release itself for now - name: Upload assemblies - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@v3.1.3 with: name: Assemblies path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b5a1712a619..3497c2d8188 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v3.1.2 # tag=v3.0.0 + uses: actions/upload-artifact@v3.1.3 # tag=v3.0.0 with: name: SARIF file path: results.sarif From f2c51486f202199bfe4511288aa2dd618f57502c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:34 +0000 Subject: [PATCH 17/37] Bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/merge-v4.yml | 2 +- .github/workflows/release-v4.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 2b972cf960a..c32c8e01851 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -65,7 +65,7 @@ jobs: branch: gh-pages folder: build/docs/javadoc - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) uses: docker/login-action@v2 with: diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 4779cd376cb..65949f2ea31 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -29,7 +29,7 @@ jobs: - uses: gradle/wrapper-validation-action@v1 # Prep for docker builds - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) uses: docker/login-action@v2 with: From bd7ce9d09981360a6ee08a8efe5ec86326d6a0e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:24 +0000 Subject: [PATCH 18/37] Bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/merge-v4.yml | 4 ++-- .github/workflows/release-v4.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index c32c8e01851..6295e75fb9e 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -67,13 +67,13 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_IO_USERNAME }} password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }} - name: Login to container registry (Docker Hub) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 65949f2ea31..9424c4b76e3 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -31,13 +31,13 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to container registry (Quay.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_IO_USERNAME }} password: ${{ secrets.QUAY_IO_ACCESS_TOKEN }} - name: Login to container registry (docker.io) - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} From 6bad568cc96b38e6bfda62da1136e774b99b562a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 03:49:20 +0000 Subject: [PATCH 19/37] Bump docker/build-push-action from 3 to 5 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/merge-v4.yml | 8 ++++---- .github/workflows/release-v4.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml index 6295e75fb9e..21f96883ee2 100644 --- a/.github/workflows/merge-v4.yml +++ b/.github/workflows/merge-v4.yml @@ -91,7 +91,7 @@ jobs: cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly - name: Build and push(egeria) to quay.io and docker.io (tag latest only for main!) if: ${{ github.ref == 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:latest, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:latest @@ -99,7 +99,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Build and push(egeria) to quay.io and docker.io (no tag latest) if: ${{ github.ref != 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:${{ env.VERSION }} @@ -108,7 +108,7 @@ jobs: # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io (tag latest) if: ${{ github.ref == 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:latest, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:latest @@ -118,7 +118,7 @@ jobs: # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io (no tag latest) if: ${{ github.ref != 'refs/heads/main'}} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:${{ env.VERSION }} diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml index 9424c4b76e3..0eda2e00e40 100644 --- a/.github/workflows/release-v4.yml +++ b/.github/workflows/release-v4.yml @@ -72,7 +72,7 @@ jobs: mkdir -p ./open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly cp -r open-metadata-distribution/open-metadata-assemblies/build/unpacked/egeria-${{ env.VERSION }}-distribution.tar.gz/. open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly - name: Build and push(egeria) to quay.io and docker.io - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria:${{ env.VERSION }}, odpi/egeria:stable, quay.io/odpi/egeria:${{ env.VERSION }}, quay.io/odpi/egeria:stable @@ -80,7 +80,7 @@ jobs: platforms: linux/amd64,linux/arm64 # Publish container images(egeria-configure) to quay.io and docker.io - name: Build and push(egeria-configure) to quay.io and docker.io - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: push: true tags: odpi/egeria-configure:${{ env.VERSION }}, odpi/egeria-configure:stable, quay.io/odpi/egeria-configure:${{ env.VERSION }}, quay.io/odpi/egeria-configure:stable From 606cf56fbc3aae39d1c886b3649d709ea9a9ca63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:14:20 +0000 Subject: [PATCH 20/37] Bump com.google.protobuf:protobuf-java from 3.23.4 to 3.24.3 Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.23.4 to 3.24.3. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.23.4...v3.24.3) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 0cbe955fd40..6c6ef8c29ec 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -106,7 +106,7 @@ ext { antVersion = '1.10.13' jnrVersion = '3.1.18' cassandraVersion = '4.1.2' - protobufVersion = '3.23.4' + protobufVersion = '3.24.3' osgiVersion = '8.0.0' log4jVersion = '2.20.0' jacksonjdk8Version = '2.15.2' From b4a8147b33adb8f1ddf966b61c378b764aab7d31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:58:05 +0000 Subject: [PATCH 21/37] Bump org.apache.ant:ant from 1.10.13 to 1.10.14 Bumps org.apache.ant:ant from 1.10.13 to 1.10.14. --- updated-dependencies: - dependency-name: org.apache.ant:ant dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 6c6ef8c29ec..fe15f204712 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -103,7 +103,7 @@ ext { tomcatVersion = '10.1.10' validationVersion = '2.0.1.Final' gsonVersion = '2.10.1' - antVersion = '1.10.13' + antVersion = '1.10.14' jnrVersion = '3.1.18' cassandraVersion = '4.1.2' protobufVersion = '3.24.3' From 381a941acb71d87104c989913734ec73f4dadccd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:57:50 +0000 Subject: [PATCH 22/37] Bump org.apache.ivy:ivy from 2.5.1 to 2.5.2 Bumps org.apache.ivy:ivy from 2.5.1 to 2.5.2. --- updated-dependencies: - dependency-name: org.apache.ivy:ivy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index fe15f204712..f7c8a83baf9 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -289,7 +289,7 @@ dependencies { //TODO: Remove dependency line below in case the new parent library is updated and pulls good version. api("com.beust:jcommander:1.82") api("org.antlr:antlr4:4.13.0") - api("org.apache.ivy:ivy:2.5.1") + api("org.apache.ivy:ivy:2.5.2") // Add in Egeria's own projects -- not for us, but for our users //subprojects.forEach { subProject -> From af4eab457ad1a5b0463a4911dbd5fad03d009c52 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 18:08:11 +0000 Subject: [PATCH 23/37] Bump io.freefair.aggregate-javadoc from 6.6.3 to 8.3 Bumps io.freefair.aggregate-javadoc from 6.6.3 to 8.3. --- updated-dependencies: - dependency-name: io.freefair.aggregate-javadoc dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- settings.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.gradle b/settings.gradle index b3ce53e0857..520e6d6a26b 100644 --- a/settings.gradle +++ b/settings.gradle @@ -15,7 +15,7 @@ pluginManagement { gradlePluginPortal() } plugins { - id "io.freefair.aggregate-javadoc" version "6.6.3" + id "io.freefair.aggregate-javadoc" version "8.3" id "io.freefair.lombok" version "8.1.0" // Checks for unnecessary dependencies id("com.autonomousapps.dependency-analysis") version "1.24.0" From cdc8c0fded9d92616f78e5acceb1e0985c3c9a32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:57:51 +0000 Subject: [PATCH 24/37] Bump io.freefair.lombok from 8.1.0 to 8.3 Bumps io.freefair.lombok from 8.1.0 to 8.3. --- updated-dependencies: - dependency-name: io.freefair.lombok dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # settings.gradle --- settings.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/settings.gradle b/settings.gradle index 520e6d6a26b..76f3610c3ce 100644 --- a/settings.gradle +++ b/settings.gradle @@ -15,8 +15,8 @@ pluginManagement { gradlePluginPortal() } plugins { - id "io.freefair.aggregate-javadoc" version "8.3" - id "io.freefair.lombok" version "8.1.0" + id "io.freefair.aggregate-javadoc" version "6.6.3" + id "io.freefair.lombok" version "8.3" // Checks for unnecessary dependencies id("com.autonomousapps.dependency-analysis") version "1.24.0" // helps resolve log implementation clashes From 4234339c2a91ca0157f8ffb599262c5b2f36d854 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:57:34 +0000 Subject: [PATCH 25/37] Bump io.lettuce:lettuce-core from 6.2.4.RELEASE to 6.2.6.RELEASE Bumps [io.lettuce:lettuce-core](https://github.com/lettuce-io/lettuce-core) from 6.2.4.RELEASE to 6.2.6.RELEASE. - [Release notes](https://github.com/lettuce-io/lettuce-core/releases) - [Changelog](https://github.com/lettuce-io/lettuce-core/blob/6.2.6.RELEASE/RELEASE-NOTES.md) - [Commits](https://github.com/lettuce-io/lettuce-core/compare/6.2.4.RELEASE...6.2.6.RELEASE) --- updated-dependencies: - dependency-name: io.lettuce:lettuce-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index f7c8a83baf9..e6ae9719b2c 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -70,7 +70,7 @@ ext { kafkaVersion = '3.5.0' lang3Version = '3.12.0' logbackVersion = '1.4.5' - lettuceVersion = '6.2.4.RELEASE' + lettuceVersion = '6.2.6.RELEASE' // TODO: Version 9 now available luceneVersion = '8.11.2' openlineageVersion = '1.2.2' From 500f8a34c050f88fae81bef68a454659a79e0779 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 16:57:37 +0000 Subject: [PATCH 26/37] Bump io.github.classgraph:classgraph from 4.8.160 to 4.8.162 Bumps [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph) from 4.8.160 to 4.8.162. - [Release notes](https://github.com/classgraph/classgraph/releases) - [Commits](https://github.com/classgraph/classgraph/commits/classgraph-4.8.162) --- updated-dependencies: - dependency-name: io.github.classgraph:classgraph dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index e6ae9719b2c..b421abcf195 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -24,7 +24,7 @@ ext { antlrVersion = '3.5.3' ST4Version = '4.3.4' avroVersion = '1.11.3' - classgraphVersion = '4.8.160' + classgraphVersion = '4.8.162' classmateVersion = '1.5.1' collections4Version = '4.4' commonscodecVersion = '1.15' From 6b76e72fe6071c181b23c9c7b3c41852539833c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 14:34:25 +0000 Subject: [PATCH 27/37] Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 Bumps org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-lang3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index b421abcf195..e4e6f5ac591 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -68,7 +68,7 @@ ext { jwtImplVersion = '0.11.5' jwtJacksonVersion = '0.11.5' kafkaVersion = '3.5.0' - lang3Version = '3.12.0' + lang3Version = '3.13.0' logbackVersion = '1.4.5' lettuceVersion = '6.2.6.RELEASE' // TODO: Version 9 now available From d826257c9c0ecdd41d8ee068a9bc9b342aabe48c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 14:30:43 +0000 Subject: [PATCH 28/37] Bump org.apache.cassandra:cassandra-all from 4.1.2 to 4.1.3 Bumps org.apache.cassandra:cassandra-all from 4.1.2 to 4.1.3. --- updated-dependencies: - dependency-name: org.apache.cassandra:cassandra-all dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index e4e6f5ac591..e105eb46c15 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -105,7 +105,7 @@ ext { gsonVersion = '2.10.1' antVersion = '1.10.14' jnrVersion = '3.1.18' - cassandraVersion = '4.1.2' + cassandraVersion = '4.1.3' protobufVersion = '3.24.3' osgiVersion = '8.0.0' log4jVersion = '2.20.0' From cf213bc341958fd9b26be37bf7f873be05cf0007 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 12:41:38 +0000 Subject: [PATCH 29/37] Bump org.gradlex.java-ecosystem-capabilities from 1.3 to 1.3.1 Bumps org.gradlex.java-ecosystem-capabilities from 1.3 to 1.3.1. --- updated-dependencies: - dependency-name: org.gradlex.java-ecosystem-capabilities dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- settings.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.gradle b/settings.gradle index 76f3610c3ce..64750427ef8 100644 --- a/settings.gradle +++ b/settings.gradle @@ -22,7 +22,7 @@ pluginManagement { // helps resolve log implementation clashes id 'dev.jacomet.logging-capabilities' version "0.11.1" // This plugin helps resolve jakarta/javax dev.jacomet.logging-capabilities - id 'org.gradlex.java-ecosystem-capabilities' version "1.3" + id 'org.gradlex.java-ecosystem-capabilities' version "1.3.1" // Docs don't recommend specifying a version for checkstyle id 'checkstyle' id 'org.springframework.boot' version '2.7.16' From 8085f9966715e38e055558c448b83f284b5d8326 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:17:06 +0000 Subject: [PATCH 30/37] Bump org.apache.kafka:kafka-clients from 3.5.0 to 3.5.1 Bumps org.apache.kafka:kafka-clients from 3.5.0 to 3.5.1. --- updated-dependencies: - dependency-name: org.apache.kafka:kafka-clients dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index e105eb46c15..24ef6580d67 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -67,7 +67,7 @@ ext { jwtApiVersion = '0.11.5' jwtImplVersion = '0.11.5' jwtJacksonVersion = '0.11.5' - kafkaVersion = '3.5.0' + kafkaVersion = '3.5.1' lang3Version = '3.13.0' logbackVersion = '1.4.5' lettuceVersion = '6.2.6.RELEASE' From a95e0d220c545a8d615ea618f86819056635ecba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 13:41:50 +0000 Subject: [PATCH 31/37] Bump com.google.guava:guava from 32.0.1-jre to 32.1.2-jre Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.0.1-jre to 32.1.2-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 24ef6580d67..0ced41d69e5 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -41,7 +41,7 @@ ext { gremlinVersion = '3.5.6' // TODO: Version 4 under new package name. 3.0.13 is held to be compat with gradle tests (fvt) groovyVersion = '3.0.15' - guavaVersion = '32.0.1-jre' + guavaVersion = '32.1.2-jre' hamcrestVersion = '2.2' hdrhistogramVersion = '2.1.12' hibernatevalidatorVersion = '8.0.1.Final' From f8f2638ce7573ec34e8f681be60db7a8077fb06d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 12:30:07 +0000 Subject: [PATCH 32/37] Bump junitjupiterVersion from 5.9.3 to 5.10.0 Bumps `junitjupiterVersion` from 5.9.3 to 5.10.0. Updates `org.junit.jupiter:junit-jupiter` from 5.9.3 to 5.10.0 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.9.3...r5.10.0) Updates `org.junit.jupiter:junit-jupiter-api` from 5.9.3 to 5.10.0 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.9.3...r5.10.0) Updates `org.junit.jupiter:junit-jupiter-engine` from 5.9.3 to 5.10.0 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.9.3...r5.10.0) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.junit.jupiter:junit-jupiter-api dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- .../open-lineage-janus-connector/build.gradle | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bom/build.gradle b/bom/build.gradle index 0ced41d69e5..58ef84c7e57 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -61,7 +61,7 @@ ext { jodatimeVersion = '2.12.5' jsonldVersion = '0.13.4' junitVersion = '4.13.2' - junitjupiterVersion = '5.9.3' + junitjupiterVersion = '5.10.0' junitplatformVersion = '1.9.2' jwtVersion = '9.35' jwtApiVersion = '0.11.5' diff --git a/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle b/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle index 8ffee5d83da..584b24c5c6e 100644 --- a/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle +++ b/open-metadata-implementation/adapters/open-connectors/governance-daemon-connectors/open-lineage-connectors/open-lineage-janus-connector/build.gradle @@ -58,8 +58,8 @@ filter { includeEngines 'junit-jupiter' } dependencies { - testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.9.3' - testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.3' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.0' + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0' } testLogging { From 8ef90ef744f92739f639b0776556069d0e2cfcdb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Jul 2023 12:08:57 +0000 Subject: [PATCH 33/37] Bump github/codeql-action from 2.20.1 to 2.21.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.20.1...v2.21.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- .github/workflows/codeql-v4.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml index 745ab599df5..14baabdad36 100644 --- a/.github/workflows/codeql-v4.yml +++ b/.github/workflows/codeql-v4.yml @@ -38,7 +38,7 @@ jobs: java-version: '17' # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2.20.1 + uses: github/codeql-action/init@v2.21.0 with: languages: java queries: security-and-quality @@ -51,6 +51,6 @@ jobs: cache-disabled: true arguments: -x javadoc -x test build -PskipOpenTypesFVT - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2.20.1 + uses: github/codeql-action/analyze@v2.21.0 with: ram: 4096 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3497c2d8188..65fe3ac8eae 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v2.20.1 # tag=v1.0.26 + uses: github/codeql-action/upload-sarif@v2.21.0 # tag=v1.0.26 with: sarif_file: results.sarif From 6dded20c318b3ba5f598841e766728b7e251adbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 19:38:19 +0000 Subject: [PATCH 34/37] Bump com.datastax.oss:java-driver-core from 4.15.0 to 4.16.0 Bumps [com.datastax.oss:java-driver-core](https://github.com/datastax/java-driver) from 4.15.0 to 4.16.0. - [Release notes](https://github.com/datastax/java-driver/releases) - [Commits](https://github.com/datastax/java-driver/compare/4.15.0...4.16.0) --- updated-dependencies: - dependency-name: com.datastax.oss:java-driver-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski # Conflicts: # bom/build.gradle --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index 58ef84c7e57..e67f899ab09 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -74,7 +74,7 @@ ext { // TODO: Version 9 now available luceneVersion = '8.11.2' openlineageVersion = '1.2.2' - ossVersion = '4.15.0' + ossVersion = '4.16.0' // TODO: Held as data engine breaks mockitoVersion = '4.11.0' plexusVersion = '4.0.0' From a1360433b26b5f331c5e305f800c5840bdbdda40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jul 2023 09:24:07 +0000 Subject: [PATCH 35/37] Bump commons-codec:commons-codec from 1.15 to 1.16.0 Bumps [commons-codec:commons-codec](https://github.com/apache/commons-codec) from 1.15 to 1.16.0. - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-codec/compare/rel/commons-codec-1.15...rel/commons-codec-1.16.0) --- updated-dependencies: - dependency-name: commons-codec:commons-codec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index e67f899ab09..ac59d6091bc 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -27,7 +27,7 @@ ext { classgraphVersion = '4.8.162' classmateVersion = '1.5.1' collections4Version = '4.4' - commonscodecVersion = '1.15' + commonscodecVersion = '1.16.0' commonsconfiguration2Version = '2.9.0' commonsconfigurationVersion = '1.10' commonsioVersion = '2.13.0' From 3896843d1416bcaf33cf6e913317cceb997e943f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 03:56:42 +0000 Subject: [PATCH 36/37] Bump lycheeverse/lychee-action from 1.7.0 to 1.8.0 Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: lycheeverse/lychee-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Ljupcho Palashevski From 996842584f1b8d45624120bd97831f581ef17168 Mon Sep 17 00:00:00 2001 From: Ljupcho Palashevski Date: Tue, 3 Oct 2023 15:38:28 +0200 Subject: [PATCH 37/37] bump tomcat version to 10.1.13 for spring compatibility Signed-off-by: Ljupcho Palashevski --- bom/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/build.gradle b/bom/build.gradle index ac59d6091bc..93c29ca8d02 100644 --- a/bom/build.gradle +++ b/bom/build.gradle @@ -100,7 +100,7 @@ ext { thriftVersion = '0.19.0' springwebVersion = '6.0.6' tinkVersion = '1.11.0' - tomcatVersion = '10.1.10' + tomcatVersion = '10.1.13' validationVersion = '2.0.1.Final' gsonVersion = '2.10.1' antVersion = '1.10.14'