Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot aggregate updates 2023-07-20 #7795

Merged
merged 26 commits into from
Jul 21, 2023

Conversation

lpalashevski
Copy link
Contributor

@lpalashevski lpalashevski commented Jul 20, 2023

See list of dependency update commits for more details.

com.google.guava:guava:32.1.1-jre causes build error

* What went wrong:
Could not determine the dependencies of task ':open-metadata-implementation:adapters:open-connectors:repository-services-connectors:open-metadata-collection-store-connectors:graph-repository-connector:fatJar'.
> Could not resolve all dependencies for configuration ':open-metadata-implementation:adapters:open-connectors:repository-services-connectors:open-metadata-collection-store-connectors:graph-repository-connector:runtimeClasspath'.
   > There was an error while evaluating a component metadata rule for com.google.guava:guava:32.1.1-jre.
      > Cannot add capability com.google.collections:google-collections with version 32.1.1 because it's already defined with version 32.1.1-jre

Quick investigation shows that most probably there are problems related to metadata published for this release causing version resolution conflicts. To solve this we need to introduce custom exclusions / restrictions to satisfy some legacy capability requirements brought by transitive dependencies such as org.apache.cassandra:cassandra-all:4.1.2 and org.janusgraph:janusgraph-driver:0.6.3

Instead using com.google.guava:guava:32.0.1-jre

Since we are waiting on major JanusGraph release, I've decided not to chase this further (already spent significant time) and fix it by going back to recent version 32.0.1-jre
that works in combination with JanusGaraph and does not have vulnerabilities.

dependabot bot and others added 25 commits July 20, 2023 18:29
Bumps [net.openhft:chronicle-bom](https://github.com/OpenHFT/OpenHFT) from 2.24ea55 to 2.24ea71.
- [Release notes](https://github.com/OpenHFT/OpenHFT/releases)
- [Commits](https://github.com/OpenHFT/OpenHFT/commits)

---
updated-dependencies:
- dependency-name: net.openhft:chronicle-bom
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.11.0 to 1.11.2.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](micrometer-metrics/micrometer@v1.11.0...v1.11.2)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-registry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.9.1 to 1.1.10.2.
- [Release notes](https://github.com/xerial/snappy-java/releases)
- [Commits](xerial/snappy-java@v1.1.9.1...v1.1.10.2)

---
updated-dependencies:
- dependency-name: org.xerial.snappy:snappy-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.23.0 to 3.23.4.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](protocolbuffers/protobuf@v3.23.0...v3.23.4)

---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps io.freefair.aggregate-javadoc from 6.6.3 to 8.1.0.

---
updated-dependencies:
- dependency-name: io.freefair.aggregate-javadoc
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.openlineage:openlineage-java](https://github.com/OpenLineage/OpenLineage) from 0.28.0 to 0.29.2.
- [Release notes](https://github.com/OpenLineage/OpenLineage/releases)
- [Changelog](https://github.com/OpenLineage/OpenLineage/blob/main/CHANGELOG.md)
- [Commits](OpenLineage/OpenLineage@0.28.0...0.29.2)

---
updated-dependencies:
- dependency-name: io.openlineage:openlineage-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.google.guava:guava](https://github.com/google/guava) from 31.1-jre to 32.1.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps io.freefair.lombok from 8.0.1 to 8.1.0.

---
updated-dependencies:
- dependency-name: io.freefair.lombok
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>

# Conflicts:
#	settings.gradle
Bumps org.hibernate:hibernate-validator from 8.0.0.Final to 8.0.1.Final.

---
updated-dependencies:
- dependency-name: org.hibernate:hibernate-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.github.jnr:jnr-posix](https://github.com/jnr/jnr-posix) from 3.1.16 to 3.1.17.
- [Commits](jnr/jnr-posix@jnr-posix-3.1.16...jnr-posix-3.1.17)

---
updated-dependencies:
- dependency-name: com.github.jnr:jnr-posix
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@80e868c...08b4669)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v3.5.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1.0.26...v2.20.1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v3...v3.1.2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps library/alpine from 3.18.0 to 3.18.2.

---
updated-dependencies:
- dependency-name: library/alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps the spring group with 16 updates: org.springframework.boot, [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-validation](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-actuator](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot), [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-ldap](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) and [org.springframework.security:spring-security-oauth2-jose](https://github.com/spring-projects/spring-security).

Updates `org.springframework.boot` from 2.7.11 to 2.7.13

Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-web` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-validation` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-test` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-test` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-security` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1)

Updates `org.springframework.security:spring-security-config` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.0.3...6.1.1)

Updates `org.springframework.security:spring-security-core` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.0.3...6.1.1)

Updates `org.springframework.security:spring-security-ldap` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.0.3...6.1.1)

Updates `org.springframework.security:spring-security-web` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.0.3...6.1.1)

Updates `org.springframework.security:spring-security-oauth2-jose` from 6.0.3 to 6.1.1
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.0.3...6.1.1)

---
updated-dependencies:
- dependency-name: org.springframework.boot
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-web
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-validation
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-security
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-data-redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-actuator
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.security:spring-security-config
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.security:spring-security-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.security:spring-security-ldap
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.security:spring-security-web
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.springframework.security:spring-security-oauth2-jose
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>

# Conflicts:
#	bom/build.gradle
Bumps commons-io:commons-io from 2.11.0 to 2.13.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps org.apache.cassandra:cassandra-all from 4.1.1 to 4.1.2.

---
updated-dependencies:
- dependency-name: org.apache.cassandra:cassandra-all
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>

# Conflicts:
#	bom/build.gradle
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.26 to 1.18.28.
- [Release notes](https://github.com/projectlombok/lombok/releases)
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.26...v1.18.28)

---
updated-dependencies:
- dependency-name: org.projectlombok:lombok
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph) from 4.8.158 to 4.8.160.
- [Release notes](https://github.com/classgraph/classgraph/releases)
- [Commits](classgraph/classgraph@classgraph-4.8.158...classgraph-4.8.160)

---
updated-dependencies:
- dependency-name: io.github.classgraph:classgraph
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.testng:testng](https://github.com/testng-team/testng) from 7.7.1 to 7.8.0.
- [Release notes](https://github.com/testng-team/testng/releases)
- [Changelog](https://github.com/testng-team/testng/blob/master/CHANGES.txt)
- [Commits](testng-team/testng@7.7.1...7.8.0)

---
updated-dependencies:
- dependency-name: org.testng:testng
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.antlr:antlr4](https://github.com/antlr/antlr4) from 4.12.0 to 4.13.0.
- [Release notes](https://github.com/antlr/antlr4/releases)
- [Changelog](https://github.com/antlr/antlr4/blob/master/doc/go-changes.md)
- [Commits](antlr/antlr4@4.12.0...4.13.0)

---
updated-dependencies:
- dependency-name: org.antlr:antlr4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)
- [Commits](codehaus-plexus/plexus-utils@plexus-utils-3.5.1...plexus-utils-4.0.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-utils
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>

# Conflicts:
#	bom/build.gradle
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
@sonatype-lift
Copy link
Contributor

sonatype-lift bot commented Jul 20, 2023

Sonatype Lift is retiring

Sonatype Lift will be retiring on Sep 12, 2023, with its analysis stopping on Aug 12, 2023. We understand that this news may come as a disappointment, and Sonatype is committed to helping you transition off it seamlessly. If you’d like to retain your data, please export your issues from the web console.
We are extremely grateful and thank you for your support over the years.

📖 Read about the impacts and timeline

Signed-off-by: Ljupcho Palashevski <[email protected]>
@lpalashevski lpalashevski self-assigned this Jul 21, 2023
@lpalashevski lpalashevski merged commit f66566d into odpi:main Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant