-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot aggregate updates 2023-07-20 #7795
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [net.openhft:chronicle-bom](https://github.com/OpenHFT/OpenHFT) from 2.24ea55 to 2.24ea71. - [Release notes](https://github.com/OpenHFT/OpenHFT/releases) - [Commits](https://github.com/OpenHFT/OpenHFT/commits) --- updated-dependencies: - dependency-name: net.openhft:chronicle-bom dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.11.0 to 1.11.2. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.11.0...v1.11.2) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-prometheus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) from 1.1.9.1 to 1.1.10.2. - [Release notes](https://github.com/xerial/snappy-java/releases) - [Commits](xerial/snappy-java@v1.1.9.1...v1.1.10.2) --- updated-dependencies: - dependency-name: org.xerial.snappy:snappy-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.23.0 to 3.23.4. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v3.23.0...v3.23.4) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps io.freefair.aggregate-javadoc from 6.6.3 to 8.1.0. --- updated-dependencies: - dependency-name: io.freefair.aggregate-javadoc dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.openlineage:openlineage-java](https://github.com/OpenLineage/OpenLineage) from 0.28.0 to 0.29.2. - [Release notes](https://github.com/OpenLineage/OpenLineage/releases) - [Changelog](https://github.com/OpenLineage/OpenLineage/blob/main/CHANGELOG.md) - [Commits](OpenLineage/OpenLineage@0.28.0...0.29.2) --- updated-dependencies: - dependency-name: io.openlineage:openlineage-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.google.guava:guava](https://github.com/google/guava) from 31.1-jre to 32.1.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps io.freefair.lombok from 8.0.1 to 8.1.0. --- updated-dependencies: - dependency-name: io.freefair.lombok dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]> # Conflicts: # settings.gradle
Bumps org.hibernate:hibernate-validator from 8.0.0.Final to 8.0.1.Final. --- updated-dependencies: - dependency-name: org.hibernate:hibernate-validator dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [com.github.jnr:jnr-posix](https://github.com/jnr/jnr-posix) from 3.1.16 to 3.1.17. - [Commits](jnr/jnr-posix@jnr-posix-3.1.16...jnr-posix-3.1.17) --- updated-dependencies: - dependency-name: com.github.jnr:jnr-posix dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@80e868c...08b4669) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 2.20.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1.0.26...v2.20.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3...v3.1.2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps library/alpine from 3.18.0 to 3.18.2. --- updated-dependencies: - dependency-name: library/alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps the spring group with 16 updates: org.springframework.boot, [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-validation](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-actuator](https://github.com/spring-projects/spring-boot), [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot), [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-ldap](https://github.com/spring-projects/spring-security), [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) and [org.springframework.security:spring-security-oauth2-jose](https://github.com/spring-projects/spring-security). Updates `org.springframework.boot` from 2.7.11 to 2.7.13 Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-web` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-validation` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-test` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-test` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-security` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.0.6 to 3.1.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.0.6...v3.1.1) Updates `org.springframework.security:spring-security-config` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-core` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-ldap` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-web` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) Updates `org.springframework.security:spring-security-oauth2-jose` from 6.0.3 to 6.1.1 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](spring-projects/spring-security@6.0.3...6.1.1) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-autoconfigure dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-web dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-validation dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-test dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-security dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-data-redis dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-actuator dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-ldap dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.springframework.security:spring-security-oauth2-jose dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]> # Conflicts: # bom/build.gradle
Bumps commons-io:commons-io from 2.11.0 to 2.13.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps org.apache.cassandra:cassandra-all from 4.1.1 to 4.1.2. --- updated-dependencies: - dependency-name: org.apache.cassandra:cassandra-all dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]> # Conflicts: # bom/build.gradle
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.26 to 1.18.28. - [Release notes](https://github.com/projectlombok/lombok/releases) - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.26...v1.18.28) --- updated-dependencies: - dependency-name: org.projectlombok:lombok dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph) from 4.8.158 to 4.8.160. - [Release notes](https://github.com/classgraph/classgraph/releases) - [Commits](classgraph/classgraph@classgraph-4.8.158...classgraph-4.8.160) --- updated-dependencies: - dependency-name: io.github.classgraph:classgraph dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.testng:testng](https://github.com/testng-team/testng) from 7.7.1 to 7.8.0. - [Release notes](https://github.com/testng-team/testng/releases) - [Changelog](https://github.com/testng-team/testng/blob/master/CHANGES.txt) - [Commits](testng-team/testng@7.7.1...7.8.0) --- updated-dependencies: - dependency-name: org.testng:testng dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.antlr:antlr4](https://github.com/antlr/antlr4) from 4.12.0 to 4.13.0. - [Release notes](https://github.com/antlr/antlr4/releases) - [Changelog](https://github.com/antlr/antlr4/blob/master/doc/go-changes.md) - [Commits](antlr/antlr4@4.12.0...4.13.0) --- updated-dependencies: - dependency-name: org.antlr:antlr4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.5.1 to 4.0.0. - [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases) - [Commits](codehaus-plexus/plexus-utils@plexus-utils-3.5.1...plexus-utils-4.0.0) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-utils dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]> # Conflicts: # bom/build.gradle
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](lycheeverse/lychee-action@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: lycheeverse/lychee-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ljupcho Palashevski <[email protected]>
Signed-off-by: Ljupcho Palashevski <[email protected]>
Sonatype Lift is retiringSonatype Lift will be retiring on Sep 12, 2023, with its analysis stopping on Aug 12, 2023. We understand that this news may come as a disappointment, and Sonatype is committed to helping you transition off it seamlessly. If you’d like to retain your data, please export your issues from the web console. |
Signed-off-by: Ljupcho Palashevski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See list of dependency update commits for more details.
com.google.guava:guava:32.1.1-jre causes build error
Quick investigation shows that most probably there are problems related to metadata published for this release causing version resolution conflicts. To solve this we need to introduce custom exclusions / restrictions to satisfy some legacy capability requirements brought by transitive dependencies such as org.apache.cassandra:cassandra-all:4.1.2 and org.janusgraph:janusgraph-driver:0.6.3
Instead using com.google.guava:guava:32.0.1-jre
Since we are waiting on major JanusGraph release, I've decided not to chase this further (already spent significant time) and fix it by going back to recent version 32.0.1-jre
that works in combination with JanusGaraph and does not have vulnerabilities.