dependency updates

.github/actions/run-gradle/action.yml

@@ -53,7 +53,7 @@ runs:
         website: jdk.java.net
         version: latest
     - name: Set up GraalVM
-      uses: graalvm/setup-graalvm@2f25c0caae5b220866f732832d5e3e29ff493338 # v1.2.1
+      uses: graalvm/setup-graalvm@2911b2304bee2c2f59b9a67bf45f025a6b6de4b1 # v1.2.2
       if: inputs.java == 'GraalVM'
       with:
         distribution: 'graalvm'
@@ -79,7 +79,7 @@ runs:
         distribution: temurin
     - name: Setup Gradle
       id: setup-gradle
-      uses: gradle/actions/setup-gradle@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+      uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
       env:
         JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }}
         ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false'

.github/workflows/actionlint.yml

@@ -16,7 +16,7 @@ jobs:
             github.com:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: actionlint
-        uses: reviewdog/action-actionlint@52819f5f70db72e17c2fadecd44a791ae4459276 # v1.49.0
+        uses: reviewdog/action-actionlint@afad3b6ab835e5611bda8c8193377e2d5c21413d # v1.51.0
         env:
           SHELLCHECK_OPTS: -e SC2001 -e SC2035 -e SC2046 -e SC2061 -e SC2086 -e SC2156
         with:

.github/workflows/codacy.yml

@@ -47,7 +47,7 @@ jobs:
         if: steps.check_files.outputs.files_exists == 'true'
         run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         if: steps.check_files.outputs.files_exists == 'true'
         continue-on-error: true
         with:

.github/workflows/codeql.yml

@@ -57,10 +57,10 @@ jobs:
           java: ${{ env.JAVA_VERSION }}
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           languages: java
       - name: Autobuild
-        uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11

.github/workflows/dependency-check.yml

@@ -17,6 +17,9 @@ jobs:
       actions: read
       contents: read
       security-events: write
+    if: >
+      github.actor != 'dependabot[bot]'
+      && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -57,7 +60,7 @@ jobs:
         with:
           files: build/reports/dependency-check-report.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         if: steps.check_files.outputs.files_exists == 'true'
         with:
           sarif_file: build/reports/dependency-check-report.sarif

.github/workflows/dependency-submission-pr-retreive.yml

@@ -35,6 +35,6 @@ jobs:
             repo1.maven.org:443
             services.gradle.org:443
       - name: Retrieve and submit dependency graph
-        uses: gradle/actions/dependency-submission@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+        uses: gradle/actions/dependency-submission@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
         with:
           dependency-graph: download-and-submit

.github/workflows/dependency-submission-pr-submit.yml

@@ -38,7 +38,7 @@ jobs:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: temurin
       - name: Submit Dependency Graph
-        uses: gradle/actions/dependency-submission@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+        uses: gradle/actions/dependency-submission@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
         with:
           cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
           dependency-graph: generate-and-upload

.github/workflows/dependency-submission.yml

@@ -38,6 +38,6 @@ jobs:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: temurin
       - name: Submit Dependency Graph
-        uses: gradle/actions/dependency-submission@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+        uses: gradle/actions/dependency-submission@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
         with:
           cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

.github/workflows/devskim.yml

@@ -31,6 +31,6 @@ jobs:
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: devskim-results.sarif

.github/workflows/examples.yml

@@ -39,7 +39,7 @@ jobs:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: temurin
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+        uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
         with:
           add-job-summary: never
           cache-read-only: false

.github/workflows/gradle-wrapper-validation.yml

@@ -18,4 +18,4 @@ jobs:
             github.com:443
             services.gradle.org:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: gradle/actions/wrapper-validation@31ae3562f68c96d481c31bc1a8a55cc1be162f83 # v3.4.1
+      - uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2

.github/workflows/qodana.yml

@@ -62,12 +62,12 @@ jobs:
           java: ${{ env.JAVA_VERSION }}
           arguments: build -x test
       - name: Qodana - Code Inspection
-        uses: JetBrains/qodana-action@32840fdb87f8dd110e0a6b09323c7142b667b25d # v2024.1.5
+        uses: JetBrains/qodana-action@c96b39a84dea25f2a24b38a3f6e89903306d5e2a # v2024.1.8
         env:
           QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
         with:
           upload-result: true
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

.github/workflows/scorecards-analysis.yml

@@ -57,6 +57,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: results.sarif

.github/workflows/semgrep.yml

@@ -34,7 +34,7 @@ jobs:
         if: steps.check_files.outputs.files_exists == 'true'
         run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         if: steps.check_files.outputs.files_exists == 'true'
         continue-on-error: true
         with:

.github/workflows/snyk.yml

@@ -6,6 +6,7 @@ permissions: read-all
 
 env:
   DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+  JAVA_VERSION: 21
 
 jobs:
   snyk:
@@ -14,53 +15,39 @@ jobs:
       actions: read
       contents: read
       security-events: write
+    container:
+      # Incompatible with Harden Runner
+      image: snyk/snyk:gradle-jdk21
+      env:
+        SNYK_INTEGRATION_VERSION: gradle-jdk21
+        SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
+        FORCE_COLOR: 2
     if: github.event.repository.fork == false
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Setup Gradle
+        uses: ./.github/actions/run-gradle
         with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.adoptium.net:443
-            api.foojay.io
-            api.github.com:443
-            api.snyk.io:443
-            caffeine.gradle-enterprise.cloud:443
-            downloads.gradle.org:443
-            downloads.gradle-dn.com:443
-            github.com:443
-            jcenter.bintray.com:443
-            objects.githubusercontent.com:443
-            plugins.gradle.org:443
-            plugins-artifacts.gradle.org:443
-            repo.maven.apache.org:443
-            repo1.maven.org:443
-            services.gradle.org:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+          java: ${{ env.JAVA_VERSION }}
+          token: ${{ secrets.GITHUB_TOKEN }}
       - name: Run Snyk test
-        uses: snyk/actions/gradle-jdk17@master
-        continue-on-error: true
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: test
-          args: --sarif-file-output=snyk.sarif --all-sub-projects -- --no-configuration-cache
+        continue-on-error: true
+        run: snyk test --sarif-file-output=snyk.sarif --all-sub-projects -- --no-configuration-cache
       - name: Check file existence
         id: check_files
         uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
         with:
           files: snyk.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         if: steps.check_files.outputs.files_exists == 'true'
         with:
           sarif_file: snyk.sarif
       - name: Run Snyk monitor
-        uses: snyk/actions/gradle-jdk17@master
-        continue-on-error: true
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: monitor
-          args: --all-sub-projects -- --no-configuration-cache
+        continue-on-error: true
+        run: snyk monitor --all-sub-projects -- --no-configuration-cache

.github/workflows/spelling.yml

@@ -16,7 +16,7 @@ jobs:
             github.com:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Misspell
-        uses: reviewdog/action-misspell@8cd4a880dd86b1b175092c18c23cdec31283d654 # v1.19.0
+        uses: reviewdog/action-misspell@30433ca7be17888deb78a32521706fb65defbf3f # v1.21.0
         with:
           reporter: github-check
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -34,4 +34,4 @@ jobs:
             objects.githubusercontent.com:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Typos
-        uses: crate-ci/typos@cfe759ac8dd421e203cc293a373396fbc6fe0d4b # v1.22.7
+        uses: crate-ci/typos@c16dc8f5b4a7ad6211464ecf136c69c851e8e83c # v1.22.9

.github/workflows/trivy.yml

@@ -23,12 +23,12 @@ jobs:
             pkg-containers.githubusercontent.com:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
         with:
           scan-type: fs
           format: sarif
           output: trivy-results.sarif
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
             sarif_file: trivy-results.sarif

caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/CacheContextSubject.java

@@ -25,8 +25,6 @@
 import static com.google.common.collect.ImmutableListMultimap.toImmutableListMultimap;
 import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static com.google.common.collect.ImmutableMultiset.toImmutableMultiset;
-import static com.google.common.truth.OptionalLongSubject.optionalLongs;
-import static com.google.common.truth.StreamSubject.streams;
 import static com.google.common.truth.Truth.assertAbout;
 import static java.util.Objects.requireNonNull;
 import static java.util.concurrent.TimeUnit.NANOSECONDS;
@@ -83,8 +81,7 @@ public static CacheContextSubject assertThat(CacheContext actual) {
   public void hasWeightedSize(long expectedSize) {
     checkArgument(expectedSize >= 0, "expectedSize (%s) must be >= 0", expectedSize);
     actual.cache().policy().eviction().ifPresentOrElse(policy -> {
-      check("weightedSize()").about(optionalLongs())
-          .that(policy.weightedSize()).hasValue(expectedSize);
+      check("weightedSize()").that(policy.weightedSize()).hasValue(expectedSize);
     }, () -> {
       long weight = actual.cache().asMap().entrySet().stream()
           .mapToLong(entry -> actual.weigher().weigh(entry.getKey(), entry.getValue()))
@@ -97,7 +94,7 @@ public void hasWeightedSize(long expectedSize) {
   public void hasWeightedSizeLessThan(long other) {
     checkArgument(other >= 0, "other (%s) must be >= 0", other);
     actual.cache().policy().eviction().ifPresentOrElse(policy -> {
-      check("weightedSize()").about(optionalLongs()).that(policy.weightedSize()).isPresent();
+      check("weightedSize()").that(policy.weightedSize()).isPresent();
       check("weightedSize()").that(policy.weightedSize().orElseThrow()).isLessThan(other);
     }, () -> {
       long weight = actual.cache().asMap().entrySet().stream()
@@ -320,14 +317,14 @@ public void hasSize(long expectedSize) {
     public void containsExactlyValues(Object... values) {
       awaitUntil((type, listener) -> {
         var stream = listener.removed().stream().map(RemovalNotification::getValue);
-        check(type).about(streams()).that(stream).containsExactly(values);
+        check(type).that(stream).containsExactly(values);
       });
     }
 
     public void hasNoEvictions() {
       awaitUntil((type, listener) -> {
         var stream = listener.removed().stream().filter(entry -> entry.getCause().wasEvicted());
-        check(type).about(streams()).that(stream).isEmpty();
+        check(type).that(stream).isEmpty();
       });
     }
 

caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/GuavaCacheFromContext.java

@@ -173,7 +173,7 @@ public V get(K key, Function<? super K, ? extends V> mappingFunction) {
         return cache.get(key, () -> {
           V value = mappingFunction.apply(key);
           if (value == null) {
-            throw new CacheMissException();
+            throw CacheMissException.INSTANCE;
           }
           return value;
         });
@@ -639,7 +639,7 @@ public V load(K key) throws Exception {
         error.set(null);
         V value = delegate.load(key);
         if (value == null) {
-          throw new CacheMissException();
+          throw CacheMissException.INSTANCE;
         }
         return value;
       } catch (Exception e) {
@@ -707,6 +707,11 @@ public GuavaCacheEntry(K key, V value, long snapshot) {
   }
 
   static final class CacheMissException extends RuntimeException {
+    private static final CacheMissException INSTANCE = new CacheMissException();
     private static final long serialVersionUID = 1L;
+
+    CacheMissException() {
+      super(null, null, /* enableSuppression */ false, /* writableStackTrace */ false);
+    }
   }
 }

examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml

@@ -2,7 +2,7 @@
 caffeine = "3.1.8"
 junit = "5.11.0-M2"
 reactor = "3.6.7"
-truth = "1.4.2"
+truth = "1.4.3"
 versions = "0.51.0"
 
 [libraries]

examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties

@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-rc-1-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

examples/coalescing-bulkloader-reactor/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
   id("com.gradle.develocity") version "3.17.5"
-  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
+  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
 

examples/coalescing-bulkloader-reactor/src/test/java/com/github/benmanes/caffeine/examples/coalescing/bulkloader/CoalescingBulkLoaderTest.java

@@ -84,7 +84,7 @@ public void maxSize() {
     }
 
     results.forEach((key, future) -> assertThat(future.join()).isEqualTo(-key));
-    batchSizes.forEach(batchSize-> assertThat(batchSize).isAtMost(maxSize));
+    batchSizes.forEach(batchSize -> assertThat(batchSize).isAtMost(maxSize));
     assertThat(batchSizes).hasSize(requests / maxSize);
 
     long delay = TimeUnit.NANOSECONDS.toMillis(end.get() - start);

examples/graal-native/gradle/libs.versions.toml

@@ -2,7 +2,7 @@
 caffeine = "3.1.8"
 graal = "0.10.2"
 junit = "5.11.0-M2"
-truth = "1.4.2"
+truth = "1.4.3"
 versions = "0.51.0"
 
 [libraries]

examples/graal-native/gradle/wrapper/gradle-wrapper.properties

@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-rc-1-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

examples/graal-native/settings.gradle.kts

@@ -6,7 +6,7 @@ pluginManagement {
 }
 plugins {
   id("com.gradle.develocity") version "3.17.5"
-  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
+  id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
 

examples/hibernate/gradle/libs.versions.toml

@@ -5,7 +5,7 @@ hibernate = "6.5.2.Final"
 junit = "5.11.0-M2"
 log4j2 = "3.0.0-beta2"
 slf4j = "2.0.7"
-truth = "1.4.2"
+truth = "1.4.3"
 versions = "0.51.0"
 
 [libraries]